topic Re: lsass.exe infection found by Anti-Malware. Unable to exclude in Endpoint https://community.checkpoint.com/t5/Endpoint/lsass-exe-infection-found-by-Anti-Malware-Unable-to-exclude/m-p/103430#M2791 <P>Please raise a TAC ticket to have it investigated, seems like an FP.</P> Thu, 26 Nov 2020 13:25:52 GMT Kobie_Bendalak 2020-11-26T13:25:52Z lsass.exe infection found by Anti-Malware. Unable to exclude https://community.checkpoint.com/t5/Endpoint/lsass-exe-infection-found-by-Anti-Malware-Unable-to-exclude/m-p/103423#M2790 <P>Hi everyone,</P><P>This is the situation. Endpoint security finds lsass.exe as an infection and cures it when RDP to a server.&nbsp;</P><P>&nbsp;</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="image.png" style="width: 500px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/9323iAF978339AC956AF8/image-size/large?v=v2&amp;px=999" role="button" title="image.png" alt="image.png" /></span></P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="image.png" style="width: 999px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/9322i89CD6120852A209B/image-size/large?v=v2&amp;px=999" role="button" title="image.png" alt="image.png" /></span></P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="image.png" style="width: 781px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/9320i3F36817EE7343F77/image-size/large?v=v2&amp;px=999" role="button" title="image.png" alt="image.png" /></span></P><P>&nbsp;</P><P>I have tried to exclude but it doesn't help</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="image.png" style="width: 372px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/9321iB60E8561369C5376/image-size/large?v=v2&amp;px=999" role="button" title="image.png" alt="image.png" /></span></P><P>&nbsp;</P><P>Any suggestions and also why does it react like this for RDP? Low confidence and low severity.&nbsp;</P> Thu, 26 Nov 2020 13:06:51 GMT https://community.checkpoint.com/t5/Endpoint/lsass-exe-infection-found-by-Anti-Malware-Unable-to-exclude/m-p/103423#M2790 ED 2020-11-26T13:06:51Z Re: lsass.exe infection found by Anti-Malware. Unable to exclude https://community.checkpoint.com/t5/Endpoint/lsass-exe-infection-found-by-Anti-Malware-Unable-to-exclude/m-p/103430#M2791 <P>Please raise a TAC ticket to have it investigated, seems like an FP.</P> Thu, 26 Nov 2020 13:25:52 GMT https://community.checkpoint.com/t5/Endpoint/lsass-exe-infection-found-by-Anti-Malware-Unable-to-exclude/m-p/103430#M2791 Kobie_Bendalak 2020-11-26T13:25:52Z