You are viewing limited content. For full access, please sign in.

Question

Question

Laserfiche privilege escalation activity in Active Directory

Laserfiche Self-Hosted Security Directory Server
Updated November 18, 2024
asked on November 15, 2024

We detected some privilege escalation activity in Active Directory coming from our Laserfiche server (the server's AD object, not the service account LFDS uses to synchronize Active Directory). Is this normal behavior? Has anyone else experienced this? What is doing this, and can I disable it somehow?

0 0

Answer

APPROVED ANSWER
replied on November 15, 2024

Kevin, please open a support case and gives more details so we can look into it ASAP.

4 0
replied on November 18, 2024

In general, if you detect potentially malicious activity coming from any of your Laserfiche servers:

  1. Immediately initiate your cybersecurity incident investigation and response procedures. Do not wait for a response on Answers, in a support case etc. to begin this.
     
  2. If there are any questions about the activity being potentially legitimate Laserfiche application behavior, open a Laserfiche support case. Be as detailed as possible and include all applicable evidence up front to avoid unnecessary back-and-forth exchanges in a time sensitive situation.
4 0

Replies

You are not allowed to reply in this post.
You are not allowed to follow up in this post.

Sign in to reply to this post.

Details
Related Posts
Loading ...