Quantcast
Channel: Active questions tagged windows - Super User
Viewing all articles
Browse latest Browse all 9593

Creation of the Policy.vpol file by the lsass.exe process

$
0
0

I discovered an EventID 11 (Microsoft-Windows-Sysmon/Operational) event in the Windows logs, in which the Policy.vpol file is created by the process C:\Windows\system32\lsass.exe on behalf of the system user (NT AUTHORITY\System)

How to check if this activity is legitimate?

If the activity is illegitimate, what impact might it have?


Viewing all articles
Browse latest Browse all 9593

Trending Articles