Page 1 of 1
SDAC installer reading lsass.exe process memory
Posted: Wed 06 May 2020 14:02
Our AV (Carbon Black) was triggered by the SDAC installer. It seems to be reading the lsass.exe process' memory where Windows credentials are kept. Is this intended and why is it needed?
Some screenshots for further detail:
Re: SDAC installer reading lsass.exe process memory
Posted: Tue 12 May 2020 15:37
During SDAC installation, we don't read the lsass.exe process' memory. SDAC installer was developed using InnoSetup, which might use that process, though we're not sure as it's a third-party tool.
Our users haven't reported issues with antivirus alerts during the installation so far.