Privacy and Security Enable or Disable Local Security Authority (LSA) Protection in Windows 11


Windows_Security_banner.png

This tutorial will show you how to enable or disable Local Security Authority (LSA) protection for all users in Windows 11.

Core isolation is a security feature of Microsoft Windows that protects important core processes of Windows from malicious software by isolating them in memory. It does this by running those core processes in a virtualized environment.

Windows 11, version 22H2 supports additional protection for the Local Security Authority (LSA) process to prevent code injection that could compromise credentials.

Windows has several critical processes to verify a user’s identity. The LSA is one of those processes, responsible for authenticating users and verifying Windows logins. It is responsible for handling user credentials, like passwords, and tokens used to provide single sign-on to Microsoft accounts and Azure services. Attackers have developed tools and have abused Microsoft tools to take advantage of this process to steal credentials. To combat this, additional LSA protection will be enabled by default in the future for new, enterprise-joined Windows 11 devices making it significantly more difficult for attackers to steal credentials by ensuring LSA loads only trusted, signed code.

Reference:
learn.microsoft.com

What's new in Windows 11, version 22H2 for IT pros

Learn more about what's new in Windows 11 version 21H2, including servicing updates, Windows Subsystem for Linux, the latest CSPs, and more.
learn.microsoft.com
learn.microsoft.com

Configure added LSA protection

Learn how to configure added protection for the Local Security Authority (LSA) process to prevent code injection that could compromise credentials.
learn.microsoft.com
www.microsoft.com

New security features for Windows 11 will help protect hybrid work | Microsoft Security Blog

Attackers haven’t wasted any time capitalizing on the rapid move to hybrid work. Every day cyber criminals and nation states alike have improved their targeting, speed and accuracy as the world adapted to working outside the office.
www.microsoft.com www.microsoft.com

You must be signed in as an administrator to enable or disable Local Security Authority (LSA) protection.

LSA requires CPU virtualization turned on.



Contents

  • Option One: Turn On or Off Local Security Authority (LSA) Protection in Windows Security
  • Option Two: Turn On or Off Local Security Authority (LSA) Protection using REG file
  • Option Three: Turn On or Off Local Security Authority (LSA) Protection using Command
  • Option Four: Enable or Disable Local Security Authority (LSA) Protection in Local Group Policy Editor
  • Option Five: Enable or Disable Local Security Authority (LSA) Protection using REG file




Option One

Turn On or Off Local Security Authority (LSA) Protection in Windows Security


1 Open Windows Security.

2 Click/tap on Device security on the left side, and click/tap on the Core isolation details link on the right side. (see screenshot below)

LSA_protection_Windows_Security-1.png

3 Turn on (default) or off Local Security Authority protection for what you want. (see screenshots below)

LSA_protection_Windows_Security-2.png
LSA_protection_Windows_Security-3.png

4 If prompted by UAC, click/tap on Yes to approve.

5 Restart the computer to apply. (see screenshot below)

6 If prompted by UAC, click/tap on Yes to approve.

LSA_protection_Windows_Security-5.png




Option Two

Turn On or Off Local Security Authority (LSA) Protection using REG file


1 Do step 2 (on without UEFI Lock), step 3 (on with UEFI Lock) or step 4 (off) below for what you want.

2 Turn On Local Security Authority (LSA) Protection without UEFI Lock

This is the default setting.


A) Click/tap on the Download button below to download the REG file below, and go to step 5 below.​

Turn_ON_Local_Security_Authority_protection_without_UEFI_Lock.reg


(Contents of REG file for reference)
Code: 
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"RunAsPPL"=dword:00000002
"RunAsPPLBoot"=dword:00000002

3 Turn On Local Security Authority (LSA) Protection with UEFI Lock

When LSA is used with UEFI lock and Secure Boot, additional protection is achieved because disabling the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa registry key has no effect. It acts as a tamper protection.


A) Click/tap on the Download button below to download the REG file below, and go to step 5 below.​

Turn_ON_Local_Security_Authority_protection_with_UEFI_Lock.reg


(Contents of REG file for reference)
Code: 
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"RunAsPPL"=dword:00000001
"RunAsPPLBoot"=dword:00000002

4 Turn Off Local Security Authority (LSA) Protection

If you turned on LSA with UEFI Lock using step 3, then you will need to use the Local Security Authority Protected Process Opt-out tool to remove the UEFI variable in the registry.


