| Winstep Forums http://forums.winstep.net/phpBB2/ |
|
| Cisco AMP blocks process http://forums.winstep.net/phpBB2/viewtopic.php?f=2&t=11506 |
Page 1 of 1 |
| Author: | justposted [ Mon Nov 02, 2020 10:35 am ] |
| Post subject: | Cisco AMP blocks process |
I`ve just reinstalled Nexus Ultimate on my work laptop, i.e. a machine over which I have limited control. When I install it I get this message: "System Process Protection was triggered by WsxService.exe (PID 11552) attempting to access lsass.exe (PID 420). The action was blocked." It appears to run without issues after that, and IT haven`t contacted me with any concerns, but I thought I`d raise it here in case there`s anything that can be done. |
|
| Author: | winstep [ Mon Nov 02, 2020 11:00 am ] |
| Post subject: | Re: Cisco AMP blocks process |
WsxService.exe is the service used by the main Winstep application(s) to do ANYTHING that requires admin rights to perform (e.g.; install theme fonts, sync the system clock with internet time servers, obtain cpu and memory usage information on high privilege processes so it can be displayed by the CPU and RAM modules, etc...) By delegating these functions to an external service, the main application doesn't need to run with high privileges, which - and this time rightfully so - would be a MAJOR security catastrophe, as anything launched from a high privilege application will itself run with high privileges (imagine launching a browser session with admin privileges, fastest way to get your system p0wned, iykes, eheh). So, if WsxService is blocked by Cisco Amp the Winstep application might not be able to do any of the things listed above that require admin privileges. |
|
| Page 1 of 1 | All times are UTC |
| Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group http://www.phpbb.com/ |
|