Lsass.exe file description |
Lsass.exe with description Local Security Authority Process is a process file from company Microsoft Corporation belonging to product Microsoft® Windows® Operating System.
In total there are 16 launchpoints for this file including "Running processes".
There are 15 different variations of the file in our database and the file is
digitally signed from Microsoft Windows - Microsoft Time-Stamp Service
We do not recommend removing digitally signed files from Microsoft Windows
What is lsass.exe?
Lsass.exe is by Microsoft's definition, the Local Security Authentication Server. Its purpose is to validate attempts to log on to your machine. If the login is successful, it generates the user's access token and uses it to launch the shell (explorer.exe). Any processes the user launches will also inherit this token.
Due to the critical nature of this process, it cannot be stopped from the task manager. The screenshot below illustrates how it should appear in the task manager:
Notice that lsass.exe always runs as SYSTEM.
Dangers of lsass
Due to the critical nature of this process and the fact that it runs on all Windows NT-based systems (including Windows 2000, XP, and Vista), it is common for virus writers and spyware vendors to make their malware appear as though it is the genuine one.
Some malicious files may have the same name but will be stored somewhere other than in %SystemRoot%\System32. Other malware will use a name that appears similar to it but with slight differences in spelling or with appended digits. These include:
- Isass.exe (starts with a capital i)
- lsasss.exe (the Sasser worm)
If you are able to terminate the process from the task manager, the process is not the legitimate one. Furthermore, there will never be more than one copy of this process running at a given time.
Common problems
- Error message "lsass.exe. system error" on startup
- This error is caused by the Sasser worm. This error may prevent you from logging in. Try booting into safe mode to run a scan if possible. After removal, a repair installation of Windows may be necessary to restore functionality.
- This process uses an excessive amount of CPU time
- There are a myriad causes for lsass to use too much CPU time; however, the most common cause was addressed by a Windows update back in 2006. Ensure that your system is up to date.
|
Automatic startup locations |
 |
001 Running Processes |
 |
002 Autorun registry entries local machine |
|
003 Autorun registry entries Current User |
 |
004 All users startup startmenu |
|
005 Current user startup startmenu |
 |
010 Installed services |
 |
011 Installed drivers |
 |
033 Winlogon Userinit |
|
034 Winlogon Shell |
|
035 Active Setup Installed Components |
 |
037 Winlogon System |
|
060 Shell ServiceObjectDelayLoad |
|
065 Image File Execution Options (debugger) |
 |
121 AppInit_DLLs |
|
135 Current User Runonce (+ subkeys) |
|
167 HKLM Policies\Explorer\Run |
|
File versions in our database |
| |
Company |
Version |
Size |
 |
n/a |
n/a |
4294967295 |
|
Microsoft Corporation |
5.00.2195.7011 |
4294967295 |
|
Microsoft Corporation |
5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) |
4294967295 |
|
n/a |
n/a |
27276830 |
|
n/a |
n/a |
22919198 |
|
n/a |
n/a |
7759386 |
|
WT Software |
2.00 |
6905856 |
|
n/a |
n/a |
3460220 |
|
TI Software |
1.06.0005 |
2908160 |
|
TI Software |
1.06.0001 |
2904064 |
|
TI Software |
1.05.0015 |
2887680 |
|
n/a |
n/a |
2122267 |
|
n/a |
n/a |
724993 |
|
Microsoft |
1.0.0.0 |
616973 |
|
n/a |
0.0.0.0 |
551669 |
|
|
Digital signatures found for this file |
| |
Signer of certificate |
Issuer of certificate |
 |
Microsoft Windows |
Microsoft Time-Stamp Service |
|
Microsoft Windows |
Microsoft Timestamping Service |
|
Microsoft Windows |
VeriSign Time Stamping Services Signer |
|
Microsoft Windows 2000 Publisher |
NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc. |
|
Microsoft Windows 2000 Publisher |
VeriSign Time Stamping Service |
|
Microsoft Windows 2000 Publisher |
VeriSign Time Stamping Services Signer |
|
Microsoft Windows 2000 Publisher (Europe) |
VeriSign Time Stamping Service |
|
Microsoft Windows 2000 Publisher (Europe) |
VeriSign Time Stamping Service CA SW1 |
|
Microsoft Windows Component Publisher |
Microsoft Timestamping Service |
|
Microsoft Windows Publisher |
VeriSign Time Stamping Services Signer |
|
Microsoft Windows XP Publisher |
VeriSign Time Stamping Service |
|
Microsoft Windows XP Publisher |
VeriSign Time Stamping Services Signer |
|
Microsoft Windows XP Publisher (Europe) |
VeriSign Time Stamping Service |
|
|
MD5 security rating in our database |
 |
 |
|
194 |
files (Not yet rated
and
not
signed) |
 |
|
8 |
files (Safe
and
not
signed) |
|
|
251 |
files (Safe
and
digitally
signed) |
 |
|
1 |
files (
malware
and
not
signed) |
|
|
|
Some versions of this file are spyware, a virus or other malware.
|
Fix lsass.exe application error: Run a free registry scan
Warning: Some malware might rename itself to lsass.exe. Always make sure that your file is from a verified publisher. |
|
| User comments for Lsass.exe |
 |
I had the lsass.exe issue on XP sp-2 pro editing.I tried a scan in safe mode and that removed svchost.exe and i had to repaired OS.Ended up formating and reinstalling OS .So beaware of this lsass.exe error
Surendra Dawane . |
|
|
Database statistics
Top process list
