Reply to thread

Message

<blockquote data-quote="Freki123" data-source="post: 867344" data-attributes="member: 11229">[USER=32260]@Andy Ful[/USER]&nbsp; Is there a way to exclude only one exe/service from &quot;credential stealing lsass.exe&quot; protection?I don&#039;t want to exclude it from all protection via &quot;Manage ASR Exclusions&quot;. Tried whitelisting by hash as a test, didn&#039;t work.e.g: User: NT AUTHORITY\SYSTEMPath: C:\Windows\System32\lsass.exeProcess Name: C:\Program Files\Macrium\Common\MacriumService.exeI can run Max settings and the log is really quite with only one exeption: MacriumSo I don&#039;t want to disable the whole lsass.exe protection because one file is annoying. Is it possible?I know I could just turn it to &quot;high&quot; settings or disable &quot;lsass.exe&quot; protection but I prefer to know if there is a choice to make it work since I&#039;m curious <img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite109" alt=":)" title="Smile&nbsp; &nbsp; :)" loading="lazy" data-shortname=":)" /></blockquote>

[QUOTE="Freki123, post: 867344, member: 11229"] [USER=32260]@Andy Ful[/USER] Is there a way to exclude only one exe/service from "credential stealing lsass.exe" protection? I don't want to exclude it from all protection via "Manage ASR Exclusions". Tried whitelisting by hash as a test, didn't work. e.g: User: NT AUTHORITY\SYSTEM Path: C:\Windows\System32\lsass.exe Process Name: C:\Program Files\Macrium\Common\MacriumService.exe I can run Max settings and the log is really quite with only one exeption: Macrium So I don't want to disable the whole lsass.exe protection because one file is annoying. Is it possible? I know I could just turn it to "high" settings or disable "lsass.exe" protection but I prefer to know if there is a choice to make it work since I'm curious :) [/QUOTE]

Verification