Revision as of 07:44, 12 March 2016 edit 50.113.70.100 (talk) →See also: added link to stuxnet page, stuxnet disguises itself as lsass.exe ← Previous edit		Revision as of 12:22, 24 May 2016 edit undo My Chemistry romantic (talk \| contribs) Extended confirmed users, Pending changes reviewers 10,628 edits m Filling in 2 references using Reflinks Tag: Dispenser [1.0] Next edit →
Line 1: {{Refimprove\|date=July 2009}} '''Local Security Authority Subsystem Service''' ('''LSASS''') is a [[Process (computing)\|process]] in [[Microsoft Windows]] [[operating system]]s that is responsible for enforcing the [[security policy]] on the system. It verifies users logging on to a Windows computer or server, handles password changes, and creates [[access token]]s.<ref>{{cite web\|url=http://ss64.com/nt/syntax-services.html \|title=Windows 7 Services \| Windows CMD \|publisher=SS64.com \|date= \|accessdate=2016-05-24}}</ref> It also writes to the [[Windows Security Log]]. Forcible termination of <tt>lsass.exe</tt> will result in the Welcome screen losing its account/s, prompting a restart of the machine. Because lsass.exe is a crucial system file, its name is often faked by malware. The lsass.exe file used by Windows is located in the [[~~Directory_~~Directory (computing)\|directory]] Windows\System32. If it is running from any other ___location, that lsass.exe is most likely a virus, spyware, trojan or [[Worm (computing)\|worm]]. Due to the way some systems display fonts, malicious developers may name the file something like Isass.exe (capital "i" instead of a lowercase "L") in efforts to trick users into installing or executing a malicious file instead of the trusted system file. <ref>{{cite web\|url=http://www.errorboss.com/exe-files/lsass-exe/ \|title=The Best Way To Remove Lsass.exe Virus - Fix Lsass Process \|publisher=Errorboss.com \|date= \|accessdate=2016-05-24}}</ref> ==See also==

Local Security Authority Subsystem Service: Difference between revisions