Operational Defect Database
BugZero updated this defect 40 days ago.
Data sources
All data on this page is proprietary to BugZero® or gathered from public sources
VMware | 83937
HUBW-5396 Unable to deploy user context app or script that requires admin privilege when certain Attack Surface Reduction rule is applied
Last update date:
4/10/2024
Affected products:
Workspace ONE
Affected releases:
No affected releases provided.
Fixed releases:
No fixed releases provided.
Description:
Symptoms
You are not able to install application or PowerShell script in user-context with admin privilege when the devices have the following Attack Surface Reduction (ASR) Rule applied: Block credential stealing from the Windows local security authority subsystem (lsass.exe) Deployment Log will show the following error:ExecuteAsync: Elevated token creation failed. Error 'Access is denied', -2147467259 Version Identified VMware Workspace ONE UEM 2101+VMware SFD Agent 2101+
Resolution
Our Product team has been notified and is actively working to resolve the issue.
Workaround
You can use the following steps to exclude VMware SFD Agent executable from ASR rules. Create a Windows Device Context Custom XML profileCreate a Custom Settings payloadPaste the following content to the "Install Settings" field. Make sure Target is set to OMA DM ClientProvide an unique UUID for the CmdID <Replace> <CmdID>df90b8d4-bffa-11eb-8529-0242ac130003</CmdID> <Item> <Target> <LocURI>./Vendor/MSFT/Policy/Config/Defender/AttackSurfaceReductionOnlyExclusions</LocURI> </Target> <Meta> <Format xmlns="syncml:metinf">chr</Format> </Meta> <Data>C:\Program Files\VMware\SfdAgent\VMware.Hub.SfdAgent.DeployCmd.exe</Data> </Item> </Replace> Paste the following content to the "Remove Settings" field Provide an unique UUID for the CmdID <Delete> <CmdID>df90b8d4-bffa-11eb-8529-0242ac130003</CmdID> <Item> <Target> <LocURI>./Vendor/MSFT/Policy/Config/Defender/AttackSurfaceReductionOnlyExclusions</LocURI> </Target> <Meta> <Format xmlns="syncml:metinf">chr</Format> </Meta> <Data>C:\Program Files\VMware\SfdAgent\VMware.Hub.SfdAgent.DeployCmd.exe</Data> </Item> </Delete> Exhibit 1.
