Wikipedia

Local Security Authority Subsystem Service

This is an old revision of this page, as edited by 50.113.70.100 (talk) at 07:44, 12 March 2016 (See also: added link to stuxnet page, stuxnet disguises itself as lsass.exe). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

Local Security Authority Subsystem Service (LSASS) is a process in Microsoft Windows operating systems that is responsible for enforcing the security policy on the system. It verifies users logging on to a Windows computer or server, handles password changes, and creates access tokens.[1] It also writes to the Windows Security Log.

Forcible termination of lsass.exe will result in the Welcome screen losing its account/s, prompting a restart of the machine.

Because lsass.exe is a crucial system file, its name is often faked by malware. The lsass.exe file used by Windows is located in the directory Windows\System32. If it is running from any other ___location, that lsass.exe is most likely a virus, spyware, trojan or worm. Due to the way some systems display fonts, malicious developers may name the file something like Isass.exe (capital "i" instead of a lowercase "L") in efforts to trick users into installing or executing a malicious file instead of the trusted system file. [2]

See also

References

  1. ^ http://ss64.com/nt/syntax-services.html
  2. ^ http://www.errorboss.com/exe-files/lsass-exe/
 

This Microsoft Windows article is a stub. You can help Wikipedia by expanding it.

Retrieved from "https://en.wikipedia.org/w/index.php?title=Local_Security_Authority_Subsystem_Service&oldid=709661598"