A) Click/tap on the Download button below to download the REG file below, and go to step 5 below.​

Turn_OFF_Local_Security_Authority_protection.reg


(Contents of REG file for reference)
Code: 
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"RunAsPPL"=dword:00000000
"RunAsPPLBoot"=dword:00000000

5 Save the .reg file to your desktop.

6 Double click/tap on the downloaded .reg file to merge it.

7 When prompted, click/tap on Run, Yes (UAC), Yes, and OK to approve the merge.

8 Restart the computer to apply.

9 You can now delete the downloaded .reg file if you like.




Option Three

Turn On or Off Local Security Authority (LSA) Protection using Command


1 Open Windows Terminal (Admin), and select Command Prompt.

2 Copy and paste the command below you want to use into Windows Terminal (Admin), and press Enter.

Turn On Local Security Authority (LSA) Protection without UEFI Lock

This is the default setting.


reg add HKLM\SYSTEM\CurrentControlSet\Control\Lsa /v RunAsPPL /t REG_DWORD /d 2 /f & reg add HKLM\SYSTEM\CurrentControlSet\Control\Lsa /v RunAsPPLBoot /t REG_DWORD /d 2 /f

OR​

Turn On Local Security Authority (LSA) Protection with UEFI Lock

When LSA is used with UEFI lock and Secure Boot, additional protection is achieved because disabling the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa registry key has no effect. It acts as a tamper protection.


reg add HKLM\SYSTEM\CurrentControlSet\Control\Lsa /v RunAsPPL /t REG_DWORD /d 1 /f & reg add HKLM\SYSTEM\CurrentControlSet\Control\Lsa /v RunAsPPLBoot /t REG_DWORD /d 2 /f

OR​

Turn Off Local Security Authority (LSA) Protection

If you turned on LSA with UEFI Lock, then you will need to use the Local Security Authority Protected Process Opt-out tool to remove the UEFI variable in the registry.


reg add HKLM\SYSTEM\CurrentControlSet\Control\Lsa /v RunAsPPL /t REG_DWORD /d 0 /f & reg add HKLM\SYSTEM\CurrentControlSet\Control\Lsa /v RunAsPPLBoot /t REG_DWORD /d 0 /f

3 Restart the computer to apply.




Option Four

Enable or Disable Local Security Authority (LSA) Protection in Local Group Policy Editor


The Local Group Policy Editor is only available in the Windows 11 Pro, Enterprise, and Education editions.

All editions can use Option Fve to configure the same policy.


1 Open the Local Group Policy Editor (gpedit.msc).

2 Navigate to the policy location below in the left pane of the Local Group Policy Editor. (see screenshot below)

Computer Configuration > Administrative Templates > System > Local Security Authority

LSA_protection_gpedit-1.png

3 In the right pane of Local Security Authority in the Local Group Policy Editor, double click/tap on the Configure LSASS to run as a protected process policy to edit it. (see screenshot above)

4 Do step 5 (default), step 6 (disable), step 7 (enable with UEFI Lock), or step 8 (enable without UEFI Lock) below for what you want.

5 Default User Choice Local Security Authority (LSA) Protection

This is the default setting to allow using Option One Option Two, and Option Three.


A) Select (dot) Not Configured. (see screenshot below)​

B) Click/tap on OK, and go to step 9 below.​

LSA_protection_gpedit-2.png

6 Disable Local Security Authority (LSA) Protection

This will override and prevent using Option One, Option Two, and Option Three.


A) Select (dot) Enabled. (see screenshot below)​

B) Select Disabled in the Configure LSA to run as a protected process drop menu.​

C) Click/tap on OK, and go to step 9 below.​

LSA_protection_gpedit-3.png

7 Enable Local Security Authority (LSA) Protection with UEFI Lock

This will override and prevent using Option One, Option Two, and Option Three.

When LSA is used with UEFI lock and Secure Boot, additional protection is achieved because disabling the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa registry key has no effect. It acts as a tamper protection.


A) Select (dot) Enabled. (see screenshot below)​

B) Select Enabled with UEFI Lock in the Configure LSA to run as a protected process drop menu.​

C) Click/tap on OK, and go to step 9 below.​

LSA_protection_gpedit-4.png

8 Enable Local Security Authority (LSA) Protection without UEFI Lock

This will override and prevent using Option One, Option Two, and Option Three.


