It has been reported by some users that the Windows Security app displays “The local police and military have been disarmed. Your gadget could be at risk.” alerts when the function is activated. The Windows Defender (KB5007651) flaw is a part of the required security update The March 2023 Update for Windows 11.
Code injection can be avoided, and credentials are less likely to be compromised, thanks to Local Security Authority protection. Windows’ ability to verify user logins is dependent on the Local Security Authority feature.
If you enable this setting in the Settings app, LCA will be more resistant to code injection, which could compromise your credentials. Microsoft’s goal with LCAP is to stop the unintentional spread of confidential data like passwords, tokens, certificates, etc.
After the latest app update, you’ll be prompted to turn on Local Security Authority protection and restart your device, despite the fact that this setting is already active. The function is operating invisibly. Our testing revealed that this could be a flaw in the Windows Security user interface, so there’s no need to worry that your Windows installation is damaged.
Local Security Authority protection is enabled in the Device Security and Core isolation settings. Nonetheless, the Local Security Authority Protection is always disabled, and I am promptly informed of this fact. A message telling me to restart the device because of the change appears above the section. I’ve tried powering down, rebooting, powering back up, and restarting as well. One user who has been affected by the bug says the problem still exists commented on in a Feedback Hub thread.
Microsoft is aware of reports of the problem’s prevalence.
A Microsoft insider informed us that the company is working to halt the distribution of the flawed Windows 11 KB5007651 security update until the issue is resolved.
An official from Microsoft confirmed to a user that it was already aware of the issue.
How to fix Local Security Authority protection is off error
Repair the error “Local Security authority protection is disabled. Warning: possible security holes in your device!
- Launch the Registry Editor in Windows.
- Here’s where you should go in your browser: ComputerHKEY_LOCAL_MACHINESYSTEM CurrentControlSetControlLsa
- You’ll need RunAsPPL and RunAsPPLBoot, so grab those. Create DWORD entries for RunAsPPL and RunAsPPLBoot if they aren’t already there.
- The correct value for both fields is 2.
- Just reboot, and the notifications should go away.
If editing the Windows Registry is beyond your capabilities or is failing to work, try our tried-and-true PowerShell script instead:
When prompted, type "reg add HKLMSYSTEMCurrentControlSetControlLsa /v RunAsPPL /t REG_DWORD /d 2 /f;" RunAsPPLBoot: reg add HKLMSYSTEMCurrentControlSetControlLsa /v REG_DWORD /d 2 /f;
The above workaround appears to be helping users at the moment. Stopping Windows Updates could be a good idea if you don’t have the problem and haven’t installed Windows Defender KB5007651 while Microsoft works on a hotfix.
First update: Microsoft has begun rolling out a fix, but it is taking longer than usual for the update to reflect on all systems around the world.