Quantcast
Channel: Active questions tagged windows - Super User
Viewing all articles
Browse latest Browse all 9648

Creation of the Policy.vpol file by the lsass.exe process

$
0
0

I discovered an EventID 11 (Microsoft-Windows-Sysmon/Operational) event in the Windows logs, in which the Policy.vpol file is created by the process C:\Windows\system32\lsass.exe on behalf of the system user (NT AUTHORITY\System)

How to check if this activity is legitimate?

If the activity is illegitimate, what impact might it have?


Viewing all articles
Browse latest Browse all 9648

Trending Articles