VersionsVersions

6.3.9600.16384 (winblue_rtm.130821-1623) 5.84%
6.3.9600.16384 (winblue_rtm.130821-1623) 0.08%
6.3.9431.0 (winmain_bluemp.130615-1214) 0.27%
6.3.9431.0 (winmain_bluemp.130615-1214) 0.01%
6.2.9200.16384 (win8_rtm.120725-1247) 1.06%
6.1.7601.17725 (win7sp1_gdr.111116-1503) 50.19%
6.1.7601.17725 (win7sp1_gdr.111116-1503) 23.12%
6.1.7600.16915 (win7_gdr.111116-1506) 4.38%
6.1.7600.16385 (win7_rtm.090713-1255) 10.09%
6.1.7600.16385 (win7_rtm.090713-1255) 4.84%
5.2.3790.1830 (srv03_sp1_rtm.050324-1447) 0.09%
5.2.3790.0 (srv03_rtm.030324-2048) 0.01%

Relationships

lsass.exe

Local Security Authority Process by Microsoft Corporation (Signed)

Remove lsass.exe
This is a Windows system installed file with Windows File Protection (WFP) enabled.

Overview

There are 12 versions of lsass.exe in the wild, the latest version being 6.3.9600.16384 (winblue_rtm.130821-1623). It is started as a Windows Service called 'IPSEC Services' with the name 'PolicyAgent' and described as “Provides end-to-end security between clients and servers on TCP/IP networks. If this service is stopped, TCP/IP security between clients and servers on the network will be impaired. If this service is disabled, any services that explicitly depend on it will fail to start.”. . In addition, it is run under the context of the SYSTEM account with extensive privileges (the administrator accounts have the same privileges). This is executed as a shared service (which simply means that this service can share a process with other Win32 services). The average file size is about 27.62 KB. The file is a digitally signed and issued to Microsoft Corporation by Microsoft Corporation. During the process's lifecycle, the typical CPU resource utilization is about 0.0047% including both foreground and background operations, the average private memory consumption is about 5.87 MB with the maximum memory reaching around 12.45 MB. Addionally, typically read and write I/O disk operations is about 1.29 KB per minute for reads and 3.3 KB per minute for writes.

What is lsass.exe?

Local Security Authority Subsystem Service (LSASS), is a process in Microsoft Windows operating systems that is responsible for enforcing the security policy on the system. It verifies users logging on to a Windows computer or server, handles password changes, and creates access tokens.

DetailsDetails

File name:lsass.exe
Publisher:Microsoft Corporation
Product name:Local Security Authority Process
Description:Microsoft® Windows® Operating System
Typical file path:C:\Windows\System32\lsass.exe
Certificate
Issued to:Microsoft Corporation
Authority (CA):Microsoft Corporation
Expiration date:Friday, June 13, 2014
Windows Service
Service name:PolicyAgent
Display name:IPSEC Services
Description:“Provides end-to-end security between clients and servers on TCP/IP networks. If this service is stopped, TCP/IP security between clients and servers on the network will be impaired. If this service is disabled, any services that explicitly depend on it will fail to start.”
Type:Win32ShareProcess

BehaviorsBehaviors

(Note, the behaviors below are for all versions of lsass.exe, select a unique version for details.)
Services
Runs under 'SYSTEM\CurrentControlSet\Services' as a shared service by the Service Host (svchost.exe)
  • 'PolicyAgent' (IPSEC Services)
  • 'HTTPFilter' (HTTP SSL)

VersionsAll file variations of lsass.exe

MD5SHA-1File size
f6f209ddb94959ba104fc8fc87c53759 bcbce61852df6cc59f897c78471c222e564b32b3 43.95 KB
f33bfcbbbaace7208db433b6cca98930 660c41bbcb56ccceda63811c9211c583ccbf4f8d 33.27 KB
355e261b1b3b74818e81db84d66f623e e639d59f73bc2fe73578ee1cd124261a6ca4a588 43.95 KB
f606b88b4ca88e95359149b53527b78c fdb1b75743c75ac4fe21e9443c2d950068d69eb8 33.27 KB
747ed861374e5589ee56d28e01bdcfe1 8264a758f1373c2ae79877b504a5707d00f1a118 23 KB
c118a82cd78818c29ab228366ebf81c3 a61609fe669d05d7fac08104d767c66e8cd6aa01 30.5 KB
81951f51e318aecc2d68559e47485cc4 d49245356dd4dc5e8f64037e4dc385355882a340 22 KB
c2243ff9e9aad0c30e8b1a0914da15b6 a5f85e07afb043281573c8c2225a5e734a9a0c74 22 KB
f42309c4191c506b71db5d1126d26318 2a17507a180f5809155c5f113cb255c9f418829e 22 KB
0793f40b9b8a1bdd266296409dbd91ea f34bbe523cf4b187b2c27da2bcd267412301745d 30.5 KB
1a782d5ca033f553f0be54546ebf3b4f 6d3732f0a80744b7731e83b41848638097d683ba 14 KB
d4b61a935670c57a0dea81b4f4a12169 3f21cf979fd67f0ff436da37a0296adc95bee69d 13 KB

Windows OS versionsDistribution by Windows OS

OS versiondistribution
Windows 8.1 46.50%
Windows 8.1 Pro 19.50%
Windows 8.1 Single Language 11.00%
Windows 7 Ultimate 7.00%
Windows 8.1 Pro with Media Center 6.00%
Windows 7 Home Premium 5.25%
Windows 7 Home Basic 1.75%
Windows 8.1 N 1.50%
Windows 8.1 Enterprise Evaluation 1.50%

Distribution by countryDistribution by country

United States installs about 40.75% of Local Security Authority Process.

OEM distributionDistribution by PC manufacturer

PC Manufacturerdistribution
ASUS 23.87%
Acer 17.81%
Dell 16.83%
Lenovo 14.09%
Hewlett-Packard 12.92%
Toshiba 9.39%
Sony 2.74%
Alienware 1.17%
Samsung 1.17%
Should I remove It? Clean your PC of unwanted adware, toolbars and bloatware.

Download it for FREE