Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Security Apps
Hard_Configurator Tools
ConfigureDefender utility for Windows 10
Message
<blockquote data-quote="Andy Ful" data-source="post: 738158" data-attributes="member: 32260"><p>Finally, I managed to confirm that the <span style="color: rgb(65, 168, 95)"><strong>ASR rule:</strong></span></p><p><span style="color: rgb(65, 168, 95)"><strong>Block credential stealing from the Windows local security authority subsystem (lsass.exe)</strong></span></p><p>works on my computer. This rule was totally silent until today, when I noticed that it blocked</p><p>C:\Windows\System32\taskhostw.exe from accessing lsass.exe.</p><p>Next, I downloaded the tool <a href="https://securityxploded.com/remotedll.php" target="_blank">Remote DLL : Simple & Free Tool to Inject or Remove DLL from Remote Process | www.SecurityXploded.com</a> and ran it with admin rights. When I tried to choose the target process for injection, Windows showed the blocking alert, and I could see that lsass.exe is missing on the list of available target processes.</p><p>In the Event Viewer (Event Id 1121) I could check that C:\Program Files (x86)\SecurityXploded\Remote DLL\RemoteDll64.exe could not access lsass.exe.</p><p>As in the case of some other ASR rules, this rule woke up after some reboots. I tested it before with RemoteDll and there was not any blocking alert.</p></blockquote><p></p>
[QUOTE="Andy Ful, post: 738158, member: 32260"] Finally, I managed to confirm that the [COLOR=rgb(65, 168, 95)][B]ASR rule:[/B] [B]Block credential stealing from the Windows local security authority subsystem (lsass.exe)[/B][/COLOR] works on my computer. This rule was totally silent until today, when I noticed that it blocked C:\Windows\System32\taskhostw.exe from accessing lsass.exe. Next, I downloaded the tool [URL='https://securityxploded.com/remotedll.php']Remote DLL : Simple & Free Tool to Inject or Remove DLL from Remote Process | www.SecurityXploded.com[/URL] and ran it with admin rights. When I tried to choose the target process for injection, Windows showed the blocking alert, and I could see that lsass.exe is missing on the list of available target processes. In the Event Viewer (Event Id 1121) I could check that C:\Program Files (x86)\SecurityXploded\Remote DLL\RemoteDll64.exe could not access lsass.exe. As in the case of some other ASR rules, this rule woke up after some reboots. I tested it before with RemoteDll and there was not any blocking alert. [/QUOTE]
Insert quotes…
Verification
Post reply
Top