Forum Discussion
ASR Rule generating lot of noise
I'm looking to implement ASR Rules in our environment. so far all rules are working as expected except "Block credential stealing from the Windows local security authority subsystem (lsass.exe)" and ...
Hello there there is no option to configure the ASR rule to only block/audit malicious processes. ASR rule blocks/audit all processes which incorrectly try to obtain this info from the lsass service.