Mar 29 2022 12:03 AM
Hello everybody,
I have follow issues. I have configure a ASR Rule on the Endpoint Manager but the problem is that I get in my company over 400 Block Detection in the Defender Portal in one week the Detected File is "Block credential stealing from the Windows local security authority subsystem (lsass.exe).
Since last Thursday I configure the Propertie "Block credential stealing from the Windows local security authority subsystem (lsass.exe)" from Blocked to audited but the Rule blocked farther.
What is the Problem ?
Thanks in advice
Soufiane
Mar 29 2022 05:18 AM
Mar 29 2022 07:46 AM
Mar 29 2022 08:28 AM
Mar 30 2022 01:55 AM