Ask a new question

Big problem: local security authority (LSA) protection is off (after the last Windows Update)

Hello,

I am having a major issue in this computer after I have installed the last update from Windows Update KB5023706.

  • After installing this update (some hours later) Microsoft Defender is not working.

  • When I take a look to the "Security at a glance window"... in Device security it says that the local security authority (LSA) protection is off.

  • After this, the antivirus is having an erratic behaviour.

  • Some times, it says my machine does not have a TPM active.

  • Some times it says the TPM is active.

  • Some times security at a glance shows everything green (except Device Security)

  • Some times, it shows everythink grayed or not available...

  • Some times my programs cannot access to some folders because Microsoft Defender is not allowing them so.

I have read the forums in Spain and 6 people reported this issue after the last Windows Update...

Any idea about how may I solve this?

For the moment my computer is basically a brick. I can use it, but with zero protection and without recognizing the TPM Windows 11 is almost death, so at this point I don't know if would I receive more updates or not and I don't know if my security is compromised.

I really would appreciate a solution for this problem.

My Windows 11 is completely legal. I had a legal license of Windows 10 and it upgraded automatically to Windows 11 because my computer has TPM 2.0 and the Secure Boot activated in the BIOS.

It seems to be that, after the last update, Microsoft is not recognizing the TPM drivers (this is an hypothesis, not sure about this) and the system is not working properly.

I'm really scared with this problem, really. Never I had a similar issue and I am using Windows since Windows 95.

Any idea about how may I solve this?

* Please try a lower page number.

* Please enter only numbers.

* Please try a lower page number.

* Please enter only numbers.

Hi Jesús002,

I am Dave, I will help you with this, here is the method to fix the LSA error:

Click your Start Button, then just type powershell

On the resulting menu, right clik PowerShell and select 'Run as Administrator'

Paste this command into PowerShell and press Enter

reg add HKLM\SYSTEM\CurrentControlSet\Control\Lsa /v RunAsPPL /t REG_DWORD /d 2 /f;reg add HKLM\SYSTEM\CurrentControlSet\Control\Lsa /v RunAsPPLBoot /t REG_DWORD /d 2 /f;

Close PowerShell and restart your PC, that should solve that error.
___________________________________________________________________

Power to the Developer!

MSI GV72 - 17.3", i7-8750H (Hex Core), 32GB DDR4, 4GB GeForce GTX 1050 Ti, 256GB NVMe M2, 2TB HDD

7 people found this reply helpful

·

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

Hi Dave, thanks a lot for your solution.

It worked partially.

Microsoft Defender is showing again the green tick and Device security again is showing the green tick.

When I access the Device security section... it recognizes again the TPM.

However, this section is not properly fixed, I mean exactly the "Secure boot" feature.

PROBLEMS I AM STILL EXPERIENCING

A) I mean... when I access the Device security... sometimes Secure boot is detected and sometimes it is not detected. This solution do not fix the "Secure boot detection"

I am 100% sure the Secure Boot is activated in my BIOS, because I have upgraded from Windows 10 to Windows 11 and it was detected the TPM and the Secure Boot, so I am 100% confident this is not a configuration problem in my BIOS.

The "erratic behaviour" (sometimes detecting the Secure Boot and sometimes not detecting it, started after the update which caused all these problems)

B) Additionally, I am getting some alerts in Microsoft Defender (protection history section - protected folder access blocked)

Sometimes, Microsoft Defender is alerting me that it would not allow the access to certain folders to some legitimate software I have installed in my computer, so I am forced to grant access creating a rule or filter. This never happened before, this is happening after the problems experienced with this update.

I HAVE SOME QUESTIONS

I would appreciate your help, because I am confused with this problem.

1) Could you tell me what update is causing this LSA problem?

2) Is Microsoft aware of this problem and working on a solution for it?

3) Would I continue receiving updates via Windows Update (even if Secure Boot is not detected? or after this problem my computer will be isolated and not able to receive automatic updates?

4) How may I avoid the alerts protected folder access blocked?

