Should I block it?

No, this file is 100% safe to run.

VersionsAdditional versions

6.3.9600.16384 (winblue_rtm.130821-1623) 4.72%
6.3.9600.16384 (winblue_rtm.130821-1623) 0.06%
6.3.9431.0 (winmain_bluemp.130615-1214) 0.22%
6.3.9431.0 (winmain_bluemp.130615-1214) 0.01%
6.2.9200.16384 (win8_rtm.120725-1247) 0.86%
6.1.7601.17725 (win7sp1_gdr.111116-1503) 40.58%
6.1.7601.17725 (win7sp1_gdr.111116-1503) 18.70%
6.1.7600.16915 (win7_gdr.111116-1506) 3.54%
6.1.7600.16385 (win7_rtm.090713-1255) 8.16%
6.1.7600.16385 (win7_rtm.090713-1255) 3.92%
5.1.2600.5512 (xpsp.080413-2113) 12.71%
5.1.2600.5512 (xpsp.080413-2113) 0.91%
5.1.2600.5512 (xpsp.080413-2113) 0.65%
5.1.2600.5512 (xpsp.080413-2113) 0.06%
5.1.2600.5512 (xpsp.080413-2113) 0.59%
5.1.2600.5512 (xpsp.080413-2113) 0.01%
5.1.2600.5512 (xpsp.080413-2113) 0.01%
5.1.2600.5512 (xpsp.080413-2113) 0.38%
5.1.2600.5512 (xpsp.080413-2113) 0.06%
5.1.2600.5512 (xpsp.080413-2113) 0.01%
5.1.2600.5512 (xpsp.080413-2113) 0.17%
5.1.2600.5512 (xpsp.080413-2113) 0.27%
5.1.2600.5512 (xpsp.080413-2113) 0.06%
5.1.2600.5512 (xpsp.080413-2113) 0.27%
5.1.2600.5512 (xpsp.080413-2113) 0.06%
View more

