• Issues with Windows Security Center, Windows 11 Pro 21H2.

    Home » Forums » AskWoody support » Windows » Windows 11 » Windows 11 version 21H2 – Original release » Issues with Windows Security Center, Windows 11 Pro 21H2.

    • This topic has 6 replies, 3 voices, and was last updated 6 months ago.
    Author
    Topic
    #2544375

    Hello. I’m new here, so I apologize in advance for any mistakes I might make whilst writing this. And I also apologize for the length of this post.

    I have an issue with Windows Security Center. At 11 AM today, I heard a ding sound signaling that a device was inserted into my PC. I’d assumed it was malware, since I didnt connect any device at all. So, I checked the Windows Defender icon in the pop put panel, and sure enough, the icon showed the caution symbol signaling that Windows Defender has actions I need to check.

    When I entered, it stated that part of the Core Isolation protection was turned off. I felt panicked and nervous, since this has never happened to me before. I turned it back on, and now it told me it needed to restart to enable it. I did so, and yet the yellow icon still was there. (It was the Local Security Authority protection)

    I re-entered, and when I checked again, what I saw confused me greatly.

    It had remained enabled, but Windows still warned that it was turned off. I dismissed the warning, and rechecked the icon. It was green, no issues. However, I noticed that Memory access protection was disabled. I renabled it, and now it says that a restart is required. I then thought, “No problem, right?”

    As it turns out, people on the Windows 11 Reddit have been reporting that the latest Windows Defender update (KB5023286, Version 1000.25305.0.1000) has been causing issues, ranging from UI color changes, to LSA or TPM disabling itself, refusing to open, etc. Sounds similar to my issue, albeit in a worse form.

    They fixed it by adding two Registry keys, (But I don’t think I need that drastic of a fix just yet) but I have a problem concerning the new update. I told Windows Defender to check for updates, (because I was going to run a scan, but I halted myself, due to the above information.) and it installed the same one. I did so before I heard the above information, so now I’m in possession of a dilemma: Should I restart and hope for the best, restart and roll back the update, or should I avoid turning off my PC?

    I have not installed any updates since March 1st, (I use WUSOHide to hide updates and GPEdit to use the setting of “Notify, but don’t download or install”) but I’ve heard rumors that Defender updated in the background.

    My PC is still on, so now I have to make a decision. So my question is this: What should I do? Should I restart and go on, restart and roll back, or avoid shutting down?

    I will be grateful for any advice or aid anyone can give me, and I hope not to waste the community’s time.

     

    Viewing 1 reply thread
    Author
    Replies
    • #2544385

      It’s becoming common (apart from the ding), and is confusing, but you have no need to panic. You can update and scan if you wish, but a restart may not correct the LSA protection warning which appears to be a bug.

      Windows 11 Pro version 22H2 build 22621.2359 + Microsoft 365 + Edge

      1 user thanked author for this post.
      • #2544389

        Thank you for the advice. I restarted. I’ll check in one minute to see if the icon is green, and if the Security Center looks odd, or crashes in any way. I’ll consider it a victory if the center does not crash, all protections are enabled, and if the icon is green.

        I’ll roll back the update if I notice any issues.

        Thank you for your help, and have an excellent day.

        (Notice: I checked it out. And here’s what I saw: Icon is green, Memory Access Protection is still disabled and informing me I need to restart when I just already did, Windows Security center works/looks just fine. 2/3 points is good enough. I’ll look for a solution to the Memory protection error. Also, I did a full scan, no threats were detected.)

        1 user thanked author for this post.
        b
    • #2545442


      Automatic enablement of Audit mode

      Audit mode for additional LSA protection is enabled by default on devices running Windows 11, 22H2. If your device is running this build, no additional actions are needed to audit additional LSA protection.

      Configuring Additional LSA Protection [Microsoft Learn]

      But:

      Windows 11 users report seeing widespread Windows Security warnings that Local Security Authority (LSA) Protection has been disabled even though it shows as being toggled on.

      While Windows users report that this issue is caused by the recently released KB5023706 Windows 11 22H2 cumulative update, this has been happening since at least January 15.

      The “Local Security Authority protection is off. Your device may be vulnerable.” warnings show up even though LSA Protection is enabled in Windows Security > Device security > Core isolation details.

      “There is a technical glitch with this feature, if you have successfully turned on this feature and you are being prompted to restart, kindly note that the feature is ON irrespective of the message as this is a technical glitch that we are aware of and we are working to resolve that issue soonest,” Microsoft Technical support representative reportedly told one of the affected users.

      How to remove the LSA Protection alerts

      Until Microsoft rolls out a fix for this Windows 11 Local Security Authority glitch, you have to add two new DWORD registry entries and set them to ‘2’ to ensure that the LSA Protection feature is automatically enabled after the next restart, and the faulty warnings will no longer be shown.

      The procedure requires you to go through these steps:

      Open the Registry Editor and go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
      Add new RunAsPPL and RunAsPPLBoot DWORD entries and set them to 2.
      Restart the system.

      Windows 11 bug warns Local Security Authority protection is off
      [BleepingComputer.com; March 20, 2023]

      Windows 11 Pro version 22H2 build 22621.2359 + Microsoft 365 + Edge

    Viewing 1 reply thread
    Reply To: Issues with Windows Security Center, Windows 11 Pro 21H2.

    You can use BBCodes to format your content.
    Your account can't use all available BBCodes, they will be stripped before saving.

    Your information: