Forum Discussion

Soufiane_Barhmouni's avatar
Soufiane_Barhmouni
Copper Contributor
Mar 29, 2022

Defender for Endpoint ASR Rules lsass.exe

Hello everybody,

 

I have follow issues. I have configure a ASR Rule on the Endpoint Manager but the problem is that I get in my company over 400 Block Detection in the Defender Portal in one week the Detected File is "Block credential stealing from the Windows local security authority subsystem (lsass.exe).

Since last Thursday I configure the Propertie "Block credential stealing from the Windows local security authority subsystem (lsass.exe)" from Blocked to audited but the Rule blocked farther.

 

What is the Problem ?

 

Thanks in advice

Soufiane 

Resources