您是否一直收到“本地安全^{(Local Security)}保护已关闭。您的设备可能容易受到攻击。” 每次启动进入Windows 11桌面区域时都会收到通知吗？本故障排除指南将解释发生这种情况的原因以及您可以采取哪些措施来消除这种情况。

Windows 11中的本地安全机构保护^{(Security Authority Protection)}是什么？

本地安全机构^{(Local Security Authority)}( LSA ) 是在^(LSA)Windows 11中强制执行安全策略的系统组件。它在登录过程中对用户进行身份验证、创建访问令牌并管理密码策略。底层进程是 LSASS.exe^{(underlying process is LSASS.exe)}。

为了增强安全性，Windows 11提供了一项称为本地安全机构^{(Local Security Authority)}保护的功能。它以保护模式运行LSASS进程，阻止未签名的驱动程序和插件加载，并防止恶意代码的潜在攻击。

为什么您不断收到“LSA 保护已关闭”通知

安装Microsoft Defender 防病毒版本 1.0.2302.21002^{(Microsoft Defender Antivirus Version 1.0.2302.21002)}后，无论计算机上是否打开或关闭该功能，都会弹出“本地安全机构保护已关闭”通知。微软^(Microsoft)已承认这是一个已知的 Windows 11 版本 22H2 问题^{(known Windows 11 version 22H2 issue)}。

您可以采取什么措施来解决“本地安全机构保护已关闭^(Off)” 的问题

您可以使用三种方法来处理Windows 11中持续存在的“^{(Windows 11)}本地安全机构^{(Local Security Authority)}保护已关闭”安全警告。你可以：

• 忽略错误：尽管有警告，本地安全机构^{(Security Authority)}很可能在您的计算机上以保护模式运行。通过事件查看器^{(Event Viewer)}验证LSA状态后，您可以安全地关闭它。
• 更新 Windows^{(Update Windows)}。截至撰写本文时，Microsoft已发布官方修复程序“ Microsoft Defender 防病毒^{(Microsoft Defender Antivirus)}反恶意软件平台更新– ^(Update)KB5007651（版本 1.0.2306.10002^{(Version 1.0.2306.10002)}）”。如果可用，您可以安装它。
• 修改注册表：可以修改系统注册表并手动激活本地安全机构^{(Local Security Authority)}保护来阻止安全警告的出现。

方法 1：检查事件查看器^{(Event Viewer)}并关闭^(Dismiss)

除非您安装的是新的Windows 11 ，否则在系统上启用 本地安全机构^{(Local Security Authority)}保护时，可能会出现“本地安全机构^{(Local Security Authority)}保护已关闭”错误。

Microsoft 的建议（如果您无法使用Microsoft Defender 防病毒版本 1.0.2306.10002或更高版本），请通过^{(Microsoft Defender Antivirus Version 1.0.2306.10002)}事件查看器检查本地^{(Event Viewer)}安全机构^{(Security Authority)}保护是否处于活动状态，如果您在收到警告后至少重新启动了一次电脑，则忽略警告它。

首先通过事件查看器^{(Event Viewer)}确认本地安全机构正在^{(Local Security Authority)}保护模式^{(Protected Mode)}下运行。要做到这一点：

1. 右键单击^{(Right-click)}“开始”^(Start)按钮并选择“事件查看器”^{(Event Viewer)}。

1. 展开 Windows 日志^{(Expand Windows Logs)}并选择侧边栏上的 系统。^(System)

1. 选择查找。

1. 在“查找^(Find)内容”字段中输入 lsass.exe ，然后选择“查找^(Find)下一个”。

1. 检查“常规”^(General)窗格。如果本地安全机构^{(Local Security Authority)}保护处于活动状态 ，您应该看到“ LSASS.exe已作为级别为 4 的受保护进程启动” 。

要在Windows 11^{(Windows 11)}中关闭“本地安全机构保护已关闭”通知：

1. 重新启动计算机（如果在收到通知后仍需要重新启动）。

1. 双击^{(Double-click)}系统托盘上的 Windows 安全^{(Windows Security)}图标。

1. 选择设备安全。

1. 在核心^(Core)隔离下，选择核心^(Core)隔离详细信息。

1. 选择^{(Select Dismiss)}“本地安全机构保护已关闭”通知旁边的“关闭”。

1. 重新启动计算机并检查是否再次出现“本地安全保护已关闭”警告。

方法 2：更新 Windows 11

据微软^(Microsoft)称，较新版本的Microsoft Defender 防病毒软件（版本 1.0.2306.10002及更高版本）修复了^{(Microsoft Defender Antivirus—Version 1.0.2306.10002)}Windows 11中的“本地安全机构保护已关闭”错误。因此，通过^(Hence)Windows Update安装所有待处理的更新是解决该问题的最佳方法。

