There is one client that does nothing else than reporting WipeGuard preventions.
Even for Sophos Processes. What's the use of that feature and log?
Initial Detection: WIN-MITRE-Behavioral-TA0040-T1561.002
Thanks for reaching out.
If the hotfix package has already been tried on the device, I suggest opening a support case with our team, as it looks like this may require development to get involved.
I suggest providing an SDU log as well as a copy of the folder "C:\Windows\CryptoGuard\reverted_xxx".
Thank you Qoosh I will install that HF on the machine.
Unfortunately that EP is still having the issue.
the latest files in the wipeguard dir are a year old.
05.07.2021 09:33 310 43F9D76E05.07.2021 09:33 310 05DA4EA810.09.2021 08:11 1.556.480 827ACE8E10.09.2021 08:11 1.982.464 DF3AEE0E
Thanks for following up.
Could you try the following steps to generate a dump file when the detection occurs?
Enable Process Dump via Command Prompt
setx /m HMPA_DUMP_PROCESS_ON_ALERT "1"
If this process still does not generate a dump file, we can also try using Procdump.
procdump..exe -ma -i