Question Local Security Authority Protection is Off

mccann88

Commendable
Sep 12, 2020
11
0
1,510
Hi,



Hope this is the correct forum. Switched on my computer this morning and saw that on the windows security there was a yellow triangle on looking into this it said it was "Local Security Authority Protections is off. Your device may be vulnerable," I immediately went to settings and it brought me to the Core isolation page but both Memory Integrity and Microsoft Vulnerable Driver Blocklist are ON as shown attached.



Have tried repairing windows security through the app setting but it didn't do anything. Also came across another fix about using regedit and using "RunAsPPL" in registry edit but I don't have "RunAsPPL" in my folder.



I'm really not sure what or how the problem has come about as I have installed no new updates or are there any updates awaiting. This has just appeared this morning. I would be grateful for any help in fixing this.



Thanks





CI.png
 
Last edited:
D

Deleted member 14196

Guest
I’ve seen this happen. It happened to me after an update on two separate machines. I had to use system restore to fix it. Also if you keep backups, restore a back up and reapply the update.
 

mccann88

Commendable
Sep 12, 2020
11
0
1,510
So there isn't really anyway round it apart from a system restore. I've read its been a bug with an update Microsoft did. Is there any other ways other than restore?

Just checked in my event viewer and came across this


Event Viewer
 
Last edited:

mccann88

Commendable
Sep 12, 2020
11
0
1,510
Thanks for that. Read through the article and saw that at the bottom of it, it said

"You can manually verify if the feature is enabled by navigating to Event Viewer > “Applications and Services Logs” > “Microsoft” > “Windows” > “LSA”. In the event log, you need to find the Event ID 5004, which is linked to the LSA Protection and confirms LSA Protection has been enabled successfully."

I did this and when I got to the LSA folder this is what I found LSA folder

Do you think I should do the step through Registry Edit or is this something I should ignore and my computer is OK? Really unsure what to do.

Thanks for all your help