要做到这一点：

1. 右键单击^{(Right-click)}“开始”^(Start)按钮并选择“设置”^(Settings)。

1. 向下滚动^(Scroll)侧边栏，选择Windows 更新^{(Windows Update)}，然后选择检查^(Check)更新以启动扫描新更新。

1. 选择“下载^{(Select Download)}并安装”以将所有挂起的更新应用到操作系统，然后重新启动您的电脑。

方法三：修改系统注册表^{(System Registry)}

如果使用事件查看器检查时^{(Event Viewer)}本地安全机构^{(Local Security Authority)}保护未处于活动状态，更新 Windows 11 无法解决问题，或者您没有可用的Microsoft Defender 防病毒^{(Microsoft Defender Antivirus)}更新更新，则必须修改系统注册表才能解决问题。

警告：Microsoft不建议采用解决方法来消除“本地安全机构保护已关闭”安全通知，因此仅在上述方法失败时才执行以下步骤。在继续之前， 您还应该备份系统注册表。^{(back up the system registry)}

1. 按Windows + R“打开”^(Open)字段中键入 regedit ，然后选择“确定”。

1. 将以下路径复制并粘贴到注册表编辑器^{(Registry Editor)}窗口顶部的地址栏中，然后按 Enter：

ComputerHKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsa

1. 确保在左侧导航窗格中选择Lsa，然后双击右侧的 RunAsPPL和RunAsPPLBoot条目。^{(RunAsPPLBoot)}

1. 将两个条目的值^(Value)数据字段内的十六进制值更改为 2，然后选择确定。

注意：如果一个或两个密钥都不存在，则必须手动创建它们 - 右键单击​​侧边栏上的Lsa并选择^(Lsa)DWORD（32 位）值^(Value)，以缺少的密钥命名，然后使用值 2 进行保存。

1. Select File > Exit以退出注册表编辑器^{(Registry Editor)}。

1. 重新启动 Windows 11。

或者，您可以通过Windows PowerShell^{(Windows PowerShell)}修改系统注册表。就是这样：

1. 右键单击^{(Right-click)}“开始”^(Start)按钮并选择“Windows 终端”^{(Windows Terminal)} (管理员^(Admin))。

1. 将以下命令复制并粘贴到控制台中：

reg 添加HKLM\SYSTEM\CurrentControlSet\Control\Lsa /v RunAsPPL /t REG_DWORD /d 2 /f;reg 添加HKLM\SYSTEM\CurrentControlSet\Control\Lsa /v RunAsPPLBoot /t REG_DWORD /d 2 /f

1. 按 Enter^{(Press Enter)}执行命令并重新启动 PC。

“本地安全机构保护^{(Local Security Authority Protection)}已关闭^(Off)”警告^(Warning)已被驳回

正如您刚刚发现的，您有多种方法来处理Windows 11中的“本地安全保护已关闭”错误。如果本地安全机构^{(Local Security Authority)}保护处于活动状态，您可以忽略该通知，安装最新的 Microsoft Defender 防病毒^{(Defender Antivirus)}更新，或者修改系统注册表（如果问题仍然存在）。

如果上述方法均无效，请使用第三方反恶意软件实用程序进行保护^{(use a third-party antimalware utility for protection)}，直到Microsoft在未来的更新中再次解决该问题。

How to Dismiss “Local Security Authority Protection Is Off” in Windows 11

Do you keep receiving a “Local Security protеctіon is off. Your device may be vulnerable.” notification each time you boot into Windows 11’s desktop areа? This troubleshooting guide will explain why that happens and what you can do to dismisѕ іt.

What Is Local Security Authority Protection in Windows 11?

The Local Security Authority (LSA) is the system component that enforces security policies in Windows 11. It authenticates users during the login process, creates access tokens, and manages password policies. The underlying process is LSASS.exe.

To bolster security, Windows 11 offers a feature called Local Security Authority protection. It runs the LSASS process in protected mode, blocking unsigned drivers and plugins from loading and preventing potential attacks from malicious code.

Why You Keep Receiving the “LSA Protection Is Off” Notification

The “Local Security Authority protection is off” notification pops up after installing Microsoft Defender Antivirus Version 1.0.2302.21002, regardless of having the feature on or off on your computer. Microsoft has acknowledged it as a known Windows 11 version 22H2 issue.

What You Can Do to Fix “Local Security Authority Protection Is Off”

You’ve got three methods to deal with a persistent “Local Security Authority protection is off” security warning in Windows 11. You can:

• Dismiss the error: Despite the warning, the chances are Local Security Authority is running in protected mode on your computer. You can safely dismiss it after verifying the LSA state via the Event Viewer.
• Update Windows. At the time of writing, Microsoft has released an official fix with “Update for Microsoft Defender Antivirus antimalware platform – KB5007651 (Version 1.0.2306.10002).” You can install it if it’s available for you.
• Modify the registry: It’s possible to modify the system registry and manually activate Local Security Authority protection to stop the security warning from appearing.

Method 1: Check the Event Viewer and Dismiss

Unless you’re on a new Windows 11 installation, the “Local Security Authority protection is off” error likely appears when Local Security Authority protection is enabled on your system.

