mjohnsonn
-
Posts
2 -
Joined
-
Last visited
Posts posted by mjohnsonn
-
-
Microsemi's (Adaptec) maxView Storage Manager Agent software requires the following registry key:
HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\StorMan
CCleaner offers to delete it during fix. If not excluded, the maxView Agent will fail to run and you cannot manage your Adaptec RAID controllers via the maxView GUI. Perhaps this could be viewed as Adaptec doing something odd rather than a CCleaner bug, but Adaptec is a rather big dog and messing up RAID controller management presents some rather big problems.
Microsoft Exploit Guard has blocked an operation
in CCleaner Bug Reporting
Posted · Edited by mjohnsonn
More info
The following warning appears in the Event log:
Log Name: Microsoft-Windows-Windows Defender/Operational
Source: Windows Defender
Event ID 1121
Microsoft Defender Exploit Guard has blocked an operation that is not allowed by your IT administrator.
For more information please contact your IT administrator.
ID: 9E6C4E1F-7D60-472F-BA1A-A39EF669E4B2
Detection time: 2020-12-11T01:57:18.185Z
User: XXXXXX-XXXXXX\xxxxxxxxxxx
Path: C:\Windows\System32\lsass.exe
Process Name: C:\Program Files\CCleaner\CCleaner64.exe
Security intelligence Version: 1.329.181.0
Engine Version: 1.1.17700.4
Product Version: 4.18.2011.6
My workstation is running
Windows 10 Pro 20H2_19042.685
CCleaner v5.75.8238
Defender for Endpoint has all Attack Surface Reduction rules enabled. The GUID shown in the log entry corresponds to the ASR rule "Block credential stealing from the Windows security authority subsystem (lsass.exe)
What is causing the Exploit Guard to complain about the ASR rule and will this impact the operation of CCleaner or the OS?
Thanks