A) Select (dot) Enabled. (see screenshot below)​

B) Select Enabled without UEFI Lock in the Configure LSA to run as a protected process drop menu.​

C) Click/tap on OK, and go to step 9 below.​

LSA_protection_gpedit-4.png

9 You can now close the Local Group Policy Editor if you like.




Option Five

Enable or Disable Local Security Authority (LSA) Protection using REG file


1 Do step 2 (default), step 3 (disable), step 4 (enable with UEFI Lock), or step 5 (enable without UEFI Lock) below for what you want.


 2. Default User Choice Local Security Authority (LSA) Protection

This is the default setting to allow using Option One, Option Two, and Option Three.


A) Click/tap on the Download button below to download the file below, and go to step 6 below.​

Default_user_choice_Local_Security_Authority_protection.reg


(Contents of REG file for reference)
Code: 
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System]
"RunAsPPL"=-


 3. Disable Local Security Authority (LSA) Protection

This will override and prevent using Option One, Option Two, and Option Three.


A) Click/tap on the Download button below to download the file below, and go to step 6 below.​

Disable_Local_Security_Authority_protection.reg


(Contents of REG file for reference)
Code: 
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System]
"RunAsPPL"=dword:00000000


 4. Enable Local Security Authority (LSA) Protection with UEFI Lock

This will override and prevent using Option One, Option Two, and Option Three.

When LSA is used with UEFI lock and Secure Boot, additional protection is achieved because disabling the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa registry key has no effect.


A) Click/tap on the Download button below to download the file below, and go to step 6 below.​

Always_Enable_Local_Security_Authority_protection_with_UEFI_Lock.reg


(Contents of REG file for reference)
Code: 
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System]
"RunAsPPL"=dword:00000001


 5. Enable Local Security Authority (LSA) Protection without UEFI Lock

This will override and prevent using Option One, Option Two, and Option Three.


A) Click/tap on the Download button below to download the file below, and go to step 6 below.​

Always_Enable_Local_Security_Authority_protection_without_UEFI_Lock.reg


(Contents of REG file for reference)
Code: 
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System]
"RunAsPPL"=dword:00000002

6 Save the REG file to your desktop.

7 Double click/tap on the downloaded REG file to merge it.

8 When prompted, click/tap on Run, Yes (UAC), Yes, and OK to approve the merge.

9 You can now delete the downloaded REG file if you like.


That's it,
Shawn Brink


Related Tutorials

 

Attachments

Last edited:
Click to expand...
I have 23H2 OS Build 22631.3296 on my desktop PC.

Under Core isolation details I have no option for Local Security Authority and virtualisation is enabled. Why don't I see this option?
 

Attachments

  • Screenshot 2024-04-09 144825.png
    Screenshot 2024-04-09 144825.png
    21.1 KB · Views: 25

My Computer

System One

  • OS
    Windows 11 Pro
    Computer type
    PC/Desktop
    Manufacturer/Model
    Self build
    CPU
    Core i7-13700K
    Motherboard
    Asus TUF Gaming Plus WiFi Z790
    Memory
    64 GB Kingston Fury Beast DDR5
    Graphics Card(s)
    Gigabyte GeForce RTX 2060 Super Gaming OC 8G
    Sound Card
    Realtek S1200A
    Monitor(s) Displays
    Viewsonic VP2770
    Screen Resolution
    2560 x 1440
    Hard Drives
    Kingston KC3000 2TB NVME SSD & SATA HDDs & SSD
    PSU
    EVGA SuperNova G2 850W
    Case
    Nanoxia Deep Silence 1
    Cooling
    Noctua NH-D14
    Keyboard
    Microsoft Digital Media Pro
    Mouse
    Logitech Wireless
    Internet Speed
    50 Mb / s
    Browser
    Chrome
    Antivirus
    Defender
Steve C said:
I have 23H2 OS Build 22631.3296 on my desktop PC.

Under Core isolation details I have no option for Local Security Authority and virtualisation is enabled. Why don't I see this option?
Click to expand...
Hello Steve, :alien:

Odd.

To determine whether LSA started in protected mode when Windows started, check Windows Logs > System in Event Viewer, and "Filter Current Log" with WinInit "Event sources". If enabled and protected, you will see this below in "General" for "Event ID" 12 logs.

