lsass.exe good or bad

Posted on 2012-08-11
Last Modified: 2013-11-22
watching "processes" via taskmgr, I keep seeing lsass.exe come up. What is that and is it ok?  I did a google search and am not sure it's a good is the one with and "L", but lower case l as in lsass.exe.
Question by:wfcrr

    Author Comment

    so, thought I would try "end process" via task manager. As soon as I did that, Win7Pro OS said it had encountered a critical error and had to restart itself.  Makes me wonder if that process is part of the OS or what?  The article I read said it is a bad process?
    LVL 10

    Assisted Solution

    lsass.exe is a system service.
    There are anyway a lot of known viruses that will alter it ,which means that it has to be healed!
    If not successful then via installing HD on another PC.
    Any good antivirus would detect any altered lsass.exe
    So if what makes suspect is only that sometimes it consumes CPU percentage ,then it is normal. If most of the time on 100%  it is a problem.
    LVL 29

    Accepted Solution

    If it is running from this location, C:\Windows\system32\lsass.exe, it is genuine and required for system to run properly.

    Further you may like to use something better than Windows Task Manager. Process Hacker or Process Explorer.



    Process Hacker:

    LVL 38

    Expert Comment

    Please be careful of making this kind of comment: "Any good antivirus would detect any altered lsass.exe".

    There are so many known and unknown variants of malware that it is really a stretch to make that claim.

    Use the information recommended by SSharma and identify the actual file. Any suspicious/unknown files can be uploaded and scanned at:

    Featured Post

    How to run any project with ease

    Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
    - Combine task lists, docs, spreadsheets, and chat in one
    - View and edit from mobile/offline
    - Cut down on emails

    Join & Write a Comment

    Cybersecurity has become the buzzword of recent years and years to come. The inventions of cloud infrastructure and the Internet of Things has made us question our online safety. Let us explore how cloud- enabled cybersecurity can help us with our b…
    Transferring data across the virtual world became simpler but protecting it is becoming a real security challenge.  How to approach cyber security  in today's business world!
    Migrating to Microsoft Office 365 is becoming increasingly popular for organizations both large and small. If you have made the leap to Microsoft’s cloud platform, you know that you will need to create a corporate email signature for your Office 365…
    This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor ( If you're looking for how to monitor bandwidth using netflow or packet s…

    746 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    16 Experts available now in Live!

    Get 1:1 Help Now