[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

lsass.exe good or bad

Posted on 2012-08-11
4
Medium Priority
?
568 Views
Last Modified: 2013-11-22
watching "processes" via taskmgr, I keep seeing lsass.exe come up. What is that and is it ok?  I did a google search and am not sure it's a good thing.....it is the one with and "L", but lower case l as in lsass.exe.
0
Comment
Question by:wfcrr
4 Comments
 

Author Comment

by:wfcrr
ID: 38284203
so, thought I would try "end process" via task manager. As soon as I did that, Win7Pro OS said it had encountered a critical error and had to restart itself.  Makes me wonder if that process is part of the OS or what?  The article I read said it is a bad process?

http://www.processlibrary.com/directory/files/isass/20527/
0
 
LVL 10

Assisted Solution

by:aboo_s
aboo_s earned 1000 total points
ID: 38284223
lsass.exe is a system service.
There are anyway a lot of known viruses that will alter it ,which means that it has to be healed!
If not successful then via installing HD on another PC.
Any good antivirus would detect any altered lsass.exe
So if what makes suspect is only that sometimes it consumes CPU percentage ,then it is normal. If most of the time on 100%  it is a problem.
0
 
LVL 30

Accepted Solution

by:
Sudeep Sharma earned 1000 total points
ID: 38284228
If it is running from this location, C:\Windows\system32\lsass.exe, it is genuine and required for system to run properly.


Further you may like to use something better than Windows Task Manager. Process Hacker or Process Explorer.

Download:
http://download.sysinternals.com/Files/ProcessExplorer.zip

Info:
http://technet.microsoft.com/en-us/sysinternals/bb896653

or
Process Hacker:
http://processhacker.sourceforge.net/

Sudeep
0
 
LVL 38

Expert Comment

by:younghv
ID: 38284452
Please be careful of making this kind of comment: "Any good antivirus would detect any altered lsass.exe".

There are so many known and unknown variants of malware that it is really a stretch to make that claim.

Use the information recommended by SSharma and identify the actual file. Any suspicious/unknown files can be uploaded and scanned at:

http://virusscan.jotti.org/en
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

SHARE your personal details only on a NEED to basis. Take CHARGE and SECURE your IDENTITY. How do I then PROTECT myself and stay in charge of my own Personal details (and) - MY own WAY...
Curious about the latest ransomware attack? Check out our timeline of events surrounding the spread of this new virus along with tips on how to mitigate the damage.
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
Suggested Courses

872 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question