According to MS announcement, on some devices running on Windows 11 with version 21H2 or 22H2 after installed “KB5007651 – Update for Microsoft Defender Antivirus antimalware platform”, you might receive a security notification or warning says “Local Security protection is off. Your device may be vulnerable”. Even if you tried several times to re-enable it or re-enable Memory integrity and reboot device the message still persistent.
How to fix this
To fix this issue you may just simply dismiss warning notification and ignore any additional notifications prompting for a restart as long as you have enabled Local Security Authority (LSA) protection in Windows Defender. You can verify that LSA protection is enabled by looking in Event Viewer > Windows Logs > System > Filter Current Log > select “WinInit” under event sources > check whether have a log says “12: LSASS.exe was started as a protected process with level: 4”.
However, if your device running Windows 11 OS without join Windows Insider Program you may found the log displayed not same as above. But you can find another one that state, “Credential Guard was started and will protect LSA credentials”.
This is a known issue with only impacted to Windows 11 client with version 21H2 and 22H2. Resolved by Microsoft on the beginning of May.
