Should I block it?

No, this file is 100% safe to run.

VersionsAdditional versions

6.3.9600.16384 (winblue_rtm.130821-1623) 3.48%
6.3.9600.16384 (winblue_rtm.130821-1623) 0.05%
6.3.9431.0 (winmain_bluemp.130615-1214) 0.16%
6.3.9431.0 (winmain_bluemp.130615-1214) 0.01%
6.2.9200.16864 (win8_gdr.140309-1509) 0.56%
6.2.9200.16420 (win8_gdr.120919-1813) 1.31%
6.2.9200.16420 (win8_gdr.120919-1813) 10.06%
6.2.9200.16384 (win8_rtm.120725-1247) 0.63%
6.2.9200.16384 (win8_rtm.120725-1247) 0.57%
6.2.8400.0 (winmain_win8rc.120518-1423) 0.05%
6.2.8400.0 (winmain_win8rc.120518-1423) 0.05%
6.2.8250.0 (winmain_win8beta.120217-1520) 0.01%
6.2.8102.0 (winmain_win8m3.110823-1455) 0.05%
6.1.7601.22465 (win7sp1_ldr.130924-1532) 0.01%
6.1.7601.22121 (win7sp1_ldr.120927-0414) 0.01%
6.1.7601.22119 (win7sp1_ldr.120926-0334) 0.01%
6.1.7601.22119 (win7sp1_ldr.120926-0334) 0.01%
6.1.7601.22099 (win7sp1_ldr.120824-0334) 0.01%
6.1.7601.22099 (win7sp1_ldr.120824-0334) 0.01%
6.1.7601.22010 (win7sp1_ldr.120601-1503) 0.10%
6.1.7601.22010 (win7sp1_ldr.120601-1503) 0.05%
6.1.7601.18443 (win7sp1_gdr.140411-1533) 0.01%
6.1.7601.18443 (win7sp1_gdr.140411-1533) 3.74%
6.1.7601.18270 (win7sp1_gdr.130924-1532) 1.61%
6.1.7601.18270 (win7sp1_gdr.130924-1532) 0.28%
View more

Relationships

PE structurePE file structure
Show functions
Import table
api-ms-win-core-crt-l1-1-0.dll
memcpy, wcstol, _wcsicmp, wcschr, strcpy_s, _vsnprintf_s, memset, _except_handler4_common
api-ms-win-core-crt-l2-1-0.dll
_initterm, _initterm_e, exit
api-ms-win-core-errorhandling-l1-1-0.dll
SetUnhandledExceptionFilter, SetErrorMode, SetLastError, UnhandledExceptionFilter, GetLastError
api-ms-win-core-errorhandling-l1-1-1.dll
GetLastError, SetUnhandledExceptionFilter, SetErrorMode, SetLastError, UnhandledExceptionFilter
api-ms-win-core-handle-l1-1-0.dll
CloseHandle
api-ms-win-core-heap-obsolete-l1-1-0.dll
LocalFree, LocalAlloc
api-ms-win-core-interlocked-l1-1-0.dll
InterlockedCompareExchange, InterlockedExchange
api-ms-win-core-libraryloader-l1-1-0.dll
GetProcAddress, LoadLibraryExW, GetModuleHandleA
api-ms-win-core-libraryloader-l1-1-1.dll
GetProcAddress, LoadLibraryExW
api-ms-win-core-libraryloader-l1-2-0.dll
GetProcAddress, LoadLibraryExW
api-ms-win-core-localregistry-l1-1-0.dll
RegQueryValueExW, RegOpenKeyExW, RegCloseKey
api-ms-win-core-misc-l1-1-0.dll
LocalAlloc, LocalFree, Sleep
api-ms-win-core-processenvironment-l1-1-0.dll
GetEnvironmentVariableW, SetEnvironmentVariableW
api-ms-win-core-processenvironment-l1-2-0.dll
SetEnvironmentVariableW, GetEnvironmentVariableW
api-ms-win-core-processthreads-l1-1-0.dll
OpenProcessToken, GetCurrentProcess, ExitThread, CreateThread, GetCurrentThreadId, GetCurrentProcessId, TerminateProcess
api-ms-win-core-processthreads-l1-1-1.dll
TerminateProcess, GetCurrentThreadId, GetCurrentProcessId, CreateThread, ExitThread, OpenProcessToken, GetCurrentProcess
api-ms-win-core-processthreads-l1-1-2.dll
TerminateProcess, GetCurrentThreadId, GetCurrentProcessId, CreateThread, ExitThread, GetCurrentProcess, OpenProcessToken
api-ms-win-core-profile-l1-1-0.dll
QueryPerformanceCounter
api-ms-win-core-registry-l1-1-0.dll
RegCloseKey, RegQueryValueExW, RegOpenKeyExW, RegEnumKeyExW
api-ms-win-core-synch-l1-1-0.dll
SetEvent, OpenEventW, CreateEventW
api-ms-win-core-synch-l1-2-0.dll
OpenEventW, CreateEventW, SetEvent
api-ms-win-core-sysinfo-l1-1-0.dll
GetSystemTimeAsFileTime, GetTickCount
api-ms-win-core-sysinfo-l1-2-0.dll
GetSystemTimeAsFileTime, GetTickCount
api-ms-win-core-sysinfo-l1-2-1.dll
GetTickCount, GetSystemTimeAsFileTime
api-ms-win-security-base-l1-1-0.dll
GetTokenInformation
api-ms-win-security-base-l1-2-0.dll
GetTokenInformation
msvcrt.dll
DllMain
ntdll.dll
NtCreatePort, NtConnectPort, NtListenPort, NtAcceptConnectPort, NtCompleteConnectPort, NtReplyWaitReceivePort, RtlLengthRequiredSid, RtlInitializeSid, RtlSubAuthoritySid, NtSetSecurityObject, NtOpenEvent, RtlFreeHeap, RtlAllocateHeap, RtlNtStatusToDosError, RtlSetProcessIsCritical, NtSetInformationProcess, RtlInitUnicodeString, NtOpenFile, NtDeviceIoControlFile, NtSetInformationFile, RtlCreateSecurityDescriptor, RtlLengthSid, RtlSetOwnerSecurityDescriptor, RtlCreateAcl, RtlAddAccessAllowedAce, RtlSetDaclSecurityDescriptor, RtlAllocateAndInitializeSid, RtlAddMandatoryAce, RtlSetSaclSecurityDescriptor, RtlMakeSelfRelativeSD, RtlUnhandledExceptionFilter, DbgPrintEx, NtRequestWaitReplyPort, RtlCreateAndSetSD, RtlFreeSid, RtlAcquireResourceShared, RtlReleaseResource, RtlAcquireResourceExclusive, RtlInitializeResource, NtClose
rpcrt4.dll
I_RpcMapWin32Status, RpcServerRegisterIf2, RpcServerListen, RpcServerUseProtseqEpW, NdrServerCall2, RpcServerRegisterIf3
sspisrv.dll
SspiSrvInitialize, SspiSrvClientCallback
Export table
LsaGetInterface
LsaRegisterExtension
LsaRegisterInterface

