Forum Discussion
Defender for Endpoint ASR Rules lsass.exe
Hello everybody, I have follow issues. I have configure a ASR Rule on the Endpoint Manager but the problem is that I get in my company over 400 Block Detection in the Defender Portal in one week ...
For a quick check go to Microsoft 365 Defender > Reports > Attack surface reduction rules and under Block credential stealing from the Windows local security authority subsystem (Lsaas.exe) look for the Source app. For more detailed info will need to use the Advanced hunting query.
