This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Exploit Mitigation: Prevent Credential Theft / Prevent Privilege Escalation Exclusions?

We are attempting to run an Active Directory migration tool on our domain controllers, the migration tool is called Quest Migration Manager. 

Sophos was originally blocking some of the background processes with the software and throwing CredGuard errors in Event Viewer. After implementing a policy were it excluded several processes and folders with the software, the error in Event Viewer went away. The software is still not working properly, and after much testing it was revealed that when we had "Prevent Credential Theft" and "Prevent Privilege Escalation" unselected in the Runtime Protection>Protect Processes portion of the policy, the software works just fine.

Since this software would need to work on about 6 or 7 domain controllers, our organization is a bit apprehensive about disabling "Prevent Credential Theft" and "Prevent Privilege escalation" on our domain controllers. Does anyone have any idea on where to begin on where we could program an exclusion in for these two processes? 

I have just about every other crucial process with the software in a global exclusion policy but the software just won't work until "Prevent Credential Theft" and "Prevent Privilege escalation" are unchecked. 



This thread was automatically locked due to age.
Parents Reply Children
No Data