12: LSASS.exe was started as a protected process with level: 4
 

My Computers

System One System Two

  • OS
    Windows 11 Pro for Workstations
    Computer type
    PC/Desktop
    Manufacturer/Model
    Custom self build
    CPU
    Intel i7-8700K 5 GHz
    Motherboard
    ASUS ROG Maximus XI Formula Z390
    Memory
    64 GB (4x16GB) G.SKILL TridentZ RGB DDR4 3600 MHz (F4-3600C18D-32GTZR)
    Graphics Card(s)
    ASUS ROG-STRIX-GTX1080TI-O11G-GAMING (11GB GDDR5X)
    Sound Card
    Integrated Digital Audio (S/PDIF)
    Monitor(s) Displays
    2 x Samsung Odyssey G75 27"
    Screen Resolution
    2560x1440
    Hard Drives
    1TB Samsung 990 PRO M.2,
    4TB Samsung 990 PRO M.2,
    8TB WD MyCloudEX2Ultra NAS
    PSU
    Seasonic Prime Titanium 850W
    Case
    Thermaltake Core P3 wall mounted
    Cooling
    Corsair Hydro H115i
    Keyboard
    Logitech wireless K800
    Mouse
    Logitech MX Master 3
    Internet Speed
    1 Gbps Download and 35 Mbps Upload
    Browser
    Google Chrome
    Antivirus
    Microsoft Defender and Malwarebytes Premium
    Other Info
    Logitech Z625 speaker system,
    Logitech BRIO 4K Pro webcam,
    HP Color LaserJet Pro MFP M477fdn,
    CyberPower CP1500PFCLCD
    Galaxy S23 Plus phone
  • Operating System
    Windows 11 Pro
    Computer type
    Laptop
    Manufacturer/Model
    Surface Laptop 7 Copilot+ PC
    CPU
    Snapdragon X Elite (12 core) 3.42 GHz
    Memory
    16 GB LPDDR5x-7467 MHz
    Monitor(s) Displays
    15" HDR
    Screen Resolution
    2496 x 1664
    Hard Drives
    1 TB SSD
    Internet Speed
    Wi-Fi 7 and Bluetooth 5.4
    Browser
    Chrome and Edge
    Antivirus
    Windows Defender
Brink said:
Odd.
Click to expand...
I thought LSA info was removed from Windows Security. I don't show it here on Windows 11 Pro 23H2. In fact, I haven't seen it since after that issue was all over the news.
 

My Computer

System One

  • OS
    Windows 11 Pro 23H2
    Computer type
    Laptop
    Manufacturer/Model
    Lenovo IdeaPad L340
    CPU
    Intel Core i3-8145U
    Memory
    16GB
    Hard Drives
    500 GB M2 1 TB HDD
    Internet Speed
    400 MB
    Browser
    Chrome | Edge
    Antivirus
    Microsoft Defender | Block unknown executables | Various ASR rules enabled
oldschool said:
I thought LSA info was removed from Windows Security. I don't show it here on Windows 11 Pro 23H2. In fact, I haven't seen it since after that issue was all over the news.
Click to expand...
I still have the setting on the latest Canary build 26100.1 version 24H2.
 

