We'd love to hear about it! Click here to go to the product suggestion community
After I joint the EAP program for InterceptX, it start to block the programs ASE.exe file, see below:
What happened: We prevented credential theft in Advanced SystemCare Where it happened: LAMB-WIN7-AW Path: C:\Program Files\IObit\Advanced SystemCare\ASC.exe What was detected: CredGuard
I presume you also had an alert in Central. Have you tried to set a global exemption, or policy specific exemption.
In Central there is evidence of this alert in a number of places, e.g the events tab of a device.:
If this is deemed not to be suspicious behaviour you can make an exemption based on this alert.
In Central - This can be made as:
In either case the dialog box is the same and you should see an entry for this detection as shown below:
Let us know if this resolves the issue.
Yes it helped to add the exclusion.
It will be great to know, why it was detected as credential theft.
In reply to MichaelD:
We have seen cases where particular software access the SAM in a "non-standard" way (i.e. not using MS recommended techniques). CredGuard detects that as suspicious behaviour, hence the alert. I suspect this may have been the case. But that is why we have the ability for customers to add exclusions - as well us controlling global exclusions.