#18906 (Bug) ASR rule + DisplayCAL-apply-profiles.exe
DisplayCAL-apply-profiles.exe seems to trigger “Block credential stealing from the Windows local security authority subsystem (lsass.exe)”. I want to enable this rule (now it is in audit mode) to block any potential bad guys/software.
Info on this ASR rule: https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard
This link could helpful to solve this mystery: https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Interpreting-Exploit-Guard-ASR-audit-alerts/ba-p/228366
2019-07-26 015344 (image/png | 2019-07-26 01:59:30)