Microsoft has confirmed that it has fixed a major issue with Windows Defender that incorrectly displayed “Local Security Authority protection is off” even when the feature was enabled. As a consequence of the error, the device had to be restarted to complete the activation process.
The Local Safety Authority, or LSA, controls it ID card, records and maintains all information related to the local security of a system. The bug affected all Windows 11 platforms, namely Windows 22 builds 2H21 and 2H11.
Microsoft describes the problem as follows:
"After installation of “Microsoft Defender Antivirus Platform Update – KB5007651 (Version 1.0.2302.21002)”, you may receive a security alert or warning which states that “Local security protection is disabled. Your device may be vulnerable”. Once the protections are enabled, the device may keep asking you that a restart is required”.
About a week ago, Microsoft released a new update “Windows Security Service version 1.0.2303.27001” with KB5007651. The update ostensibly fixed LSA protection but today, it was confirmed by Microsoft itself. The company informed health dashboards of the issue with a new section essentially confirming the report. The company states:
Resolution: This issue was resolved with an update to Microsoft Defender Antivirus Platform KB5007651 (Version 1.0.2303.27001). If you want to install the update before it is installed automatically, you should check for updates.
The new Defender update appears to fix the problem by updating the “Kernel-mode Hardware-enforced Stack Protection” security feature that exists in Core Isolation (VBS) in the Windows Security app.
Information from (here) and (here)