Chrome installation failed due to ExploitGuard block

Hi all,

found a solution. If anyone is also interested in installing Google Chrome Enterprise with Intune as MSI and have also Windows Defender fully activated

-------

especially ExploitGuard & CredentialGuard or at least the option in the Intune Endpoint Protection Profile >> Endpoint protection > Windows Defender Exploit Guard > Attack Surface Reduction > Flag credential stealing from the Windows local security authority subsystem = Enable

-------

Here is the Mitigation.xml which is working (working - not perfect)

Intune Endpoint Protection Profile >> Endpoint protection > Windows Defender Exploit Guard > Exploit protection

<?xml version="1.0" encoding="UTF-8"?>
<MitigationPolicy>
<AppConfig Executable="GoogleUpdate.exe">
<DEP Enable="true" EmulateAtlThunks="false" />
<ASLR ForceRelocateImages="false" RequireInfo="false" BottomUp="true" HighEntropy="true" />
<StrictHandle Enable="false" />
<SystemCalls DisableWin32kSystemCalls="false" />
<ExtensionPoints DisableExtensionPoints="false" />
<DynamicCode BlockDynamicCode="false" AllowThreadsToOptOut="false" />
<ControlFlowGuard Enable="true" SuppressExports="false" />
<SignedBinaries MicrosoftSignedOnly="false" AllowStoreSignedBinaries="false" EnforceModuleDependencySigning="false" />
<Fonts DisableNonSystemFonts="false" AuditOnly="false" Audit="false" />
<ImageLoad BlockRemoteImageLoads="false" BlockLowLabelImageLoads="false" />
<Payload EnableExportAddressFilter="false" EnableExportAddressFilterPlus="false" EnableImportAddressFilter="false" EnableRopStackPivot="false" EnableRopCallerCheck="false" EnableRopSimExec="false" />
<SEHOP Enable="true" TelemetryOnly="false" />
<Heap TerminateOnError="true" />
<ChildProcess DisallowChildProcessCreation="false" />
</AppConfig>
</MitigationPolicy>

If anyone know which option allows the access to lassas.exe please reply.