Forum Discussion
Solved
ASR Exception for Block Credential Stealing rule
Hi, We want to apply the ASR rule 'Block credential stealing from the Windows local security authority subsystem (lsass.exe)' with exceptions for a trusted executable as the source app. However, i...
- This is and will always be lsass.exe, because this process is accessed from other apps to enumerate users.
Even though you see thousand of alerts there, you can put this on block most times. Not being able to enumerate users via lsass.exe does not stop 99 of 100 apps to work properly.
Test it out with on device in advance.
This is and will always be lsass.exe, because this process is accessed from other apps to enumerate users.
Even though you see thousand of alerts there, you can put this on block most times. Not being able to enumerate users via lsass.exe does not stop 99 of 100 apps to work properly.
Test it out with on device in advance.
Even though you see thousand of alerts there, you can put this on block most times. Not being able to enumerate users via lsass.exe does not stop 99 of 100 apps to work properly.
Test it out with on device in advance.
Thank you Aexlz.