OfficeClickToRun attempt to gain access to lsass.exe
Good afternoon! I am an engineer in the ASTEL monitoring sector. We encountered such a problem that the SIEM system registered an attempt to gain access to lsass.exe (a critical Windows OS process responsible for managing security policies, authenticating users, and storing credentials). The executable file that triggers this process is OfficeClickToRun.exe (C:\Program Files\Common Files\Microsoft Shared\ClickToRun\Updates\16.0.18227.20162\OfficeClickToRun.exe ). We are contacting you because we want to make sure that these actions are legitimate. Please tell me if this process is really (OfficeClickToRun.exe ) must refer to lsass.exe ? If I have to contact the authorization process, what exactly are the actions being carried out? Sincerely, Muratuly Sayan, ASTEL Monitoring Sector Engineer.