Clients with Windows Defender installed on their Windows Servers running Quest Active Directory Password Sync (Copy) that utilizes LSASS may stop operating without warning.
The following error may be found in the Directory Sync Pro profile logs:
VirtualAllocEx failed: 5
Microsoft is enabling a Microsoft Defender 'Attack Surface Reduction' security rule by default to block hackers' attempts to steal Windows credentials from the LSASS process.
Exclusions must be performed on the DC and Dirsync Agent server
Customer must exclude files and folders from being evaluated by most attack surface reduction rules. This means even if an ASR rule determines the file or folder contains malicious behavior, it will not block the file from running.
You can also exclude ASR rules from triggering based on certificate and file hashes by allowing specified Defender for Endpoint file and certificate indicators. (See Manage indicators.)
For more information, please see Microsoft’s documentation, Enable attack surface reduction rules | Microsoft Docs.