Windows 10: LSA Protection

Discus and support LSA Protection in Windows 10 Software and Apps to solve the problem; What exactly is LSA and is it a default on the Windows Home Edition?Kenneth... Discussion in 'Windows 10 Software and Apps' started by KennethYoung5, May 3, 2023.

  1. KENNETHYOUNG5
    KennethYoung5 Win User

    LSA Protection


    What exactly is LSA and is it a default on the Windows Home Edition?Kenneth

    :)
     
    KennethYoung5, May 3, 2023
    #1
  2. URISSOO
    UriSSoo Win User

    Disabling LSA protection

    We have an internal issue causing something not to work when the LSA protection is enabled.

    As we also have "Block credential stealing from the Windows local security authority subsystem (lsass.exe)" ASR rule, and following this recommendation that "having both running at the same time would be redundant" we want to turn off the LSA protection.

    The problem starts with the fact that all our devices support Secure Boot and since years we use UEFI based devices.

    On those machines the task of disabling LSA protection seems like very cumbersome and not straight forward.

    Is there more easy and centralized way to disable LSA protection on a few thousands windows machines?

    Thanks in advance
     
    UriSSoo, May 3, 2023
    #2
  3. XABERREBAX
    XaberRebax Win User
    How to fix LSA package is not signed as expected event log entries?

    Solved.

    Here is the article on whats happening: Configuring Additional LSA Protection | Microsoft Learn

    If you are on a work computer under a domain you should probably use the Group Policy as instructed in the article.

    On a local computer:

    Using the Registry

    1. Open the Registry Editor (RegEdit.exe), and navigate to the registry key that is located at: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa.
    2. Set the value of the registry key to:
      1. "RunAsPPL"=dword:00000001 to configure the feature with a UEFI variable.
      2. "RunAsPPL"=dword:00000002 to configure the feature without a UEFI variable (only on Windows 11, 22H2).
    3. Restart the computer.
    If the registry key RunAsPPL does not exist create it as a New DWORD (32-bit) Value and set the Hexadecimal value to 00000002

    The device that was causing the issue for me was a G935 Gaming Headset, which re-prompted to select the device after I created the key and rebooted.
     
    XaberRebax, May 3, 2023
    #3
  4. RAMESH SRINIVASAN
    Ramesh Srinivasan Win User

    LSA Protection

    Local Security Authority Protection is on, but Windows Security says it's off? ****?

    Hi Rob,

    It's a fix. I heard the value is enabled by default in the recent Insider Preview builds.

    Verifying LSA protection

    "To discover if LSA was started in protected mode when Windows started, search for the following WinInit event in the System log under Windows Logs:"

    • Event ID 12: LSASS.exe was started as a protected process with level: 4
    Src: Configuring Additional LSA Protection | Microsoft Learn
     
    Ramesh Srinivasan, May 3, 2023
    #4
Thema:

LSA Protection

Loading...

  1. LSA Protection - Similar Threads - LSA Protection

  2. LSA protection - Running LSASS as protected process in Windows 10 22H2

    in AntiVirus, Firewalls and System Security
    LSA protection - Running LSASS as protected process in Windows 10 22H2: We are running Windows 10 22H2 will soon upgrade to Windows 11 23H2.We would like to enable added LSA protection preferably without UEFI lock on our machines as outlined in Configure added LSA protection Microsoft Learn. However, the methods to implement it this way only...

  3. LSA protection - Running LSASS as protected process in Windows 10 22H2

    in Windows 10 Gaming
    LSA protection - Running LSASS as protected process in Windows 10 22H2: We are running Windows 10 22H2 will soon upgrade to Windows 11 23H2.We would like to enable added LSA protection preferably without UEFI lock on our machines as outlined in Configure added LSA protection Microsoft Learn. However, the methods to implement it this way only...

  4. LSA protection - Running LSASS as protected process in Windows 10 22H2

    in Windows 10 Software and Apps
    LSA protection - Running LSASS as protected process in Windows 10 22H2: We are running Windows 10 22H2 will soon upgrade to Windows 11 23H2.We would like to enable added LSA protection preferably without UEFI lock on our machines as outlined in Configure added LSA protection Microsoft Learn. However, the methods to implement it this way only...

  5. securityhealthservice.exe disabling LSA protection

    in Windows 10 Gaming
    securityhealthservice.exe disabling LSA protection: Greetings,I am experiencing an issue where securityhealthservice.exe process is trying to disable LSA protection. This action is blocked by an antivirus tool on my PC.I am not sure why this is happening. I have searched online if anyone else was experiencing this issue and I...

  6. securityhealthservice.exe disabling LSA protection

    in Windows 10 Software and Apps
    securityhealthservice.exe disabling LSA protection: Greetings,I am experiencing an issue where securityhealthservice.exe process is trying to disable LSA protection. This action is blocked by an antivirus tool on my PC.I am not sure why this is happening. I have searched online if anyone else was experiencing this issue and I...

  7. LSA protection and attack surface rules

    in Windows 10 Gaming
    LSA protection and attack surface rules: Hi,We are implemting defender ssecurity.After putting ASR in audit we start to follow the recommandations.After son time we see the ASR rule "Block credential stealing from the Windows local security authority subsystem lsass.exe" is not applicable.After a long search I found...

  8. LSA protection and attack surface rules

    in Windows 10 Software and Apps
    LSA protection and attack surface rules: Hi,We are implemting defender ssecurity.After putting ASR in audit we start to follow the recommandations.After son time we see the ASR rule "Block credential stealing from the Windows local security authority subsystem lsass.exe" is not applicable.After a long search I found...

  9. LSA protection off and LSA package is not signed as expected

    in Windows 10 Gaming
    LSA protection off and LSA package is not signed as expected: A week after resetting W11 Home PC, have gotten Windows security / Device security message:“Local Security Authority protection is off. Your device may be vulnerable.”Checked Event Viewer - WIninit Log and there is NO entry stating: “12: LSASS.exe was started as a protected...

  10. LSA protection off and LSA package is not signed as expected

    in Windows 10 Software and Apps
    LSA protection off and LSA package is not signed as expected: A week after resetting W11 Home PC, have gotten Windows security / Device security message:“Local Security Authority protection is off. Your device may be vulnerable.”Checked Event Viewer - WIninit Log and there is NO entry stating: “12: LSASS.exe was started as a protected...