My Computers

System One System Two

  • OS
    Windows 11 Pro for Workstations
    Computer type
    PC/Desktop
    Manufacturer/Model
    Custom self build
    CPU
    Intel i7-8700K 5 GHz
    Motherboard
    ASUS ROG Maximus XI Formula Z390
    Memory
    64 GB (4x16GB) G.SKILL TridentZ RGB DDR4 3600 MHz (F4-3600C18D-32GTZR)
    Graphics Card(s)
    ASUS ROG-STRIX-GTX1080TI-O11G-GAMING (11GB GDDR5X)
    Sound Card
    Integrated Digital Audio (S/PDIF)
    Monitor(s) Displays
    2 x Samsung Odyssey G75 27"
    Screen Resolution
    2560x1440
    Hard Drives
    1TB Samsung 990 PRO M.2,
    4TB Samsung 990 PRO M.2,
    8TB WD MyCloudEX2Ultra NAS
    PSU
    Seasonic Prime Titanium 850W
    Case
    Thermaltake Core P3 wall mounted
    Cooling
    Corsair Hydro H115i
    Keyboard
    Logitech wireless K800
    Mouse
    Logitech MX Master 3
    Internet Speed
    1 Gbps Download and 35 Mbps Upload
    Browser
    Google Chrome
    Antivirus
    Microsoft Defender and Malwarebytes Premium
    Other Info
    Logitech Z625 speaker system,
    Logitech BRIO 4K Pro webcam,
    HP Color LaserJet Pro MFP M477fdn,
    CyberPower CP1500PFCLCD
    Galaxy S23 Plus phone
  • Operating System
    Windows 11 Pro
    Computer type
    Laptop
    Manufacturer/Model
    Surface Laptop 7 Copilot+ PC
    CPU
    Snapdragon X Elite (12 core) 3.42 GHz
    Memory
    16 GB LPDDR5x-7467 MHz
    Monitor(s) Displays
    15" HDR
    Screen Resolution
    2496 x 1664
    Hard Drives
    1 TB SSD
    Internet Speed
    Wi-Fi 7 and Bluetooth 5.4
    Browser
    Chrome and Edge
    Antivirus
    Windows Defender
Brink said:
I still have the setting on the latest Canary build 26100.1 version 24H2.
Click to expand...
So do I. But on the same machine running RTM 22631.3374 it's missing. In fact, none of my supported devices with the RTM 23H2 build have it.

Screenshot 2024-04-09 153210.png
Screenshot 2024-04-09 152823.png
 

My Computers

System One System Two

  • OS
    Windows 11 Home
    Computer type
    Laptop
    Manufacturer/Model
    Acer Aspire 3 A315-23
    CPU
    AMD Athlon Silver 3050U
    Memory
    8GB
    Graphics Card(s)
    Radeon Graphics
    Monitor(s) Displays
    laptop screen
    Screen Resolution
    1366x768 native resolution, up to 2560x1440 with Radeon Virtual Super Resolution
    Hard Drives
    1TB Samsung EVO 870 SSD
    Internet Speed
    50 Mbps
    Browser
    Edge, Firefox
    Antivirus
    Defender
    Other Info
    fully 'Windows 11 ready' laptop. Windows 10 C: partition migrated from my old unsupported 'main machine' then upgraded to 11. A test migration ran Insider builds for 2 months. When 11 was released on 5th October 2021 it was re-imaged back to 10 and was offered the upgrade in Windows Update on 20th October. Windows Update offered the 22H2 Feature Update on 20th September 2022. It got the 23H2 Feature Update on 4th November 2023 through Windows Update, and 24H2 on 3rd October 2024 through Windows Update by setting the Target Release Version for 24H2.

    My SYSTEM THREE is a Dell Latitude 5410, i7-10610U, 32GB RAM, 512GB NVMe ssd, supported device running Windows 11 Pro (and all my Hyper-V VMs).

    My SYSTEM FOUR is a 2-in-1 convertible Lenovo Yoga 11e 20DA, Celeron N2930, 8GB RAM, 256GB ssd. Unsupported device: currently running Win10 Pro, plus Win11 Pro RTM and Insider Dev, Beta, and RP 24H2 as native boot vhdx.

    My SYSTEM FIVE is a Dell Latitude 3190 2-in-1, Pentium Silver N5030, 8GB RAM, 512GB NVMe ssd, supported device running Windows 11 Pro, plus the Insider Beta, Dev, Canary, and Release Preview builds as a native boot .vhdx.
  • Operating System
    Windows 11 Pro
    Computer type
    Laptop
    Manufacturer/Model
    Dell Latitude E4310
    CPU
    Intel® Core™ i5-520M
    Motherboard
    0T6M8G
    Memory
    8GB
    Graphics card(s)
    (integrated graphics) Intel HD Graphics
    Screen Resolution
    1366x768
    Hard Drives
    500GB Crucial MX500 SSD
    Browser
    Firefox, Edge
    Antivirus
    Defender
    Other Info
    unsupported machine: Legacy bios, MBR, TPM 1.2, upgraded from W10 to W11 using W10/W11 hybrid install media workaround. In-place upgrade to 22H2 using ISO and a workaround. Feature Update to 23H2 by manually installing the Enablement Package. In-place upgrade to 24H2 using hybrid 23H2/24H2 install media. Also running Insider Beta, Dev, and Canary builds as a native boot .vhdx.

