This is a Windows system installed file with Windows File Protection (WFP) enabled.
lsass.exe has 74 known versions, the most recent one is 6.3.9600.16384 (winblue_rtm.130821-1623). It is started as a Windows Service called 'Titkosított fájlrendszer (EFS)' with the name 'KeyIso' and described as “Durch den Start dieses Diensts wird anderen Diensten signalisiert, dass die Sicherheitskontenverwaltung (SAM) bereit ist, Anforderungen anzunehmen. Wenn Sie diesen Dienst deaktivieren, wird verhindert, dass andere Dienste im System benachrichtigt werden, wenn die Sicherheitskontenverwaltung bereit ist. Dies kann wiederum dazu führen, dass diese Dienste nicht korrekt gestartet werden. Dieser Dienst”. . In addition, it is run under the context of the SYSTEM account with extensive privileges (the administrator accounts have the same privileges). This is executed as a shared service (which simply means that this service can share a process with other Win32 services). The average file size is about 19.5 KB. It is an authenticode code-signed executable issued to Microsoft Corporation by the certification authority Microsoft Corporation. During the process's lifecycle, the typical CPU resource utilization is about 0.0039% including both foreground and background operations, the average private memory consumption is about 6.2 MB with the maximum memory reaching around 13.38 MB. Addionally, typically read and write I/O disk operations is about 1.99 KB per minute for reads and 1.82 KB per minute for writes.
Local Security Authority Subsystem Service (LSASS), is a process in Microsoft Windows operating systems that is responsible for enforcing the security policy on the system. It verifies users logging on to a Windows computer or server, handles password changes, and creates access tokens.
(Note, the behaviors below are for all versions of lsass.exe, select a unique version for details.)
Runs under 'SYSTEM\CurrentControlSet\Services' as a shared service by the Service Host (svchost.exe)
United States installs about 40.75% of Local Security Authority Process.