An application has been identified by the LSASS Credentials Harvesting Module.
What is the recommended approach to excluding the application?
An application has been identified by the LSASS Credentials Harvesting Module.
What is the recommended approach to excluding the application?
To exclude an application that has been identified by the LSASS Credentials Harvesting Module, the recommended approach is to directly exclude the application within the LSASS Credentials Harvesting module. This allows for specific exclusions related to LSASS validation without impacting other protections or validations in place by the application.
The correct answer is C: Exclude the application within the LSASS Credentials Harvesting module. In v23.11.1 is possible to configure the application exceptions from LSASS validation directly on LSASS CH module screen when enabled. The A and B options exclude the application from ALL EPM VALIDATIONS. This is not asked for in the question.
The answer is C. https://docs.cyberark.com/EPM/Latest/en/Content/Policies/ConfigureThreatProtection-NewUI.htm
B. Add the application to the Files to be Ignored Always in Agent Configurations. The recommended approach to excluding an application that has been identified by the LSASS Credentials Harvesting Module in CyberArk EPM (Endpoint Privilege Manager) is to add the application to the "Files to be Ignored Always" list in Agent Configurations. By adding the application to this list, you are instructing EPM to ignore this application's behavior, even if it is flagged by certain modules like the LSASS Credentials Harvesting Module. This helps prevent false positives and ensures that legitimate applications are not unnecessarily blocked or restricted.
correct
correct answer is a To view global excluded applications, go to Agent Configuration > Threat Protection > Excluded Applications. https://docs.cyberark.com/EPM/22.12.0/en/Content/EPM/Server%20User%20Guide/ConfigureThreatProtection.htm