Forum Discussion

jth's avatar
jth
Occasional Contributor
2 years ago

Latest 1P update and ASR rules (blocking LSASS access)

Hi, we use ASR (attack surface reduction) rules in our M365 environment to...reduce our attack surface. One of those rules is "Block credential stealing from the Windows local security authority subsystem" and we just had a slew of events blocked when we tried to install the latest version of 1P in our environment. Anyone notice this or had any issues from similar?

1Password Version: 8.10.27
Extension Version: Not Provided
OS Version: Win11
Browser: Not Provided

windows

3 Replies

  • 1P_Dave's avatar
    1P_Dave
    Icon for Moderator rankModerator
    2 years ago

    jth

    Thank you for posting the Support ID. I've located your email and one of my colleagues will send you a reply as soon as possible. Please continue the conversation there.

    Since we have a communication channel open via email, I'm closing this thread.

    -Dave

    ref: MSG-31431-818

  • jth's avatar
    jth
    Occasional Contributor
    2 years ago

    Hey 1P_Dave - thanks for the reply. Support ID is MSG-31431-818.

  • 1P_Dave's avatar
    1P_Dave
    Icon for Moderator rankModerator
    2 years ago

    Hello jth! 👋

    Thank you for reaching out. I'm not familiar with any issues that could be caused by the latest update, are you able to share more about the nature of the events that were blocked?

    If you don't want to post that information to the public forum then can you send an email to support+forum@1Password.com with more information regarding the the alerts that you've received (such as a screenshot) and a link to this thread. After emailing in, you'll receive a reply from BitBot, our friendly robot assistant with a Support ID that looks something like [#ABC-12345-678]. Post that here, and I'll be able to locate your message and make sure it's gotten to the right place. 🙂

    -Dave