Thanks for reaching out to community.
This looks like we need to carry out investigation with our Engineering.
Can you kindly open an SR with us and we can have this investigation checked out from our Engineering level?
If you want to harden ENS against Minikatz, create an expert role that restricts memory reads against LSASS. You will have to tune it a lot initially, but then you should be able to start blocking. It will frustrate red teams, I promise. 🙂
Just receive an update from McAfee PSIRT Team:
The Beta release of CTP you identified should offer some protection against this type of attack. It is disabled by default. We would have reached out to you next week once it had been in the field for a couple of weeks to ask you turn it on. We don’t like to offer Beta releases as a possible solution to a vulnerability until we’ve seen results from the telemetry.
New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.
Thousands of customers use our Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership: