Detection of Advanced system care

After I joint the EAP program for InterceptX, it start to block the programs ASE.exe file, see below:

What happened: We prevented credential theft in Advanced SystemCare
Where it happened: LAMB-WIN7-AW
Path: C:\Program Files\IObit\Advanced SystemCare\ASC.exe
What was detected: CredGuard

  • Hi MichaelID,

     

    I presume you also had an alert in Central.  Have you tried to set a global exemption, or policy specific exemption.

    For example:

    In Central there is evidence of this alert in a number of places, e.g the events tab of a device.:

    If this is deemed not to be suspicious behaviour you can make an exemption based on this alert.

    In Central - This can be made as:

    In either case the dialog box is the same and you should see an entry for this detection as shown below:

    Let us know if this resolves the issue.

    Thanks

    Pedro

  • Yes it helped to add the exclusion.

    It will be great to know, why it was detected as credential theft.

  • In reply to MichaelD:

    We have seen cases where particular software access the SAM in a "non-standard" way (i.e. not using MS recommended techniques). CredGuard detects that as suspicious behaviour, hence the alert. I suspect this may have been the case. But that is why we have the ability for customers to add exclusions - as well us controlling global exclusions. 

     

    Thanks