Should I block it?

No, this file is 100% safe to run.

Additional versions

6.3.9600.16384 (winblue_rtm.130821-1623)	4.10%
6.3.9600.16384 (winblue_rtm.130821-1623)	0.05%
6.3.9431.0 (winmain_bluemp.130615-1214)	0.19%
6.3.9431.0 (winmain_bluemp.130615-1214)	0.01%
6.2.9200.16864 (win8_gdr.140309-1509)	0.66%
6.2.9200.16420 (win8_gdr.120919-1813)	1.54%
6.2.9200.16420 (win8_gdr.120919-1813)	11.84%
6.2.9200.16384 (win8_rtm.120725-1247)	0.75%
6.2.9200.16384 (win8_rtm.120725-1247)	0.67%
6.2.8400.0 (winmain_win8rc.120518-1423)	0.05%
6.2.8400.0 (winmain_win8rc.120518-1423)	0.05%
6.2.8250.0 (winmain_win8beta.120217-1520)	0.01%
6.2.8102.0 (winmain_win8m3.110823-1455)	0.05%
6.1.7601.22465 (win7sp1_ldr.130924-1532)	0.01%
6.1.7601.22121 (win7sp1_ldr.120927-0414)	0.01%
6.1.7601.22119 (win7sp1_ldr.120926-0334)	0.01%
6.1.7601.22119 (win7sp1_ldr.120926-0334)	0.01%
6.1.7601.22099 (win7sp1_ldr.120824-0334)	0.01%
6.1.7601.22099 (win7sp1_ldr.120824-0334)	0.01%
6.1.7601.22010 (win7sp1_ldr.120601-1503)	0.12%
6.1.7601.22010 (win7sp1_ldr.120601-1503)	0.06%
6.1.7601.18443 (win7sp1_gdr.140411-1533)	0.01%
6.1.7601.18443 (win7sp1_gdr.140411-1533)	4.40%
6.1.7601.18270 (win7sp1_gdr.130924-1532)	1.90%
6.1.7601.18270 (win7sp1_gdr.130924-1532)	0.33%
View more
6.1.7601.17725 (win7sp1_gdr.111116-1503)	35.21%
6.1.7601.17725 (win7sp1_gdr.111116-1503)	16.22%
6.1.7600.21225 (win7_ldr.120601-1507)	0.06%
6.1.7600.16915 (win7_gdr.111116-1506)	3.08%
6.1.7600.16915 (win7_gdr.111116-1506)	2.64%
6.1.7600.16385 (win7_rtm.090713-1255)	7.08%
6.1.7600.16385 (win7_rtm.090713-1255)	3.40%
6.1.7600.16384 (win7_rtm.090710-1945)	0.01%
6.0.6000.16386 (vista_rtm.061101-2205)	0.20%
6.0.6000.16386 (vista_rtm.061101-2205)	0.01%
6.0.6000.16386 (vista_rtm.061101-2205)	0.01%
6.0.6000.16386 (vista_rtm.061101-2205)	0.12%
6.0.6000.16386 (vista_rtm.061101-2205)	0.24%
6.0.6000.16386 (vista_rtm.061101-2205)	4.57%
6.0.6000.16386 (vista_rtm.061101-2205)	0.32%
6.0.6000.16386 (vista_rtm.061101-2205)	0.01%

Relationships

wininit.exe (Windows Start-Up Application by Microsoft)

PE file structure

Show functions

Import table

api-ms-win-core-crt-l1-1-0.dll

memcpy, wcstol, _wcsicmp, wcschr, strcpy_s, _vsnprintf_s, memset, _except_handler4_common

api-ms-win-core-crt-l2-1-0.dll

_initterm, _initterm_e, exit

api-ms-win-core-errorhandling-l1-1-0.dll

SetUnhandledExceptionFilter, SetErrorMode, SetLastError, UnhandledExceptionFilter, GetLastError

api-ms-win-core-errorhandling-l1-1-1.dll

GetLastError, SetUnhandledExceptionFilter, SetErrorMode, SetLastError, UnhandledExceptionFilter

