BugZero updated this defect 40 days ago.
Data sources
All data on this page is proprietary to BugZero® or gathered from public sources
4/10/2024
Workspace ONE
No affected releases provided.
No fixed releases provided.
You are not able to install application or PowerShell script in user-context with admin privilege when the devices have the following Attack Surface Reduction (ASR) Rule applied: Block credential stealing from the Windows local security authority subsystem (lsass.exe) Deployment Log will show the following error:ExecuteAsync: Elevated token creation failed. Error 'Access is denied', -2147467259 Version Identified VMware Workspace ONE UEM 2101+VMware SFD Agent 2101+
Our Product team has been notified and is actively working to resolve the issue.
You can use the following steps to exclude VMware SFD Agent executable from ASR rules. Create a Windows Device Context Custom XML profileCreate a Custom Settings payloadPaste the following content to the "Install Settings" field. Make sure Target is set to OMA DM ClientProvide an unique UUID for the CmdID <Replace> <CmdID>df90b8d4-bffa-11eb-8529-0242ac130003</CmdID> <Item> <Target> <LocURI>./Vendor/MSFT/Policy/Config/Defender/AttackSurfaceReductionOnlyExclusions</LocURI> </Target> <Meta> <Format xmlns="syncml:metinf">chr</Format> </Meta> <Data>C:\Program Files\VMware\SfdAgent\VMware.Hub.SfdAgent.DeployCmd.exe</Data> </Item> </Replace> Paste the following content to the "Remove Settings" field Provide an unique UUID for the CmdID <Delete> <CmdID>df90b8d4-bffa-11eb-8529-0242ac130003</CmdID> <Item> <Target> <LocURI>./Vendor/MSFT/Policy/Config/Defender/AttackSurfaceReductionOnlyExclusions</LocURI> </Target> <Meta> <Format xmlns="syncml:metinf">chr</Format> </Meta> <Data>C:\Program Files\VMware\SfdAgent\VMware.Hub.SfdAgent.DeployCmd.exe</Data> </Item> </Delete> Exhibit 1.