<div>
i would try to compare the files lsass.exe between VDI and physical device.<br />
(you need the same OS-version and patchlevel)<br />
Please let us know the result ...<br />
<br />
<a href="https://www.diffnow.com/compare-files" rel="ugc">https://www.diffnow.com/compare-files</a>
</div>


i would try to compare the files lsass.exe between VDI and physical device.
(you need the same OS-version and patchlevel)
Please let us know the result ...

https://www.diffnow.com/compare-files [https://www.diffnow.com/compare-files]

<div>
<div class="content wysiwyg-content">
We have a VDI environment and receiving the following error:<br />
<br />
Cisco AMP alert: &nbsp;lsass.exe (high alert)<br />
<br />
Reason: Process module is not clean and not signed<br />
File full path: C:\Windows\System32\lsass.<wbr />exe<br />
<br />
Up until a couple of weeks ago, we were not receiving this alert or maybe the Cisco AMP got introduced into this environment. &nbsp;I see multiple alerts for only our VDI machines and not seeing the alert for our other machines. &nbsp;How can I determine this is valid or not?
</div>
</div>


We have a VDI environment and receiving the following error:

Cisco AMP alert:  lsass.exe (high alert)

Reason: Process module is not clean and not signed
File full path: C:\Windows\System32\lsass.exe

Up until a couple of weeks ago, we were not receiving this alert or maybe the Cisco AMP got introduced into this environment.  I see multiple alerts for only our VDI machines and not seeing the alert for our other machines.  How can I determine this is valid or not?

VDI (lsass.exe) security alert

A vulnerability is a weakness which allows an attacker to reduce a system's information assurance. Vulnerability is the intersection of three elements: a system susceptibility or flaw, attacker access to the flaw, and attacker capability to exploit the flaw. To exploit a vulnerability, an attacker must have at least one applicable tool or technique that can connect to a system weakness, known as the attack surface. Vulnerability management is the cyclical practice of identifying, classifying, remediating, and mitigating vulnerabilities. Other vulnerabilities include security risks, security defects and constructs in programming languages that are difficult to use properly.

Vulnerabilities

The Microsoft Server topic includes all of the legacy versions of the operating system, including the Windows NT 3.1, NT 3.5, NT 4.0 and Windows 2000 and Windows Home Server versions.

Microsoft Server OS

Cisco PIX is a dedicated hardware firewall appliance; the Cisco Adaptive Security Appliance (ASA) is a firewall and anti-malware security appliance that provides unified threat management and protection the PIX does not. Other Cisco devices and systems include routers, switches, storage networking, wireless and the software and hardware for PIX Firewall Manager (PFM), PIX Device Manager (PDM) and Adaptive Security Device Manager (ASDM).

Cisco

VMware, a software company founded in 1998,  was one of the first commercially successful companies to offer x86 virtualization. The storage company EMC purchased VMware in 1994. Dell Technologies acquired EMC in 2016. VMware’s parent company is now Dell Technologies.

VMware has many software products that run on desktops, Microsoft Windows, Linux, and macOS, which allows the virtualizing of the x86 architecture.  Its enterprise software hypervisor for servers, VMware vSphere Hypervisor (ESXi), is a bare-metal hypervisor that runs directly on the server hardware and does not require an additional underlying operating system.