Main menu

Pages

Windows is now changes in Microsoft Defender to prevent your password theft

Windows is now changes in Microsoft Defender to prevent your password theft


 Passwords are one of the most important items in our personal data, as they provide access to basic systems such as social networks or services online.



This is why it is always necessary to be careful when we mark messages where our personal data is asked and accompanied by links to access and execute any action requires entry of this data. Often, this strategy has made some electronic criminals to get our data and naught with us.

With this, Microsoft integrated new security function in its own tools of Microsoft Defender to deal with electronic attacks focusing on obtaining user credentials in windows through the LSAs process (service of the server of the local security authority).


One of the most widely used methodslak methodslak and credentials obtained for administrator privileges, which benefit them to process the process lsass and make a memory dump.


In this Dump memory procedure, NTLM is corresponding to Windows support data for those users to log on to your computer. These items are forced to create or use normal test passwords to start retail passengers to sign another device.


On the other hand, there is a program called mimikikatz to use internet criminals to delete NTLM fragments for a lsass. However, this tool can be neutralized by Microsoft Defender, to its blocking.


However, there is a way that can override this protection, which causes a discharge of LSAs memory on a remote device without risk. By doing so, Microsoft has taken its task to make improvements in Microsoft defender, so that the memory dump is not allowed by the LSAs process.


This is how Microsoft resolution has been taken from the execution of a reduction of surface surface (ASR) automatically in Microsoft Defender so that helps reduce Windows credentials and thus avoid a conflict resulting from a credential guard.


In this sense, the incompatible attribute of this rule will change to the configuration and ban will be set as default mode, while the rest of ASR will keep its configuration as it is.

Windows is now changes in Microsoft Defender to prevent your password theft