App Control Console : Enabling Mimikatz Protection Rapid Config generates false positives
book
Article ID: 288437
calendar_today
Updated On:
Products
Carbon Black App Control (formerly Cb Protection)
Issue/Introduction
Enabling Mimikatz Protection Rapid Config generates false positives
Environment
- App Control Console : All versions
Cause
By default Mimikatz Rapid Config, will only exclude default windows processes
Resolution
Any legitimate processes deemed as good/false positive can be excluded as follows :
- Login to the App Control console.
- Navigate to Rules > Software Rules > Rapid Configs
- Edit "Mimikatz Protection" Rapid Config
- Add the processes to be excluded to 'Exception Processes Allowed To Read Lsass.Exe Memory'
- Save
Feedback
thumb_up
Yes
thumb_down
No