5 Replies Latest reply: Feb 18, 2015 7:07 AM by ansarias RSS

    LSM.EXE has started to trigger Access Protection:Terminate

    eobiont

      recently, I have had a large number of machines start triggering Access Protection: Prevent Termination with the offending process LSM.EXE.

       

      This process is part of the Windows OS.  To be certain, I collected the LSM.exe file from two different machines that triggered AP and submitted them to VirusTotal.  Both 100% clean.  So I assume it is a false positive, but I want to figure out why it is something new and see if anyone else sees this or whether people have already added System32/LSM.exe to the ignored processes for prevent termination AP rule.

       

      I have recently been upgrading machines to the 5600 engine, and the September MS patches would have recently gone on.  Also, some of these machines may have recently updated from 8.8 RTM to 8.8 Patch 2.

       

      Anyone else?