Update: Microsoft has confirmed it has been fixed.
Microsoft may have quietly fixed a widespread issue that was affecting Windows Defender recently. Following multiple user reports and complaints, the company confirmed that a recent Defender update (KB5007651, version 1.0.2302.21002), released via March"s Patch Tuesday, led to an error that caused the Windows Security app to wrongly display Local Security Authority (or LSA) protection as disabled. This left users worried as the message would suggest that their devices could be vulnerable.
As a result of the bug, users were failing to toggle LSA protection to on as a device restart, which was prompted by the change. It would do nothing and revert the change automatically. In essence, LSA protection would remain disabled even after the PC was restarted as instructed by the Defender app.
Microsoft had provided a workaround for the issue, and it basically involved dismissing such warnings. However, the company may have since fixed the problem with a more recent Defender update (KB5007651).
According to Deskmodder, the new update, Windows Security Service version 1.0.2303.27001 has supposedly fixed the issue. The site suggests the issue was resolved by an update to "Kernel-mode Hardware-enforced Stack Protection" security feature present under Core Isolation (VBS). The feature was introduced with Windows 11 22H2. However,this update (KB5007651) was released nearly two weeks ago and Microsoft"s known issues dashboard still lists the bug as open. Hence, there may be more to the story here.
Elsewhere online, others are also noticing that the setting may be disabled by default (via Windows 11 forums), or it could be a bug. In order to use the Kernel-mode Hardware-enforced Stack Protection feature, Intel"s Control-flow Enforcement Technology (CET) or AMD Shadow Stack technology is required. Supported chips include Intel 11th Gen Tiger Lake or newer parts, or AMD Zen 3 and newer.