5) After some hours of use, I am realizing that SOME TIMES, when I double click on Microsoft Defender, the Security at a glance window shows all the options greyed, like if they were not available, however, actually you can click on them and access to them also. When I close the Microsoft Defender Window and open it again... it show again the green ticks... so the behaviour seems to be erratic. At this point I am wondering if I am still protected or if should I to install an independent antivirus until Microsoft solve this problem?

I would appreciate your reply.

Thanks a lot for your help.

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

Hi Jesús002,

It was that KB5023706 update that caused this and Microsoft are aware of the bug so they should put out a patch for it, probably after the weekend.

You seem to have other problems with Defender which other people have not reported in that bug. it may be worth performing an in-place repair with the Windows 11 ISO.
___________________________________________________________________

Power to the Developer!

MSI GV72 - 17.3", i7-8750H (Hex Core), 32GB DDR4, 4GB GeForce GTX 1050 Ti, 256GB NVMe M2, 2TB HDD

1 person found this reply helpful

·

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

Hi Dave,

I do not have a Windows 11 ISO, I just upgraded from Windows 10. As regards to the greyed options, I can assure you more people are having the same problems, because I have seen the screenshots published in the Microsoft forum (for Spain) and they look exactly the same as my screenshots.

This happened after the update.

However, it was reported that the KB5007651 is causing these problems.

Please, take a look to these threads and tell me if are you aware of this?

Will I continue receiving updates despite the Secure Bot is not detected?

1 person found this reply helpful

·

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

Hi Jesús002,

Rest assured you will continue to get updates even if Secure Boot is disabled, they do not check for that.

I think the best option is to download the Windows 11 ISO and perform an in-place repair, that only takes about 20 minutes and does not affect your personal files, Settings or installed software.
___________________________________________________________________

Power to the Developer!

MSI GV72 - 17.3", i7-8750H (Hex Core), 32GB DDR4, 4GB GeForce GTX 1050 Ti, 256GB NVMe M2, 2TB HDD

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

Is very strange because when the Secure Boot is detected the TPM is not detected and viceversa, but I assure you the people is reporting the same issue after the update. This erratic behavior started after the update.

My Windows 11 is completely legal. It was upgraded from a Windows 10 Home completely legal. However, when I bought the PC in the shop they put a label in the system board box with the Windows 10 key. The thing is I don't know where is my legal key and I don't know if do I need a serial number?

I am asking this because perhaps would I need this info to perform a repair?

How may I retrieve my legal key from my Windows?

As regards to the repair? What should I need to do? Where may I download the Windows 11 Home ISO? and what should I do next, run it and repair Windows 11?

Is there any guide?

Are you sure I won't lose my programs and data?

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

Hi Jesús002,

That is a strange bug where Secure Boot and TPM cannot be detected together, if you do not have your drive encrypted with Bitlocker, have you tried resetting TPM keys in BIOS?

You do not need a product key for Windows to perform the in-place repair, this is just like updating your PC

Please follow the steps, this is then just an update and your files and applications will remain untouched.

Click this link:
https://www.microsoft.com/en-us/software-downlo...
to download the Windows 11 ISO

When the ISO file completes downloading

Disconnect from the Internet

Disconnect all external devices with the exception of a mouse or keyboard.

Temporarily disable any 3rd party Anti-virus you may have installed

Then, in Windows File Explorer, double click the ISO and then run Setup.exe and select the upgrade option.
___________________________________________________________________

Power to the Developer!

MSI GV72 - 17.3", i7-8750H (Hex Core), 32GB DDR4, 4GB GeForce GTX 1050 Ti, 256GB NVMe M2, 2TB HDD

1 person found this reply helpful

·

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

When an independent advisor advises people to do something without giving any reason then warning bells sound in my head.

I will make the assumption that a dark minded entity has infiltrated Microsoft and has prepared the way for a catastrophic event.

3 people found this reply helpful

·

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

Man, i have the same **** problem from few days. Is the same for me. I have TPM 2.0 acitvated in bios but the Device security is off and saying that "there is no TPM available. Can't do anything and my PC is at risk.

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

Great job. Thank you so much, DaveM121!

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

* Please try a lower page number.

* Please enter only numbers.

* Please try a lower page number.

* Please enter only numbers.

 
 

Question Info

Last updated April 11, 2024 Views 6,019 Applies to: