Disable: 'Lsass.exe audit mode' for AuditLevel Enable auditing of Lsass.exe to evaluate feasibility of enabling LSA protection. For more information, see http://technet.microsoft.com/en-us/library/dn408187.aspx Counter Measure: Enable and configure this setting. Potential Impact: Some unprotected LSA processes will be unable to function.

[enable/disable]

(1) GPO: Computer ConfigurationAdministrative TemplatesSCM: Pass the Hash MitigationsLsass.exe audit mode (2) REG: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsLSASS.exeAuditLevel