Windows 10: Blocking credential stealing from lsass VS letting lsass free to operate?

Hi everyone, doubt here:One of the most recommended ASR rule to harden Windows is 'Block credential stealing from the Windows local security authority subsystem lsass.exe' So, I've set it to WARN, and since then I've received tons of notifications from Defender about that rule. I though it was right because lsass could be somehow vulnerable, so blocking it could be "safer" for my system.On the other hand I've read that lsass is crucial for Windows, and that I should let the process free to work properly.For this reason I tried to set the rule on AUDIT instead of WARN, and since then I neve

:)

 

Sasser worm, lsass

It actually detected a lot, but i believe it was a trojan who was attacking the "lsass" (it was actually from windows, the lsass)

This trojan was located in "C:/Windows/Temp/svchost.exe", i believe it was this.

Avg also detected a Adplugin, but i dont believe it was that.

 

Smart Card Login not working when LSASS is not disabled

Hy,

we are experiencing errors while logging in with Smart Card. Precisely it is error ID 5, but we tried to disable LSASS through Local Group Policy and it worked.

When LSASS is disabled the Smart Card Login is working normally. The problem is that I do not want to leave LSASS in a disabled state and I don't think that is a solution to the problem.

Anyone had the same problem maybe?

All idea's are welcome.

 

Sasser worm, lsass

So, hi.

I'm having a problem with what i think it's a "sasser worm", it is attacking a app called "lsass" and making it use 99% of my gpu, when i shut it down in the task manager it gets back to normal, but everytime i restart the PC it comes back, please help me...

By the way, i'm using windows 10, this started happening today.

my graphics card is an "asus R9 280", i'm almost sure u don't need to know it, but just to make sure..

ty.