This is a Windows system installed file with Windows File Protection (WFP) enabled.
There are 40 versions of lsass.exe in the wild, the latest version being 6.3.9600.16384 (winblue_rtm.130821-1623). It is started as a Windows Service called 'NT-LM-Sicherheitsdienst' with the name 'PolicyAgent' and described as “Bietet Sicherheit für Remoteprozeduraufrufe (RPC), die andere Transportwege als Named Pipes verwenden.”. . In addition, it is run under the context of the SYSTEM account with extensive privileges (the administrator accounts have the same privileges). This is executed as a shared service (which simply means that this service can share a process with other Win32 services). The average file size is about 17.39 KB. The file is a digitally signed and issued to Microsoft Corporation by Microsoft Corporation. During the process's lifecycle, the typical CPU resource utilization is about 0.0058% including both foreground and background operations, the average private memory consumption is about 5.87 MB with the maximum memory reaching around 11.74 MB. Addionally, typically read and write I/O disk operations is about 5.53 KB per minute for reads and 6.87 KB per minute for writes.
Local Security Authority Subsystem Service (LSASS), is a process in Microsoft Windows operating systems that is responsible for enforcing the security policy on the system. It verifies users logging on to a Windows computer or server, handles password changes, and creates access tokens.
(Note, the behaviors below are for all versions of lsass.exe, select a unique version for details.)
Runs under 'SYSTEM\CurrentControlSet\Services' as a shared service by the Service Host (svchost.exe)
United States installs about 40.75% of Local Security Authority Process.
