The Windows Local Security Authority Subsystem Service, aka LSASS, handles security policy enforcement for that OS. With KB5023706 (installed on 3/14) on my mainstream Windows 11 PC, some have shown interesting side-effects. My P16 manifests LSASS bug shown in the lead-in graphic.
Basically, it falsely asserts that LSASS protection is turned off (see text in red box). How do I know it’s actually running? As I searched the System log in Event Viewer, I found a message indicating the “LSASS.exe (process) was started…” as part of that system’s last boot-up. According to this discussion of that very issue at BleepingComputer.com, this indicates that LSASS protection is enabled and working as it should be.
The Event Viewer (System Log) reports a successful start of LSASS.exe as part of the OS boot-up process. It’s working!
What To Do If Your P16 Manifests LSASS Bug
Of course, this applies to all Windows PCs of all kinds. That said, the afore-linked BleepingComputer story explains a couple of Registry hacks that will fix such spurious notifications. MS will probably get around to fixing this sooner or later. Meanwhile, I’m not concerned about false security flags. Indeed, I’m content to wait until it’s corrected in some future update.
It sounds like a serious error. And it would be a major security hole, if the notification were true. But since it’s simply a false positive, and I’ve proved to myself that things are working as they should be, I’ll live with it.
This problem has been in play for some while now (BleepingComputer reports it goes back to January 2023). If I search for “Local security authority protection is off” at ElevenForum.com, I see hits as far back as March 1, 2023, on this topic. All are unanimous in flagging this as a false positive not worth corrective action.
But that’s the way things sometimes go here in Windows-World. Take it under advisement if you see the “Yellow bang!” in Windows Security on your Windows 11 PC. Cheers!