    My SYSTEM THREE is a Dell Latitude 5410, i7-10610U, 32GB RAM, 512GB NVMe ssd, supported device running Windows 11 Pro (and all my Hyper-V VMs).

    My SYSTEM FOUR is a 2-in-1 convertible Lenovo Yoga 11e 20DA, Celeron N2930, 8GB RAM, 256GB ssd. Unsupported device: currently running Win10 Pro, plus Win11 Pro RTM and Insider Dev, Beta, and RP 24H2 as native boot vhdx.

    My SYSTEM FIVE is a Dell Latitude 3190 2-in-1, Pentium Silver N5030, 8GB RAM, 512GB NVMe ssd, supported device running Windows 11 Pro, plus the Insider Beta, Dev, Canary, and Release Preview builds as a native boot .vhdx.
Brink said:
To determine whether LSA started in protected mode when Windows started, check Windows Logs > System in Event Viewer, and "Filter Current Log" with WinInit "Event sources". If enabled and protected, you will see this below in "General" for "Event ID" 12 logs.

12: LSASS.exe was started as a protected process with level: 4
Click to expand...
Indeed, this is what I see in Event Viewer. I suppose whether different users see or don't see LSA in Windows Security is simply due to machine differences and/or MS's mysterious ways. 🤯😃
 

My Computer

System One

  • OS
    Windows 11 Pro 23H2
    Computer type
    Laptop
    Manufacturer/Model
    Lenovo IdeaPad L340
    CPU
    Intel Core i3-8145U
    Memory
    16GB
    Hard Drives
    500 GB M2 1 TB HDD
    Internet Speed
    400 MB
    Browser
    Chrome | Edge
    Antivirus
    Microsoft Defender | Block unknown executables | Various ASR rules enabled
Brink said:
Hello Steve, :alien:

Odd.

To determine whether LSA started in protected mode when Windows started, check Windows Logs > System in Event Viewer, and "Filter Current Log" with WinInit "Event sources". If enabled and protected, you will see this below in "General" for "Event ID" 12 logs.

12: LSASS.exe was started as a protected process with level: 4
Click to expand...
There is no such Event ID listed. I also don't have an LSA entry in my laptop having the same 23H2 build. Does that mean LSA ha been disabled in 23H2?
 

My Computer

System One

  • OS
    Windows 11 Pro
    Computer type
    PC/Desktop
    Manufacturer/Model
    Self build
    CPU
    Core i7-13700K
    Motherboard
    Asus TUF Gaming Plus WiFi Z790
    Memory
    64 GB Kingston Fury Beast DDR5
    Graphics Card(s)
    Gigabyte GeForce RTX 2060 Super Gaming OC 8G
    Sound Card
    Realtek S1200A
    Monitor(s) Displays
    Viewsonic VP2770
    Screen Resolution
    2560 x 1440
    Hard Drives
    Kingston KC3000 2TB NVME SSD & SATA HDDs & SSD
    PSU
    EVGA SuperNova G2 850W
    Case
    Nanoxia Deep Silence 1
    Cooling
    Noctua NH-D14
    Keyboard
    Microsoft Digital Media Pro
    Mouse
    Logitech Wireless
    Internet Speed
    50 Mb / s
    Browser
    Chrome
    Antivirus
    Defender
It's not in the settings on version 22631.3374 for me either.

