If KB5007651 keeps reinstalling on your PC — sometimes every single day — you’re not alone.
Since early 2023, this Windows Security platform update has caused repeated installation loops, LSA protection warnings, blue screens, and endless “Pending” notifications across both Windows 10 and Windows 11 systems.
The good news? The issue is usually fixable in minutes.
This guide explains:
- What KB5007651 actually is
- Why it keeps reinstalling
- The 2023 LSA protection bug explained
- How to permanently fix the update loop
- What IT admins should know
- How to check your installed Windows Security platform version
What Is KB5007651?
KB5007651 is not a traditional cumulative Windows update.
Instead, it updates the Microsoft Defender Security platform — the underlying antimalware engine powering Microsoft Defender and the Windows Security app.
Key differences:
- Ships independently via Windows Update
- Has its own platform version number
- Updates monthly
- Applies to Windows 10 and Windows 11
Even though the KB number stays the same, the internal platform version changes each month — which is why you may see it appear repeatedly.
However, when the update fails to register properly, it creates a reinstallation loop.
Quick Fix: Stop the KB5007651 Reinstall Loop
If KB5007651 keeps coming back, follow these steps:
Step 1 — Temporarily Disable Third-Party Antivirus
If you use:
- Norton 360
- ESET NOD32
- Bitdefender GravityZone
- Or any non-Defender antivirus
Temporarily disable real-time protection before proceeding.
These programs often disable parts of the Defender engine, preventing KB5007651 from completing its registration.
Step 2 — Stop Windows Update Services
Open Command Prompt as Administrator and run:
net stop wuauserv
net stop bits
Step 3 — Clear the Windows Update Cache
Navigate to:
C:\Windows\SoftwareDistribution\
Delete everything inside the folder.
This removes cached update metadata and forces a clean re-download.
Step 4 — Restart Services
Run:
net start wuauserv
net start bits
Step 5 — Check for Updates Again
Go to:
Settings → Windows Update → Check for updates
Let KB5007651 reinstall.
Reboot when prompted.
Step 6 — Re-enable Antivirus
Turn your third-party antivirus back on after restart.
If the update does not reappear on the next scan, the loop is resolved.
Why KB5007651 Keeps Reinstalling
The root cause varies by system configuration, but common triggers include:
1. Defender Registration Failure
The update installs at the system level but fails to fully register with the Microsoft.SecHealthUI component (the Windows Security app).
When this happens, Windows Update still flags the update as incomplete.
2. Third-Party Antivirus Conflicts
Many enterprise security tools disable the Defender antivirus engine entirely.
KB5007651 attempts to update components that are turned off — causing Windows to retry indefinitely.
This is particularly common in:
- Managed enterprise environments
- Systems using endpoint protection suites
- Devices controlled via RMM platforms
3. No Active User Session
A lesser-known issue: KB5007651 may require an interactive user login to finalize registration.
If installed during:
- Maintenance windows
- Remote patch deployment
- Automated overnight updates
…the update may log as successful in Event Viewer but reappear on the next scan.
This behavior has been widely observed on Windows 11 devices.
The 2023 LSA Protection Bug (What Went Wrong)
In February 2023, version 1.0.2302.21002 introduced a major issue on Windows 11 22H2.
After installing the update, users saw:
“Local Security Authority protection is off. Your device may be vulnerable.”
Even after enabling the toggle and rebooting, the warning returned.
The issue was tied to missing registry entries under:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
Specifically:
- RunAsPPL was present
- RunAsPPLBoot was missing
This caused Windows Security to falsely report LSA protection as disabled.
Microsoft acknowledged the issue in March 2023 and listed it on the Windows Health Dashboard.
The April 2023 Attempted Fix (And New Problems)
A follow-up build introduced:
- Hardware-enforced stack protection
- Kernel-mode security enhancements
But it also triggered:
- Blue screens (BSOD)
- App crashes
- SecurityHealthService.exe failures
Microsoft paused rollout and issued additional revisions.
Final Resolution
The LSA loop was fully resolved in July 2023 with version 1.0.2306.10002.
After that release:
- LSA toggle functioned normally
- False warnings stopped
- Stability improved
However, isolated reinstallation loops have continued into 2025 and 2026.
Latest KB5007651 Platform Versions (Microsoft Update Catalog)
Recent releases include:
| Version | Release Date | Size |
|---|---|---|
| 10.0.29429.1000 | October 14, 2025 | 37.9 MB |
| 10.0.27840.1000 | May 22, 2025 | 37.9 MB |
| 10.0.27703.1006 | January 8, 2025 | 37.6 MB |
The KB number remains KB5007651, but the internal platform version increases monthly.
If a previous version fails to register properly, Windows will continuously attempt to apply the newer one.
How to Check Your Installed Windows Security Platform Version
- Open Windows Security
- Click the gear icon (Settings)
- Select About
- Locate the Security Platform Version number
Compare it with the version offered in Windows Update.
If they match but the update still reappears, clearing the SoftwareDistribution folder remains the most reliable fix.
Enterprise & Managed Environment Considerations
IT admins using:
- NinjaRMM
- Microsoft Intune
- WSUS
- Other patch management systems
Should note:
- KB5007651 may report as failed without active user logon
- Interactive sessions may be required for SecHealthUI registration
- Systems using full Defender replacement products may cycle the update indefinitely
In environments where Defender AV is intentionally disabled, the repeated KB5007651 offering may be cosmetic rather than functional.
Admins can:
- Suppress the update via patch tools
- Schedule installs during logged-in hours
- Trigger compliance scans after user login
Why This Update Causes So Much Frustration
KB5007651 isn’t broken by design — but it interacts with:
- Defender’s modular architecture
- Third-party AV replacement behavior
- Windows Security UI registration
- Registry-based LSA enforcement
- Enterprise update orchestration
That complexity makes it uniquely prone to looping behavior.
Final Thoughts:
The severe LSA protection bug is long resolved.
But reinstallation loops still occur — particularly on:
- Systems with third-party antivirus
- Enterprise-managed devices
- PCs updated during non-interactive sessions
Fortunately, resetting the Windows Update cache fixes the issue in most cases.
If KB5007651 keeps reinstalling on your system, follow the SoftwareDistribution reset steps outlined above. It remains the most dependable solution.
And if you'd like to go a step further in supporting us, you can treat us to a virtual coffee ☕️. Thank you for your support ❤️!
We do not support or promote any form of piracy, copyright infringement, or illegal use of software, video content, or digital resources.
Any mention of third-party sites, tools, or platforms is purely for informational purposes. It is the responsibility of each reader to comply with the laws in their country, as well as the terms of use of the services mentioned.
We strongly encourage the use of legal, open-source, or official solutions in a responsible manner.
Comments