api-ms-win-core-handle-l1-1-0.dll

CloseHandle

api-ms-win-core-heap-obsolete-l1-1-0.dll

LocalFree, LocalAlloc

api-ms-win-core-interlocked-l1-1-0.dll

InterlockedCompareExchange, InterlockedExchange

api-ms-win-core-libraryloader-l1-1-0.dll

GetProcAddress, LoadLibraryExW, GetModuleHandleA

api-ms-win-core-libraryloader-l1-1-1.dll

GetProcAddress, LoadLibraryExW

api-ms-win-core-libraryloader-l1-2-0.dll

GetProcAddress, LoadLibraryExW

api-ms-win-core-localregistry-l1-1-0.dll

RegQueryValueExW, RegOpenKeyExW, RegCloseKey

api-ms-win-core-misc-l1-1-0.dll

LocalAlloc, LocalFree, Sleep

api-ms-win-core-processenvironment-l1-1-0.dll

GetEnvironmentVariableW, SetEnvironmentVariableW

api-ms-win-core-processenvironment-l1-2-0.dll

SetEnvironmentVariableW, GetEnvironmentVariableW

api-ms-win-core-processthreads-l1-1-0.dll

OpenProcessToken, GetCurrentProcess, ExitThread, CreateThread, GetCurrentThreadId, GetCurrentProcessId, TerminateProcess

api-ms-win-core-processthreads-l1-1-1.dll

TerminateProcess, GetCurrentThreadId, GetCurrentProcessId, CreateThread, ExitThread, OpenProcessToken, GetCurrentProcess

api-ms-win-core-processthreads-l1-1-2.dll

TerminateProcess, GetCurrentThreadId, GetCurrentProcessId, CreateThread, ExitThread, GetCurrentProcess, OpenProcessToken

api-ms-win-core-profile-l1-1-0.dll

QueryPerformanceCounter

api-ms-win-core-registry-l1-1-0.dll

RegCloseKey, RegQueryValueExW, RegOpenKeyExW, RegEnumKeyExW

api-ms-win-core-synch-l1-1-0.dll

SetEvent, OpenEventW, CreateEventW

api-ms-win-core-synch-l1-2-0.dll

OpenEventW, CreateEventW, SetEvent

api-ms-win-core-sysinfo-l1-1-0.dll

GetSystemTimeAsFileTime, GetTickCount

api-ms-win-core-sysinfo-l1-2-0.dll

GetSystemTimeAsFileTime, GetTickCount

api-ms-win-core-sysinfo-l1-2-1.dll

GetTickCount, GetSystemTimeAsFileTime

api-ms-win-security-base-l1-1-0.dll

GetTokenInformation

api-ms-win-security-base-l1-2-0.dll

GetTokenInformation

msvcrt.dll

DllMain

ntdll.dll

NtCreatePort, NtConnectPort, NtListenPort, NtAcceptConnectPort, NtCompleteConnectPort, NtReplyWaitReceivePort, RtlLengthRequiredSid, RtlInitializeSid, RtlSubAuthoritySid, NtSetSecurityObject, NtOpenEvent, RtlFreeHeap, RtlAllocateHeap, RtlNtStatusToDosError, RtlSetProcessIsCritical, NtSetInformationProcess, RtlInitUnicodeString, NtOpenFile, NtDeviceIoControlFile, NtSetInformationFile, RtlCreateSecurityDescriptor, RtlLengthSid, RtlSetOwnerSecurityDescriptor, RtlCreateAcl, RtlAddAccessAllowedAce, RtlSetDaclSecurityDescriptor, RtlAllocateAndInitializeSid, RtlAddMandatoryAce, RtlSetSaclSecurityDescriptor, RtlMakeSelfRelativeSD, RtlUnhandledExceptionFilter, DbgPrintEx, NtRequestWaitReplyPort, RtlCreateAndSetSD, RtlFreeSid, RtlAcquireResourceShared, RtlReleaseResource, RtlAcquireResourceExclusive, RtlInitializeResource, NtClose

rpcrt4.dll

I_RpcMapWin32Status, RpcServerRegisterIf2, RpcServerListen, RpcServerUseProtseqEpW, NdrServerCall2, RpcServerRegisterIf3

sspisrv.dll

SspiSrvInitialize, SspiSrvClientCallback

Export table

LsaGetInterface

LsaRegisterExtension

LsaRegisterInterface

lsass.exe

Local Security Authority Process by Microsoft Corporation (Signed)

Remove lsass.exe

Version:	6.1.7601.22119 (win7sp1_ldr.120926-0334)
MD5:	71034b08a78ea24ace92736ec56fe6de
SHA1:	1137d570eeb93228e6b1a868e5e8fba0df3f0a8b

This is a Windows system installed file with Windows File Protection (WFP) enabled.

