Skip to main content
jth
March 8, 2024
Question

Latest 1P update and ASR rules (blocking LSASS access)

  • March 8, 2024
  • 3 replies
  • 117 views

Hi, we use ASR (attack surface reduction) rules in our M365 environment to...reduce our attack surface. One of those rules is "Block credential stealing from the Windows local security authority subsystem" and we just had a slew of events blocked when we tried to install the latest version of 1P in our environment. Anyone notice this or had any issues from similar?


1Password Version: 8.10.27
Extension Version: Not Provided
OS Version: Win11
Browser: Not Provided

3 replies

1P_Dave
1Password Employee
March 13, 2024

Hello @jth! 👋

Thank you for reaching out. I'm not familiar with any issues that could be caused by the latest update, are you able to share more about the nature of the events that were blocked?

If you don't want to post that information to the public forum then can you send an email to support+forum@1Password.com with more information regarding the the alerts that you've received (such as a screenshot) and a link to this thread. After emailing in, you'll receive a reply from BitBot, our friendly robot assistant with a Support ID that looks something like [#ABC-12345-678]. Post that here, and I'll be able to locate your message and make sure it's gotten to the right place. 🙂

-Dave

jth
jthAuthor
March 26, 2024

Hey @1P_Dave - thanks for the reply. Support ID is MSG-31431-818.

1P_Dave
1Password Employee
March 26, 2024

@jth

Thank you for posting the Support ID. I've located your email and one of my colleagues will send you a reply as soon as possible. Please continue the conversation there.

Since we have a communication channel open via email, I'm closing this thread.

-Dave

ref: MSG-31431-818