We see the Zabbix service crash on random servers (windows 2019 & 2022) at random times. There is nothing shown in the Zabbix log. I'm fairly certain ASR is involved.
In the System Event log we see that the Zabbix service terminated unexpectedly.
In the Windows Defender Operation Event log, we see a Warning from Defender Exploit Guard that it has blocked an operation.

Microsoft Defender Exploit Guard has blocked an operation that is not allowed by your IT administrator.
For more information please contact your IT administrator.
User: NT AUTHORITY\SYSTEM
Path: C:\Program Files\Zabbix Agent 2\zabbix_agent2.exe
Process Name: C:\Windows\System32\lsass.exe
Target Commandline:
Parent Commandline:
Involved File:
Inheritance Flags: 0x00000000
Security intelligence Version: 1.443.31.0
Engine Version: 1.1.25110.1
Product Version: 4.18.25110.5

Zabbix agent 2 version is 7.0.21.2400 and was installed from fresh by command line. (Config file was generated by install). Reducing the number of servers to one did not help.

msiexec.exe /l*v "C:\zabbix.log" /i "D:\Install Sources\Zabbix\zabbix_agent2-7.0.21-windows-amd64-openssl.msi" /qn+ SERVER=FQDNServer1,FQDNServer2 HOSTNAME=%computername% LISTENPORT=10050 TLSCONNECT=psk TLSACCEPT=psk etc..

Why would (Microsoft Defender for Endpoint) EDR block zabbix_agentd.exe for "LSASS credential stealing"? What does the Zabbix agent access that it would trigger this block?