What is lsass.exe?

Local Security Authority Subsystem Service (LSASS), is a process in Microsoft Windows operating systems that is responsible for enforcing the security policy on the system. It verifies users logging on to a Windows computer or server, handles password changes, and creates access tokens.

Overview

lsass.exe runs as a service under the name Titkosított fájlrendszer (EFS) (KeyIso) with extensive SYSTEM privileges (full administrator access) as a shared service. The file is digitally signed by Microsoft Corporation. This version is designed to run on Windows 7 and is compiled as a 32 bit program.

Details

File name:	lsass.exe
Publisher:	Microsoft Corporation
Product name:	Local Security Authority Process
Description:	Microsoft® Windows® Operating System
Typical file path:	C:\Windows\System32\lsass.exe
File version:	6.1.7601.22119 (win7sp1_ldr.120926-0334)
Product version:	6.1.7601.22119
Size:	21.5 KB (22,016 bytes)
Build date:	9/26/2012 7:33 AM
Certificate
Issued to:	Microsoft Corporation
Authority (CA):	Microsoft Corporation
Expiration date:	Friday, June 13, 2014
Digital DNA
Entropy:	5.983062
File packed:	No
Code language:	Microsoft Visual C++
.NET CLR:	No

More details

Behaviors

Services

Runs under 'SYSTEM\CurrentControlSet\Services' as a shared service by the Service Host (svchost.exe)

Resource utilization

(Note: statistics below are averages based on a minimum sample size of 200 unique participants)

Averages

CPU
Total CPU:	0.00066189%	0.028634%
Kernel CPU:	0.00038375%	0.013761%
User CPU:	0.00027814%	0.014873%
Kernel CPU time:	139,828 ms/min	100,923,805ms/min
CPU cycles:	8,113,923/sec	17,470,203/sec
Memory
Private memory:	3.78 MB	21.59 MB
Private (maximum):	8.57 MB
Private (minimum):	984 KB
Non-paged memory:	3.78 MB	21.59 MB
Virtual memory:	34.59 MB	140.96 MB
Virtual memory (peak):	34.85 MB	169.69 MB
Working set:	2.95 MB	18.61 MB
Working set (peak):	8.58 MB	37.95 MB
Page faults:	11,092/min	2,039/min
I/O
I/O read transfer:	815 Bytes/sec	1.02 MB/min
I/O read operations:	14/sec	343/min
I/O write transfer:	1.15 KB/sec	274.99 KB/min
I/O write operations:	14/sec	227/min
I/O other transfer:	536 Bytes/sec	448.09 KB/min
I/O other operations:	27/sec	1,671/min
Resource allocations
Threads:	8	12
Handles:	604	600

Process properties

Integrety level:	System
Platform:	32-bit
Command line:	C:\Windows\System32\lsass.exe
Owner:	SYSTEM
Windows Service
Service name:	KeyIso
Display name:	Titkosított fájlrendszer (EFS)
Description:	“Durch den Start dieses Diensts wird anderen Diensten signalisiert, dass die Sicherheitskontenverwaltung (SAM) bereit ist, Anforderungen anzunehmen. Wenn Sie diesen Dienst deaktivieren, wird verhindert, dass andere Dienste im System benachrichtigt werden, wenn die Sicherheitskontenverwaltung bereit ist. Dies kann wiederum dazu führen, dass diese Dienste nicht korrekt gestartet werden. Dieser Dienst”
Type:	Win32ShareProcess
Parent process:	wininit.exe (Windows Start-Up Application by Microsoft)

Distribution by Windows OS

OS version	distribution
Windows 8.1	34.50%
Windows 8.1 Pro	27.00%
Windows 8.1 Single Language	12.00%
Windows 7 Ultimate	10.50%
Windows 7 Home Premium	7.00%
Windows 8.1 Pro with Media Center	3.00%
Windows 8.1 N	3.00%
Windows 8.1 Enterprise Evaluation	3.00%

Distribution by country

United States installs about 39.50% of Local Security Authority Process.

Distribution by PC manufacturer

PC Manufacturer	distribution
ASUS	30.23%
Dell	24.03%
Acer	17.83%
Lenovo	13.95%
Hewlett-Packard	6.98%
Toshiba	4.65%
Alienware	2.33%

Remove Adware and Spyware Programs, FREE Download!