Our AV (Carbon Black) was triggered by the SDAC installer. It seems to be reading the lsass.exe process' memory where Windows credentials are kept. Is this intended and why is it needed?
Some screenshots for further detail:
SDAC installer reading lsass.exe process memory
SDAC installer reading lsass.exe process memory
Hi,
Our AV (Carbon Black) was triggered by the SDAC installer. It seems to be reading the lsass.exe process' memory where Windows credentials are kept. Is this intended and why is it needed?
Some screenshots for further detail:
Our AV (Carbon Black) was triggered by the SDAC installer. It seems to be reading the lsass.exe process' memory where Windows credentials are kept. Is this intended and why is it needed?
Some screenshots for further detail:
Re: SDAC installer reading lsass.exe process memory
During SDAC installation, we don't read the lsass.exe process' memory. SDAC installer was developed using InnoSetup, which might use that process, though we're not sure as it's a third-party tool.
Our users haven't reported issues with antivirus alerts during the installation so far.
Our users haven't reported issues with antivirus alerts during the installation so far.