The security team at a customer of mine recently received alerts on 2 Domain Controllers and they requested clarification.
It appears that this executable:
- C:\Program Files\Commvault\ContentStore\CVMedia\11.0.0\Windows\ThirdParty\CVInstallThirdParty\GenProcessModuleInfo.exe
Has accessed this service in Windows:
- C:\Windows\system32\lsass.exe
Both machines run daily AD and FS system state backups for a long time now.
The current version is 11.30.32
Any ideas please?