2024_04_09_1654.png



2024_04_09_1645.png


Article from BleepingComputer
 

My Computers

System One System Two

  • OS
    Win 11 Home & Pro
    Computer type
    Laptop
    Manufacturer/Model
    ASUS Vivobook
    CPU
    AMD Ryzen™ 7 7730U
    Motherboard
    M1605YA
    Memory
    15.0GB Dual-Channel DDR4 @ 1596MHz (22-22-22-52)
    Graphics Card(s)
    512MB ATI AMD Radeon Graphics (ASUStek Computer Inc)
    Monitor(s) Displays
    Generic PnP Monitor (1920x1200@60Hz) - P1 PLUS (1920x1080@59Hz)
    Screen Resolution
    1920 X 1200
    Hard Drives
    953GB Western Digital WD
    PSU
    45 Watts
    Mouse
    Lenovo Bluetooth.
    Internet Speed
    500 Mbps
    Browser
    Edge
    Antivirus
    Defender
  • Operating System
    Windows 11
    Computer type
    Laptop
    Manufacturer/Model
    ACER NITRO
    CPU
    AMD Ryzen 7 5800H / 3.2 GHz
    Motherboard
    CZ Scala_CAS (FP6)
    Memory
    32 GB DDR4 SDRAM 3200 MHz
    Graphics card(s)
    NVIDIA GeForce RTX 3060 6 GB GDDR6 SDRAM
    Sound Card
    Realtek Audio. NVIDIA High Definition Audio
    Monitor(s) Displays
    15.6" LED backlight 1920 x 1080 (Full HD) 144 Hz
    Screen Resolution
    1920 x 1080 (Full HD)
    Hard Drives
    Samsung 970 Evo Plus 2TB NVMe M.2
    PSU
    180 Watt, 19.5 V
    Mouse
    Lenovo Bluetooth
    Internet Speed
    500 Mbps
    Browser
    Edge
    Antivirus
    Defender
Steve C said:
There is no such Event ID listed. I also don't have an LSA entry in my laptop having the same 23H2 build. Does that mean LSA ha been disabled in 23H2?
Click to expand...
Correct. That means LSA is not enabled and running to protect.
 

My Computers

System One System Two

  • OS
    Windows 11 Pro for Workstations
    Computer type
    PC/Desktop
    Manufacturer/Model
    Custom self build
    CPU
    Intel i7-8700K 5 GHz
    Motherboard
    ASUS ROG Maximus XI Formula Z390
    Memory
    64 GB (4x16GB) G.SKILL TridentZ RGB DDR4 3600 MHz (F4-3600C18D-32GTZR)
    Graphics Card(s)
    ASUS ROG-STRIX-GTX1080TI-O11G-GAMING (11GB GDDR5X)
    Sound Card
    Integrated Digital Audio (S/PDIF)
    Monitor(s) Displays
    2 x Samsung Odyssey G75 27"
    Screen Resolution
    2560x1440
    Hard Drives
    1TB Samsung 990 PRO M.2,
    4TB Samsung 990 PRO M.2,
    8TB WD MyCloudEX2Ultra NAS
    PSU
    Seasonic Prime Titanium 850W
    Case
    Thermaltake Core P3 wall mounted
    Cooling
    Corsair Hydro H115i
    Keyboard
    Logitech wireless K800
    Mouse
    Logitech MX Master 3
    Internet Speed
    1 Gbps Download and 35 Mbps Upload
    Browser
    Google Chrome
    Antivirus
    Microsoft Defender and Malwarebytes Premium
    Other Info
    Logitech Z625 speaker system,
    Logitech BRIO 4K Pro webcam,
    HP Color LaserJet Pro MFP M477fdn,
    CyberPower CP1500PFCLCD
    Galaxy S23 Plus phone
  • Operating System
    Windows 11 Pro
    Computer type
    Laptop
    Manufacturer/Model
    Surface Laptop 7 Copilot+ PC
    CPU
    Snapdragon X Elite (12 core) 3.42 GHz
    Memory
    16 GB LPDDR5x-7467 MHz
    Monitor(s) Displays
    15" HDR
    Screen Resolution
    2496 x 1664
    Hard Drives
    1 TB SSD
    Internet Speed
    Wi-Fi 7 and Bluetooth 5.4
    Browser
    Chrome and Edge
    Antivirus
    Windows Defender
Brink said:
Correct. That means LSA is not enabled and running to protect.
Click to expand...
Should LSA be enabled then using another method in the tutorial so I see the option to turn it on/off in Defender settings?
 

My Computer

System One

  • OS
    Windows 11 Pro
    Computer type
    PC/Desktop
    Manufacturer/Model
    Self build
    CPU
    Core i7-13700K
    Motherboard
    Asus TUF Gaming Plus WiFi Z790
    Memory
    64 GB Kingston Fury Beast DDR5
    Graphics Card(s)
    Gigabyte GeForce RTX 2060 Super Gaming OC 8G
    Sound Card
    Realtek S1200A
    Monitor(s) Displays
    Viewsonic VP2770
    Screen Resolution
    2560 x 1440
    Hard Drives
    Kingston KC3000 2TB NVME SSD & SATA HDDs & SSD
    PSU
    EVGA SuperNova G2 850W
    Case
    Nanoxia Deep Silence 1
    Cooling
    Noctua NH-D14
    Keyboard
    Microsoft Digital Media Pro
    Mouse
    Logitech Wireless
    Internet Speed
    50 Mb / s
    Browser
    Chrome
    Antivirus
    Defender
Steve C said:
Should LSA be enabled then using another method in the tutorial so I see the option to turn it on/off in Defender settings?
Click to expand...

