Microsoft’s Attack Surface Reduction is blocking something in Syncro every week: C:\Program Files\RepairTech\LiveAgent\SyncroLive.Agent.Runner.exe
Specifically is says: rule: block credential stealing from the windows local security authority subsystem (lsass.exe)
Can anyone shed light on this?
There is a lot more information about this in the thread here: Microsoft Defender for Endpoint ASR Rule Flagging SyncroLive.Agent.Runner.exe - #5 by itsupport5
TLDR; The SyncroLive agent is old code and does have a vulnerability as described in that thread. You would need to decide whether or not to accept the risk in your environment.