Microsoft’s suggestion—if Microsoft Defender Antivirus Version 1.0.2306.10002 or later is not available to you—is to check if Local Security Authority protection is active via the Event Viewer and dismiss the warning if you’ve already restarted your PC at least once after receiving it.

Begin by confirming that the Local Security Authority is running in Protected Mode via the Event Viewer. To do that:

1. Right-click the Start button and select Event Viewer.

1. Expand Windows Logs and select System on the sidebar.

1. Select Find.

1. Type lsass.exe into the Find what field and select Find next.

1. Check the General pane. You should see “LSASS.exe was started as a protected process with level: 4” if Local Security Authority protection is active.

To dismiss the “Local Security Authority protection is off” notification in Windows 11:

1. Restart your computer (if you still need to since receiving the notification).

1. Double-click the Windows Security icon on the system tray.

1. Select Device Security.

1. Under Core isolation, select Core isolation details.

1. Select Dismiss next to the “Local Security Authority protection is off” notification.

1. Restart your computer and check if the “Local Security protection is off” warning recurs.

Method 2: Update Windows 11

According to Microsoft, newer versions of Microsoft Defender Antivirus—Version 1.0.2306.10002 and later—fix the “Local Security Authority protection is off” error in Windows 11. Hence, installing all pending updates through Windows Update is the best way to deal with the issue.

To do that:

1. Right-click the Start button and select Settings.

1. Scroll down the sidebar, choose Windows Update, and select Check for updates to initiate a scan for new updates.

1. Select Download and install to apply all pending updates to the operating system and reboot your PC afterward.

Method 3: Modify the System Registry

If the Local Security Authority protection isn’t active when checking with the Event Viewer, updating Windows 11 fails to resolve the issue, or you don’t have newer updates to Microsoft Defender Antivirus available, you must modify the system registry to resolve the issue.

Warning: Microsoft does not recommend workarounds to dismiss the “Local Security Authority protection is off” security notification, so only go through the steps below if the methods above fail. You should also back up the system registry before you go ahead.

1. Press Windows + R, type regedit into the Open field, and select OK.

1. Copy and paste the following path into the address bar at the top of the Registry Editor window and press Enter:

Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa

1. Ensure Lsa is selected on the left navigation pane, and double-click the RunAsPPL and RunAsPPLBoot entries on the right.

1. Change the hex value inside the Value data field to 2 for both entries and select OK.

Note: If one or both keys aren’t present, you must create them manually—right-click Lsa on the sidebar and select DWORD (32-bit) Value, name it after the missing key, and save with a value of 2.

1. Select File > Exit to exit the Registry Editor.

1. Restart Windows 11.

Alternatively, you can modify the system registry via Windows PowerShell. Here’s how:

1. Right-click the Start button and select Windows Terminal (Admin).

1. Copy and paste the following command into the console:

reg add HKLM\SYSTEM\CurrentControlSet\Control\Lsa /v RunAsPPL /t REG_DWORD /d 2 /f;reg add HKLM\SYSTEM\CurrentControlSet\Control\Lsa /v RunAsPPLBoot /t REG_DWORD /d 2 /f

1. Press Enter to execute the command and restart your PC.

“Local Security Authority Protection Is Off” Warning Dismissed

As you just found out, you’ve got multiple ways to deal with the “Local security protection is off” error in Windows 11. You can dismiss the notification if Local Security Authority protection is active, install the latest Microsoft Defender Antivirus updates, or modify the system registry if the problem persists.

If none of the methods above work, use a third-party antimalware utility for protection until Microsoft addresses the issue again in a future update.

Related posts

• 如何在 Microsoft Edge 中打开和关闭暗模式 -

• Windows 10 暗模式：如何打开和关闭它！

• 如何将谷歌浏览器置于黑暗模式 -

• 如何在 Windows 11 中打开暗模式 -

• 如何在 iPhone 上启用暗模式

• 如何在使用 Edge 浏览器的网站上强制使用暗模式

• 如何在 Mac 上启用深色模式主题

• 如何在 iPhone 或 iPad 的 OneNote 应用程序中启用暗模式

• 如何在 Windows 10 中启用文件资源管理器深色主题

• 在 Windows 中启用 Google Chrome 暗模式的 6 种方法

• 如何以安全模式启动 Windows 11（8 种方式）-

• 如何通过网络以安全模式启动 Windows 10

• 如何以 3 种不同方式在 Android 上开启深色模式 -

• 如何在 14 个谷歌智能手机应用中启用暗模式

• 如何从 PC 在 Instagram 上发布图片 -

• 如何在黑暗模式下使用 Google Docs

• 简单问题：什么是 Windows 8.1 中的免提模式？

• 在 Windows 中启用游戏模式的 3 种方法 -

• 如何在 Groove Music 中更改为深色模式主题背景

• 如何在 Windows 10 中启用或禁用灯光模式