My firewall is always asking my permission to allow a program named as ‘lsass.exe’ to access the internet. So it has come to my concern what exactly this program is.
After some kind of research, I’ve found out that is a system process of the Windows security mechanisms called Local Security Authority Service. This program specifically handle the local security policy on the system. It is a Windows critical process that verifies users logging on to a Windows computer or server, deals with password changes, and creates access tokens. It also writes to the Windows Security Log.
An significant note about this program is it shouldn’t be terminated due to it importance for the stable and secure running of the computer.
The other issue is viral infection issue. There are some other malicious program out there named exactly or similarly to the name of lsass.exe. Under normal circumstances, the lsass.exe program should reside in the folder C:\Windows\System32. However in the other events that lsass.exe appears to be a virus, spyware, trojan or worm, most probably it will rest in the other location of your system. Take note that some viruses tend to fool people eyes by called something like ‘Isass.exe’. Lsass.exe (lsass) and Isass.exe (isass) is not the same but looks like same. They can be mixed up and confuse people. Well, the conclusion is: lsass is good, isass is bad.
As mentioned above, a completely innocent system process and a dangerous virus might come with exactly the same name. Fear not but keep your eyes open. Virus removal information can help determining whether you’re dealing with fake lsass.exe or not.
Another method of determining whether the program is a kind one, simply use Windows Explorer to check the date of the file against other files in C:\Windows\System32. If you find lots of files with the same date it usually means it’s a required Windows file.
Powered by ScribeFire.