Relationships


PE structurePE file structure

Show functions
Import table
api-ms-win-core-crt-l1-1-0.dll
memcpy, wcstol, _wcsicmp, wcschr, strcpy_s, _vsnprintf_s, memset, _except_handler4_common
api-ms-win-core-crt-l2-1-0.dll
_initterm, _initterm_e, exit
api-ms-win-core-errorhandling-l1-1-0.dll
SetUnhandledExceptionFilter, SetErrorMode, SetLastError, UnhandledExceptionFilter, GetLastError
api-ms-win-core-errorhandling-l1-1-1.dll
GetLastError, SetUnhandledExceptionFilter, SetErrorMode, SetLastError, UnhandledExceptionFilter
api-ms-win-core-handle-l1-1-0.dll
CloseHandle
api-ms-win-core-heap-obsolete-l1-1-0.dll
LocalFree, LocalAlloc
api-ms-win-core-interlocked-l1-1-0.dll
InterlockedCompareExchange, InterlockedExchange
api-ms-win-core-libraryloader-l1-1-0.dll
GetProcAddress, LoadLibraryExW, GetModuleHandleA
api-ms-win-core-libraryloader-l1-1-1.dll
GetProcAddress, LoadLibraryExW
api-ms-win-core-libraryloader-l1-2-0.dll
GetProcAddress, LoadLibraryExW
api-ms-win-core-localregistry-l1-1-0.dll
RegQueryValueExW, RegOpenKeyExW, RegCloseKey
api-ms-win-core-misc-l1-1-0.dll
LocalAlloc, LocalFree, Sleep
api-ms-win-core-processenvironment-l1-1-0.dll
GetEnvironmentVariableW, SetEnvironmentVariableW
api-ms-win-core-processenvironment-l1-2-0.dll
SetEnvironmentVariableW, GetEnvironmentVariableW
api-ms-win-core-processthreads-l1-1-0.dll
OpenProcessToken, GetCurrentProcess, ExitThread, CreateThread, GetCurrentThreadId, GetCurrentProcessId, TerminateProcess
api-ms-win-core-processthreads-l1-1-1.dll
TerminateProcess, GetCurrentThreadId, GetCurrentProcessId, CreateThread, ExitThread, OpenProcessToken, GetCurrentProcess
api-ms-win-core-processthreads-l1-1-2.dll
TerminateProcess, GetCurrentThreadId, GetCurrentProcessId, CreateThread, ExitThread, GetCurrentProcess, OpenProcessToken
api-ms-win-core-profile-l1-1-0.dll
QueryPerformanceCounter
api-ms-win-core-registry-l1-1-0.dll
RegCloseKey, RegQueryValueExW, RegOpenKeyExW, RegEnumKeyExW
api-ms-win-core-synch-l1-1-0.dll
SetEvent, OpenEventW, CreateEventW
api-ms-win-core-synch-l1-2-0.dll
OpenEventW, CreateEventW, SetEvent
api-ms-win-core-sysinfo-l1-1-0.dll
GetSystemTimeAsFileTime, GetTickCount
api-ms-win-core-sysinfo-l1-2-0.dll
GetSystemTimeAsFileTime, GetTickCount
api-ms-win-core-sysinfo-l1-2-1.dll
GetTickCount, GetSystemTimeAsFileTime
api-ms-win-security-base-l1-1-0.dll
GetTokenInformation
api-ms-win-security-base-l1-2-0.dll
GetTokenInformation
msvcrt.dll
DllMain
ntdll.dll
NtCreatePort, NtConnectPort, NtListenPort, NtAcceptConnectPort, NtCompleteConnectPort, NtReplyWaitReceivePort, RtlLengthRequiredSid, RtlInitializeSid, RtlSubAuthoritySid, NtSetSecurityObject, NtOpenEvent, RtlFreeHeap, RtlAllocateHeap, RtlNtStatusToDosError, RtlSetProcessIsCritical, NtSetInformationProcess, RtlInitUnicodeString, NtOpenFile, NtDeviceIoControlFile, NtSetInformationFile, RtlCreateSecurityDescriptor, RtlLengthSid, RtlSetOwnerSecurityDescriptor, RtlCreateAcl, RtlAddAccessAllowedAce, RtlSetDaclSecurityDescriptor, RtlAllocateAndInitializeSid, RtlAddMandatoryAce, RtlSetSaclSecurityDescriptor, RtlMakeSelfRelativeSD, RtlUnhandledExceptionFilter, DbgPrintEx, NtRequestWaitReplyPort, RtlCreateAndSetSD, RtlFreeSid, RtlAcquireResourceShared, RtlReleaseResource, RtlAcquireResourceExclusive, RtlInitializeResource, NtClose
rpcrt4.dll
I_RpcMapWin32Status, RpcServerRegisterIf2, RpcServerListen, RpcServerUseProtseqEpW, NdrServerCall2, RpcServerRegisterIf3
sspisrv.dll
SspiSrvInitialize, SspiSrvClientCallback
Export table
LsaGetInterface
LsaRegisterExtension
LsaRegisterInterface

lsass.exe

Local Security Authority Process by Microsoft Corporation (Signed)

Remove lsass.exe
Version:   5.1.2600.5512 (xpsp.080413-2113)
MD5:   88296f7943f30a1ee3af735440b92268
SHA1:   30b65a5b0fccb831b275eebd7a69c55f088abe2b
This is a Windows system installed file with Windows File Protection (WFP) enabled.

What is lsass.exe?

Local Security Authority Subsystem Service (LSASS), is a process in Microsoft Windows operating systems that is responsible for enforcing the security policy on the system. It verifies users logging on to a Windows computer or server, handles password changes, and creates access tokens.

Overview

lsass.exe runs as a service under the name Titkosított fájlrendszer (EFS) (KeyIso) within the local user context as a shared service. The file is digitally signed by Microsoft Corporation. This version is installed on Windows XP and is compiled as a 32 bit program.

