
Search filename

Download

File information

Database statistics

Total:	809,521
Whitelist:	252,181

Top process list

	svchost.exe
	iexplore.exe
	csrss.exe
	rundll32.exe
	lsass.exe
	alg.exe
	wuauclt.exe
	ccapp.exe
	explorer.exe
	ctfmon.exe
	spoolsv.exe
	services.exe
	smss.exe
	jusched.exe
	winlogon.exe
	mdm.exe
	rthdcpl.exe
	hkcmd.exe
	msascui.exe
	alcxmntr.exe

What is Lsass.exe

Local Security Authority Process - Microsoft� Windows� Operating System - Microsoft Corporation

Run a Free Scan for LSASS.EXE related errors

File description

Lsass.exe with description Local Security Authority Process is a process file from company Microsoft Corporation belonging to product Microsoft� Windows� Operating System.
The file is digitally signed from Microsoft Windows - Microsoft Time-Stamp Service
We do not recommend removing digitally signed files from Microsoft Windows

What is lsass.exe?
Lsass.exe is by Microsoft's definition, the Local Security Authentication Server. Its purpose is to validate attempts to log on to your machine. If the login is successful, it generates the user's access token and uses it to launch the shell (explorer.exe). Any processes the user launches will also inherit this token.

Due to the critical nature of this process, it cannot be stopped from the task manager. The screenshot below illustrates how it should appear in the task manager:

Notice that lsass.exe always runs as SYSTEM.

Dangers of lsass
Due to the critical nature of this process and the fact that it runs on all Windows NT-based systems (including Windows 2000, XP, and Vista), it is common for virus writers and spyware vendors to make their malware appear as though it is the genuine one.

Some malicious files may have the same name but will be stored somewhere other than in %SystemRoot%\System32. Other malware will use a name that appears similar to it but with slight differences in spelling or with appended digits. These include:

Isass.exe (starts with a capital i)
lsasss.exe (the Sasser worm)

If you are able to terminate the process from the task manager, the process is not the legitimate one. Furthermore, there will never be more than one copy of this process running at a given time.

Common problems

Error message "lsass.exe. system error" on startup

This error is caused by the Sasser worm. This error may prevent you from logging in. Try booting into safe mode to run a scan if possible. After removal, a repair installation of Windows may be necessary to restore functionality.

This process uses an excessive amount of CPU time

There are a myriad causes for lsass to use too much CPU time; however, the most common cause was addressed by a Windows update back in 2006. Ensure that your system is up to date.

Automatic startup locations

	001 Running Processes
	002 Autorun registry entries local machine
	003 Autorun registry entries Current User
	004 All users startup startmenu
	005 Current user startup startmenu
	007 Roaming Start Menu\Programs\Startup
	008 Autorun registry entries Default user
	009 Autorun registry entries SYSTEM user
	010 Installed services
	011 Installed drivers
	012 Autorun registry entries S-1-5-XX users
	033 Winlogon Userinit
	034 Winlogon Shell
	035 Active Setup Installed Components
	037 Winlogon System
	060 Shell ServiceObjectDelayLoad
	065 Image File Execution Options (debugger)
	121 AppInit_DLLs
	135 Current User Runonce (+ subkeys)
	153 HKLM Drivers32\Midi
	167 HKLM Policies\Explorer\Run

Digital signatures found for this file

	Signer of certificate	Issuer of certificate
	Microsoft Windows	Microsoft Time-Stamp Service
	Microsoft Windows	Microsoft Timestamping Service
	Microsoft Windows	VeriSign Time Stamping Services Signer
	Microsoft Windows 2000 Publisher	NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
	Microsoft Windows 2000 Publisher	VeriSign Time Stamping Service
	Microsoft Windows 2000 Publisher	VeriSign Time Stamping Service CA SW1
	Microsoft Windows 2000 Publisher	VeriSign Time Stamping Services Signer
	Microsoft Windows 2000 Publisher (Europe)	VeriSign Time Stamping Service
	Microsoft Windows 2000 Publisher (Europe)	VeriSign Time Stamping Service CA SW1
	Microsoft Windows Component Publisher	Microsoft Timestamping Service
	Microsoft Windows Publisher	VeriSign Time Stamping Services Signer
	Microsoft Windows XP Publisher	VeriSign Time Stamping Service
	Microsoft Windows XP Publisher	VeriSign Time Stamping Services Signer
	Microsoft Windows XP Publisher (Europe)	VeriSign Time Stamping Service

MD5 security rating in our database

		279	files (Not yet rated and not signed)
		7	files (Safe and not signed)
		276	files (Safe and digitally signed)
		1	files ( malware and not signed)

Some versions of this file are spyware, a virus or other malware.

Warning: Some malware might rename itself to lsass.exe. Always make sure that your file is from a verified publisher.

Application errors

Fix lsass.exe application error: Run a FREE registry scan

User comments.

I had the lsass.exe issue on XP sp-2 pro editing.I tried a scan in safe mode and that removed svchost.exe and i had to repaired OS.Ended up formating and reinstalling OS .So beaware of this lsass.exe error

Surendra Dawane .

Please add your comments if you have more information about this file or if you know how to solve lsass.exe application errors.

File rating :

Are you human? How much is 17+16:

Browse files by letter

More system processes

lsasss.exe	lsassv.exe	lsaus.exe
lsbackup.exe	lsbcmnds.sys	lsbuilder.exe
lsburnwatcher.exe	lsc.exe	LscaGui.exe
LScanPort.exe	lscape.exe	lscass.dll