banner
News center
Delve into our diverse selection of world-class products and services to find your perfect match.

Microsoft's patch didn't actually fix Windows Defender, but there's a workaround

Oct 19, 2023

The update didn't solve the problem, but you can work around it easily.

The Microsoft Defender Antivirus software (also known as Windows Defender) is at the core of standard Windows security, but in late March, an update to it caused a concerning bug with the Windows Security app. Everyone who downloads and installs the update sees a warning that "Local Security Authority protection is off. Your device may be vulnerable," even if it was enabled previously.

These messages continue to persist even if LSA protection is reenabled and a restart is performed, and since the LSA manages user rights information and passwords, many users are understandably worried.

The issue was soon confirmed by Microsoft, and about a month later in April, the firm released a patch for it (Version 1.0.2303.27001). However, after users reported that the bug was continuing to persist and that further issues were introduced, Microsoft recently scrapped the patch and confirmed that the update "is no longer being offered to devices" on its Windows Health page. Thankfully, though, there's a workaround for the original problem — and it's a simple one.

> Windows Central Podcast #311: Windows 11 Moment 3 and Pixel Fold ruins the Duo

> Windows 11 PCs can now send and receive iMessages

> Android apps on Windows shouldn't be so sluggish after this update

"If you have enabled Local Security Authority (LSA) protection and have restarted your device at least once, you can dismiss warning notifications and ignore any additional notifications prompting for a restart," writes the company. "Currently, we do not recommend any other workaround for this issue."

Essentially, you can safely dismiss or ignore any LSA protection alerts Windows 11 pushes as long as you're able to verify that LSA protection is actually active after you enable it and restart your PC. You can do this by opening the Event Viewer app, going into the Windows Logs section, and searching for this WinInit event in the System log:

Notably, Microsoft says that if you installed the ineffective update (Version 1.0.2303.27001) and experience blue screen errors or restarts when opening apps or games, you have to disable Kernel-mode Hardware-enforced Stack Protection to resolve the problem. This can be done by opening Windows Security, selecting Device Security, selecting Core Isolation, and toggling the Kernel-mode Hardware-enforced Stack Protection option off.

Ultimately, it's good to know that there's not something terribly serious going on here, though this bug will definitely continue alarming people that haven't seen Microsoft's assurances. The firm explained that it's "working on a resolution and will provide an update in an upcoming release," so hopefully the issue will be fixed soon.

All the latest news, reviews, and guides for Windows and Xbox diehards.

Brendan Lowry is a Windows Central writer and Oakland University graduate with a burning passion for video games, of which he's been an avid fan since childhood. You'll find him doing reviews, editorials, and general coverage on everything Xbox and PC. Follow him on Twitter.