A user encountered an issue where C:\Program Files\ControlUp\Cu4Compliance\cu4csvc.exe was being blocked by an ASR rule. They suggested that this be added to the documentation on the support site and a discussion about this update will happen internally. Two key locations for CU4C functionality are C:\Program Files\ControlUp\CU4C and C:\ProgramData\ControlUp\CU4C. To further address security concerns, a user is referred to a relevant Knowledge Base article.
Read the entire ‘Security concerns regarding ControlUp CU4C’ thread below:
Good day,
One of our system admins concerned me with the folllowing. Has anyone else noticed this? Or might have an answer to what might be the cause of this?
C:\Program Files\ControlUp\Cu4Compliance\cu4csvc.exe was blocked by the Attack Surface Reduction (ASR) rule "Block credential stealing from the Windows local security authority subsystem (lsass.exe)".
There is nothing mentioned about this in the documentation ControlUp for Compliance (Secure DX) Overview.
Questions:
Why is C:\Program Files\ControlUp\Cu4Compliance\cu4csvc.exe being blocked by the Attack Surface Reduction rule Block credential stealing from the Windows local security authority subsystem (lsass.exe)?
It seems useful if ControlUp would include this in their documentation on the support site.
Hi @member thanks for reaching out. Yes I agree out documentation needs some additional refinement around these different scans and detections, and did raise this internally a short time ago let me include your comments into the discuss and come back to you.
There are two key locations were things happen that are key to the functionality of CU4C
C:\Program Files\ControlUp\CU4C
C:\ProgramData\ControlUp\CU4C
Also please make sure you are aware of this KB – https://support.controlup.com/docs/perform-security-checks-to-test-your-security-controls
Continue reading and comment on the thread ‘Security concerns regarding ControlUp for Compliance’. Not a member? Join Here!
Categories: All Archives, ControlUp for Compliance