LSA Protection Mode Compatibility with Citrix and Apple Applicatons RRS feed

  • Question

  • We are trying to enable LSA Protection as part of a Pass the Hash mitigation strategy. We have enabled LSA auditing mode across the organization and have found that the following drivers are not signed as part of the WHQL certification program.

    Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements or violated code integrity policy

    Program Files (x86)\Citrix\ICA Client\x64\pnsson.dll that did not meet the Microsoft signing level requirements or violated code integrity policy

    It appears there is no way to white list a driver with LSA Protection mode and that its all or nothing. As these are very common client applications their could be large impact to end users. Has anyone found a way to work around this and turn on LSA Protection mode. 

    Friday, February 2, 2018 6:00 PM

All replies