7,023 questions
Hi,
Which method or tool you have used to protect your processes
did you used this : https://learn.microsoft.com/en-us/windows/win32/services/protecting-anti-malware-services-
any screenshot
Curl fails to connect to proxy server with NTLM auth when called from a protected process
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(102.4, 12%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EP%3C/text%3E%3C/svg%3E)
pkk077
1
Reputation point
Hi folks,
We have a protected service which needs to connect to our backend servers through a proxy server which supports only one method of authentication - NTLM. We use CURL to make the connection but inside CURL, the API acquirecredentialshandle--ntlm fails with an error SEC_E_UNSUPPORTED_FUNCTION. When I make the same call from the same service NOT running as protected process, the call succeeds.
The error is being returned from within the process i.e., LSASS is not being called in the failure case. My only guess so far is that probably protected processes are not allowed to use NTLM but I can't find it stated anywhere.
Please help.
Thanks.
Windows for business Windows Client for IT Pros Directory services Active Directory
Windows for business Windows Server User experience Other
20,212 questions
2 answers
Sort by: Most helpful
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(208, 4%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EP%3C/text%3E%3C/svg%3E)
PMT 86 Reputation points2022-03-03T13:59:02.083+00:00 -
pkk077 1 Reputation point
2022-03-03T14:15:11.067+00:00 Yes. Ours is an anti-malware service and we have our ELAM driver and signatures etc used to register the service as a protected service.
There are no screenshots of the problem.
Sign in to comment -
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(67.2, 68%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ELT%3C/text%3E%3C/svg%3E)
Limitless Technology 44,751 Reputation points2022-03-08T13:03:40.807+00:00 Hi @pkk077
SEC_E_UNSUPPORTED_FUNCTION indicates a potential mismatch between security policy settings on the client and server computers. I am not sure that protected processes are not allowed to use NTLM.
But for the stated error message ensure that the "Network security: Minimum session security for NTLM SSP based (including secure RPC) clients" policy settings on the computers from which users log on are the same as "Network security: Minimum session security for NTLM SSP based (including secure RPC) servers" policy settings on the server.
On your Group Policy Editor, expand Local Policies under Computer Configuration and select Security Options. Scroll Down and find the following policies:
-Network security: Minimum session security for NTLM SSP based (including secure RPC) clients
-Network security: Minimum session security for NTLM SSP based (including secure RPC) serversChange both policies to have "Require 128-bit encryption" checked
Hope this resolves your Query!!
--
--If the reply is helpful, please Upvote and Accept it as an answer–-
pkk077 1 Reputation point
2022-03-08T13:23:22.713+00:00 Hi @Limitless Technology ,
Thank you for your answer.
I will verify the difference between secpol settings on client and server computers however note that the connection does go through when I run my program as a regular process (as opposed to a protected process). Thus I believe computer level settings most probably are not the root cause.
Thanks.
Sign in to comment -