Should I block it?

No, this file is 100% safe to run.

VersionsAdditional versions

6.3.9600.16384 (winblue_rtm.130821-1623) 4.72%
6.3.9600.16384 (winblue_rtm.130821-1623) 0.06%
6.3.9431.0 (winmain_bluemp.130615-1214) 0.22%
6.3.9431.0 (winmain_bluemp.130615-1214) 0.01%
6.2.9200.16384 (win8_rtm.120725-1247) 0.86%
6.1.7601.17725 (win7sp1_gdr.111116-1503) 40.58%
6.1.7601.17725 (win7sp1_gdr.111116-1503) 18.70%
6.1.7600.16915 (win7_gdr.111116-1506) 3.54%
6.1.7600.16385 (win7_rtm.090713-1255) 8.16%
6.1.7600.16385 (win7_rtm.090713-1255) 3.92%
5.1.2600.5512 (xpsp.080413-2113) 12.71%
5.1.2600.5512 (xpsp.080413-2113) 0.91%
5.1.2600.5512 (xpsp.080413-2113) 0.65%
5.1.2600.5512 (xpsp.080413-2113) 0.06%
5.1.2600.5512 (xpsp.080413-2113) 0.59%
5.1.2600.5512 (xpsp.080413-2113) 0.01%
5.1.2600.5512 (xpsp.080413-2113) 0.01%
5.1.2600.5512 (xpsp.080413-2113) 0.38%
5.1.2600.5512 (xpsp.080413-2113) 0.06%
5.1.2600.5512 (xpsp.080413-2113) 0.01%
5.1.2600.5512 (xpsp.080413-2113) 0.17%
5.1.2600.5512 (xpsp.080413-2113) 0.27%
5.1.2600.5512 (xpsp.080413-2113) 0.06%
5.1.2600.5512 (xpsp.080413-2113) 0.27%
5.1.2600.5512 (xpsp.080413-2113) 0.06%
View more

lsass.exe

Local Security Authority Process by Microsoft Corporation (Signed)

Remove lsass.exe
Version:   5.1.2600.5512 (xpsp.080413-2113)
MD5:   4e09c68586cf236b9853fc7f93f69c62
SHA1:   7e9ae776d0e0ae457db62ebdb0920bffa546af19
This is a Windows system installed file with Windows File Protection (WFP) enabled.

What is lsass.exe?

Local Security Authority Subsystem Service (LSASS), is a process in Microsoft Windows operating systems that is responsible for enforcing the security policy on the system. It verifies users logging on to a Windows computer or server, handles password changes, and creates access tokens.

Overview

lsass.exe runs as a service under the name Titkosított fájlrendszer (EFS) (KeyIso) with extensive SYSTEM privileges (full administrator access) as a shared service. The file is digitally signed by Microsoft Corporation. This version is installed on Windows XP and is compiled as a 32 bit program.

DetailsDetails

File name:lsass.exe
Publisher:Microsoft Corporation
Product name:Local Security Authority Process
Description:Microsoft® Windows® Operating System
Typical file path:C:\Windows\System32\lsass.exe
File version:5.1.2600.5512 (xpsp.080413-2113)
Product version:5.1.2600.5512
Size:13 KB (13,312 bytes)
Build date:4/14/2008 2:31 AM
Certificate
Issued to:Microsoft Corporation
Authority (CA):Microsoft Corporation
Expiration date:Friday, June 13, 2014
Digital DNA
Entropy:5.983062
File packed:No
Code language:Microsoft Visual C++
.NET CLR:No
More details

BehaviorsBehaviors

Services
Runs under 'SYSTEM\CurrentControlSet\Services' as a shared service by the Service Host (svchost.exe)
Network connections
  • [UDP] listens on port 4500

    • ResourcesResource utilization

    (Note: statistics below are averages based on a minimum sample size of 200 unique participants)
    Averages
     
    CPU
    Total CPU:0.00176900%
    0.028634%
    Kernel CPU:0.00076711%
    0.013761%
    User CPU:0.00100188%
    0.014873%
    Kernel CPU time:8,563 ms/min
    100,923,805ms/min
    Context switches:36/sec
    284/sec
    Memory
    Private memory:4.34 MB
    21.59 MB
    Private (maximum):6.71 MB
    Private (minimum):560 KB
    Non-paged memory:4.34 MB
    21.59 MB
    Virtual memory:42.65 MB
    140.96 MB
    Virtual memory (peak):44.33 MB
    169.69 MB
    Working set:1.91 MB
    18.61 MB
    Working set (peak):6.71 MB
    37.95 MB
    Resource allocations
    Threads:21
    12
    Handles:382
    600
    GUI GDI count:4
    103
    GUI USER count:2
    49

    BehaviorsProcess properties

    Integrety level:Undefined
    Platform:32-bit
    Command line:C:\Windows\System32\lsass.exe
    Owner:SYSTEM
    Windows Service
    Service name:KeyIso
    Display name:Titkosított fájlrendszer (EFS)
    Description:“Durch den Start dieses Diensts wird anderen Diensten signalisiert, dass die Sicherheitskontenverwaltung (SAM) bereit ist, Anforderungen anzunehmen. Wenn Sie diesen Dienst deaktivieren, wird verhindert, dass andere Dienste im System benachrichtigt werden, wenn die Sicherheitskontenverwaltung bereit ist. Dies kann wiederum dazu führen, dass diese Dienste nicht korrekt gestartet werden. Dieser Dienst”
    Type:Win32ShareProcess
    Parent process:winlogon.exe (Microsoft Windows Operating System by Microsoft)

    ResourcesThreads

    Averages
     
    RPCRT4.dll
    Total CPU:0.01283595%
    0.272967%
    Kernel CPU:0.00942440%
    0.107585%
    User CPU:0.00341155%
    0.165382%
    Context switches:5/sec
    79/sec
    Memory:588 KB
    1.16 MB
    ntdll.dll
    Total CPU:0.00127933%
    Kernel CPU:0.00017058%
    User CPU:0.00110875%
    Memory:604 KB
    ADVAPI32.dll
    Total CPU:0.00017059%
    Kernel CPU:0.00004265%
    User CPU:0.00012794%
    Memory:668 KB
    msvcrt.dll
    Total CPU:0.00004265%
    Kernel CPU:0.00000000%
    User CPU:0.00004265%
    Context switches:1/sec
    Memory:352 KB

    Windows OS versionsDistribution by Windows OS

    OS versiondistribution
    Windows 8.1 34.50%
    Windows 8.1 Pro 27.00%
    Windows 8.1 Single Language 12.00%
    Windows 7 Ultimate 10.50%
    Windows 7 Home Premium 7.00%
    Windows 8.1 Pro with Media Center 3.00%
    Windows 8.1 N 3.00%
    Windows 8.1 Enterprise Evaluation 3.00%

    Distribution by countryDistribution by country

    United States installs about 39.50% of Local Security Authority Process.

    OEM distributionDistribution by PC manufacturer

    PC Manufacturerdistribution
    ASUS 30.23%
    Dell 24.03%
    Acer 17.83%
    Lenovo 13.95%
    Hewlett-Packard 6.98%
    Toshiba 4.65%
    Alienware 2.33%
    Back to top
    Should I remove It? Clean your PC of unwanted adware, toolbars and bloatware.

    Download it for FREE