Technology Software

What is Process Lsass.exe?

exe" by Microsoft's definition is the Local Security Authentication Server.
It verifies the validity of user logons to your PC or server machine hosting Windows OS.
If the login is successful, it is responsible for generating the user access's token which in turn launches the shell process explorer.
This process is performed by using authentication packages such as the default Msgina.
Any processes the user launches will also inherit this token.
Due to the critical nature of this process, it is important for the stable and secure running of your computer and should not be terminated.
Note that lsass.
exe file is located in the System folder for Windows (9x/Me) or System32 folder for Windows (NT/2K/XP) and should not normally be in Startup folder.
Startup is located in the Program Files\Common Files folder.
In other cases, lsass.
exe is a virus, spyware, trojan or worm! Check this with Security Task Manager.
When lsass.
exe is found in the Startup folder or any other place, except the SystemRoot folder proceed to remove the file.
Due to the critical nature of this process and the fact that it runs on all Windows NT-based systems (including Windows 2000, XP, and Vista), it is common for virus writers and spyware vendors to make their malware appear as though it is the genuine one.
To check if you have any foreign lsass.
exe running on your computer in the background go to Windows Task Manager by pressing Ctrl + Shift + Esc and there should be only one process named lsass.
exe created by User Name SYSTEM.
Any other lsass.
exe with other usernames is not what it appears to be.
Some commonly known Lsass.
exe malware
  • W32.
    Worm - Symantec Corporation
  • W32.
    Worm (Lsasss.
    exe) - McAfee
  • W32.
    C@mm - Symantec Corporation
Common Problems involving lsass.
  • Error message "lsass.
    system error" on startup
  • This error is caused by the Sasser worm.
    This error may prevent you from logging in.
    Try booting into safe mode to run a scan if possible.
    After removal, a repair installation of Windows may be necessary to restore functionality.
  • This process uses an excessive amount of CPU time
  • There are a myriad causes for lsass to use too much CPU time; however, the most common cause was addressed by a Windows update back in 2006.
    Ensure that your system is up to date.

Leave a reply