Lsass.exe audit modeID: oval:org.secpod.oval:def:35194 | Date: (C)2016-06-10 (M)2023-12-13 |
Class: COMPLIANCE | Family: windows |
Enable auditing of Lsass.exe to evaluate feasibility of enabling LSA protection. For more information, see http://technet.microsoft.com/en-us/library/dn408187.aspx
Counter Measure:
Enable and configure this setting.
Potential Impact:
Some unprotected LSA processes will be unable to function.
Fix:
(1) GPO: Computer Configuration\Administrative Templates\SCM: Pass the Hash Mitigations\Lsass.exe audit mode
(2) REG: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\LSASS.exe!AuditLevel
Platform: |
Microsoft Windows 10 |