ZSATunnel.exe and LSASS

We’re trying to enable Windows Defender ASR rules and one of the rules blocks processes from stealing credentials from LSASS.

ZSATunnel.exe is the only application that shows up when audit mode is enabled. Can you please advise if blocking ZSATunnel.exe from LSASS will impact any Z-App functionality? Thanks.

Hi @FelixT ,

ZSATunnel is the service responsible for creating a tunnel and sending traffic to Zscaler, so yes, blocking the ZSATunnel service will impact Z-App functionality.

Here is a link that details the client connector processes:
https://help.zscaler.com/zscaler-client-connector/locating-where-zscaler-client-connector-installed

Why does the ZSATunnel trying to access LSASS?