Latest 1P update and ASR rules (blocking LSASS access)

jth
jth
Community Member
edited March 26 in Windows

Hi, we use ASR (attack surface reduction) rules in our M365 environment to...reduce our attack surface. One of those rules is "Block credential stealing from the Windows local security authority subsystem" and we just had a slew of events blocked when we tried to install the latest version of 1P in our environment. Anyone notice this or had any issues from similar?

1Password Version: 8.10.27
Extension Version: Not Provided
OS Version: Win11
Browser: Not Provided

Comments

  • Dave_1P
    Dave_1P

    Hello @jth! 👋

    Thank you for reaching out. I'm not familiar with any issues that could be caused by the latest update, are you able to share more about the nature of the events that were blocked?

    If you don't want to post that information to the public forum then can you send an email to support+forum@1Password.com with more information regarding the the alerts that you've received (such as a screenshot) and a link to this thread. After emailing in, you'll receive a reply from BitBot, our friendly robot assistant with a Support ID that looks something like [#ABC-12345-678]. Post that here, and I'll be able to locate your message and make sure it's gotten to the right place. 🙂

    -Dave

  • jth
    jth
    Community Member

    Hey @Dave_1P - thanks for the reply. Support ID is MSG-31431-818.

  • Dave_1P
    Dave_1P
    edited March 26

    @jth

    Thank you for posting the Support ID. I've located your email and one of my colleagues will send you a reply as soon as possible. Please continue the conversation there.

    Since we have a communication channel open via email, I'm closing this thread.

    -Dave

    ref: MSG-31431-818

This discussion has been closed.