mjohnsonn Posted December 11, 2020 Share Posted December 11, 2020 (edited) The following warning appears in the Event log: Log Name: Microsoft-Windows-Windows Defender/Operational Source: Windows Defender Event ID 1121 Microsoft Defender Exploit Guard has blocked an operation that is not allowed by your IT administrator. For more information please contact your IT administrator. ID: 9E6C4E1F-7D60-472F-BA1A-A39EF669E4B2 Detection time: 2020-12-11T01:57:18.185Z User: XXXXXX-XXXXXX\xxxxxxxxxxx Path: C:\Windows\System32\lsass.exe Process Name: C:\Program Files\CCleaner\CCleaner64.exe Security intelligence Version: 1.329.181.0 Engine Version: 1.1.17700.4 Product Version: 4.18.2011.6 My workstation is running Windows 10 Pro 20H2_19042.685 CCleaner v5.75.8238 Defender for Endpoint has all Attack Surface Reduction rules enabled. The GUID shown in the log entry corresponds to the ASR rule "Block credential stealing from the Windows security authority subsystem (lsass.exe) What is causing the Exploit Guard to complain about the ASR rule and will this impact the operation of CCleaner or the OS? Thanks Edited December 11, 2020 by mjohnsonn More info Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now