DetailsDetails

File name:lsass.exe
Publisher:Microsoft Corporation
Product name:Local Security Authority Process
Description:Microsoft® Windows® Operating System
Typical file path:C:\Windows\System32\lsass.exe
File version:5.1.2600.5512 (xpsp.080413-2113)
Product version:5.1.2600.5512
Size:13 KB (13,312 bytes)
Build date:4/13/2008 8:31 PM
Certificate
Issued to:Microsoft Corporation
Authority (CA):Microsoft Corporation
Expiration date:Friday, June 13, 2014
Digital DNA
Entropy:5.983062
File packed:No
Code language:Microsoft Visual C++
.NET CLR:No
More details

BehaviorsBehaviors

Services
Runs under 'SYSTEM\CurrentControlSet\Services' as a shared service by the Service Host (svchost.exe)
Network connections
  • [UDP] listens on port 4500

  • ResourcesResource utilization

    (Note: statistics below are averages based on a minimum sample size of 200 unique participants)
    Averages
     
    CPU
    Total CPU:0.01301047%
    0.028634%
    Kernel CPU:0.00867365%
    0.013761%
    User CPU:0.00433682%
    0.014873%
    Kernel CPU time:4,496,875 ms/min
    100,923,805ms/min
    Context switches:89/sec
    284/sec
    Memory
    Private memory:62.14 MB
    21.59 MB
    Private (maximum):37 MB
    Private (minimum):484 KB
    Non-paged memory:62.14 MB
    21.59 MB
    Virtual memory:109.45 MB
    140.96 MB
    Virtual memory (peak):110.71 MB
    169.69 MB
    Working set:2.59 MB
    18.61 MB
    Working set (peak):37.01 MB
    37.95 MB
    Page faults:45,840/min
    2,039/min
    I/O
    I/O read transfer:57.21 KB/sec
    1.02 MB/min
    I/O read operations:994/sec
    343/min
    I/O write transfer:42.33 KB/sec
    274.99 KB/min
    I/O write operations:810/sec
    227/min
    I/O other transfer:11.35 KB/sec
    448.09 KB/min
    I/O other operations:1,817/sec
    1,671/min
    Resource allocations
    Threads:31
    12
    Handles:1833
    600
    GUI GDI count:4
    103

    BehaviorsProcess properties

    Integrety level:Undefined
    Platform:32-bit
    Command line:C:\Windows\System32\lsass.exe
    Owner:User
    Windows Service
    Service name:KeyIso
    Display name:Titkosított fájlrendszer (EFS)
    Description:“Durch den Start dieses Diensts wird anderen Diensten signalisiert, dass die Sicherheitskontenverwaltung (SAM) bereit ist, Anforderungen anzunehmen. Wenn Sie diesen Dienst deaktivieren, wird verhindert, dass andere Dienste im System benachrichtigt werden, wenn die Sicherheitskontenverwaltung bereit ist. Dies kann wiederum dazu führen, dass diese Dienste nicht korrekt gestartet werden. Dieser Dienst”
    Type:Win32ShareProcess
    Parent process:winlogon.exe (Aplikacja logowania systemu Windows NT by Microsoft)

    Windows OS versionsDistribution by Windows OS

    OS versiondistribution
    Windows 8.1 34.50%
    Windows 8.1 Pro 27.00%
    Windows 8.1 Single Language 12.00%
    Windows 7 Ultimate 10.50%
    Windows 7 Home Premium 7.00%
    Windows 8.1 Pro with Media Center 3.00%
    Windows 8.1 N 3.00%
    Windows 8.1 Enterprise Evaluation 3.00%

    Distribution by countryDistribution by country

    United States installs about 39.50% of Local Security Authority Process.

    OEM distributionDistribution by PC manufacturer

    PC Manufacturerdistribution
    ASUS 30.23%
    Dell 24.03%
    Acer 17.83%
    Lenovo 13.95%
    Hewlett-Packard 6.98%
    Toshiba 4.65%
    Alienware 2.33%
    Should I remove It? Clean your PC of unwanted adware, toolbars and bloatware.

    Download it for FREE