01-08-2025 06:33 AM - edited 01-08-2025 06:36 AM
We currently have deployed LSA Protection and code integrity in Windows 11 (build 24H2).
Cortex XDR agent 8.6.0 is installed. When trying to load a DLL from another security tool (Ivanti Device and Application Control), Code Integrity is blocking the action with the following error:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Palo Alto Networks\Traps\cyserver.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\sxwmon64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Antimalware signing requirements are documented here, and the following statement may be related : Protecting anti-malware services - Win32 apps | Microsoft Learn
The user-mode service that needs to be launched as protected must be signed with valid certificates. The service EXE must be page hash signed, and any non-Windows DLLs that get loaded into the service must be also signed with the same certificates. The hash of these certificates must be added into the resource file, which will be linked into the ELAM driver.
Any recommendation?
Thank you
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