You could try enabling LSA using another option, but you'll still need to verify if you have a log with a timestamp showing LSA started at startup after the restart.

If not, then your system may not support using LSA.
 

My Computers

System One System Two

  • OS
    Windows 11 Pro for Workstations
    Computer type
    PC/Desktop
    Manufacturer/Model
    Custom self build
    CPU
    Intel i7-8700K 5 GHz
    Motherboard
    ASUS ROG Maximus XI Formula Z390
    Memory
    64 GB (4x16GB) G.SKILL TridentZ RGB DDR4 3600 MHz (F4-3600C18D-32GTZR)
    Graphics Card(s)
    ASUS ROG-STRIX-GTX1080TI-O11G-GAMING (11GB GDDR5X)
    Sound Card
    Integrated Digital Audio (S/PDIF)
    Monitor(s) Displays
    2 x Samsung Odyssey G75 27"
    Screen Resolution
    2560x1440
    Hard Drives
    1TB Samsung 990 PRO M.2,
    4TB Samsung 990 PRO M.2,
    8TB WD MyCloudEX2Ultra NAS
    PSU
    Seasonic Prime Titanium 850W
    Case
    Thermaltake Core P3 wall mounted
    Cooling
    Corsair Hydro H115i
    Keyboard
    Logitech wireless K800
    Mouse
    Logitech MX Master 3
    Internet Speed
    1 Gbps Download and 35 Mbps Upload
    Browser
    Google Chrome
    Antivirus
    Microsoft Defender and Malwarebytes Premium
    Other Info
    Logitech Z625 speaker system,
    Logitech BRIO 4K Pro webcam,
    HP Color LaserJet Pro MFP M477fdn,
    CyberPower CP1500PFCLCD
    Galaxy S23 Plus phone
  • Operating System
    Windows 11 Pro
    Computer type
    Laptop
    Manufacturer/Model
    Surface Laptop 7 Copilot+ PC
    CPU
    Snapdragon X Elite (12 core) 3.42 GHz
    Memory
    16 GB LPDDR5x-7467 MHz
    Monitor(s) Displays
    15" HDR
    Screen Resolution
    2496 x 1664
    Hard Drives
    1 TB SSD
    Internet Speed
    Wi-Fi 7 and Bluetooth 5.4
    Browser
    Chrome and Edge
    Antivirus
    Windows Defender
Steve C said:
There is no such Event ID listed. I also don't have an LSA entry in my laptop having the same 23H2 build. Does that mean LSA ha been disabled in 23H2?
Click to expand...
In filtering options, at source, use the dropdown box and put a V infront of Wininit
Somehow copy paste text there does not work.
 

My Computer

System One

  • OS
    Windows 11
    Computer type
    PC/Desktop
You must log in or register to reply here.

Similar Windows 11 Tutorials

  • Article Article
Privacy and Security Verify Local Security Authority (LSA) Protection in Windows 11
Replies
0
Views
6K
Brink
Brink
  • Article Article
Privacy and Security Enable or Disable App Diagnostics Access in Windows 11
Replies
0
Views
671
Brink
Brink
  • Article Article
Accounts Enable or Disable Windows Hello PIN Expiration in Windows 11
Replies
0
Views
605
Brink
Brink
  • Article Article
Privacy and Security Enable or Disable System Guard Secure Launch for Firmware Protection in Windows 11
Replies
2
Views
6K
Brink
Brink
  • Article Article
Browsers and Mail Enable or Disable Automatic Sign in on Microsoft Edge in Windows 11
Replies
0
Views
735
Brink
Brink
  • Article Article
Browsers and Mail Enable or Disable Collections in Microsoft Edge in Windows 11
Replies
0
Views
906
Brink
Brink
  • Article Article
Apps Enable or Disable Generative Fill in Paint app in Windows 11
Replies
3
Views
1K
Brink
Brink

Latest Support Threads

Latest Tutorials

Back
Top Bottom