lsass.exe

Local Security Authority Process by Microsoft Corporation (Signed)

Remove lsass.exe
Version:   6.1.7601.17725 (win7sp1_gdr.111116-1503)
MD5:   81951f51e318aecc2d68559e47485cc4
SHA1:   d49245356dd4dc5e8f64037e4dc385355882a340
SHA256:   acf76395ef4a2ed03ab919a9da04d3a4c03b4d0edc60be123b3be1afe78bc71b
This is a Windows system installed file with Windows File Protection (WFP) enabled.

What is lsass.exe?

Local Security Authority Subsystem Service (LSASS), is a process in Microsoft Windows operating systems that is responsible for enforcing the security policy on the system. It verifies users logging on to a Windows computer or server, handles password changes, and creates access tokens.

Overview

lsass.exe runs as a service under the name Titkosított fájlrendszer (EFS) (KeyIso) with extensive SYSTEM privileges (full administrator access) as a shared service. The file is digitally signed by Microsoft Corporation. This version is designed to run on Windows 7 and is compiled as a 32 bit program.

DetailsDetails

File name:lsass.exe
Publisher:Microsoft Corporation
Product name:Local Security Authority Process
Description:Microsoft® Windows® Operating System
Typical file path:C:\Windows\System32\lsass.exe
File version:6.1.7601.17725 (win7sp1_gdr.111116-1503)
Product version:6.1.7601.17725
Size:22 KB (22,528 bytes)
Certificate
Issued to:Microsoft Corporation
Authority (CA):Microsoft Corporation
Expiration date:Friday, June 13, 2014
Digital DNA
Entropy:5.983062
File packed:No
Code language:Microsoft Visual C++
.NET CLR:No
More details

BehaviorsBehaviors

Services
Runs under 'SYSTEM\CurrentControlSet\Services' as a shared service by the Service Host (svchost.exe)
Network connections
  • [UDP] listens on port 64072
  • [UDP] listens on port 53527
  • [UDP] listens on port 55818

    • ResourcesResource utilization

    (Note: statistics below are averages based on a minimum sample size of 200 unique participants)
    Averages
     
    CPU
    Total CPU:0.01040647%
    0.028634%
    Kernel CPU:0.00483393%
    0.013761%
    User CPU:0.00557254%
    0.014873%
    Kernel CPU time:118,913,253 ms/min
    100,923,805ms/min
    CPU cycles:2,839,602/sec
    17,470,203/sec
    Context switches:43/sec
    284/sec
    Memory
    Private memory:4.08 MB
    21.59 MB
    Private (maximum):8.22 MB
    Private (minimum):5.1 MB
    Non-paged memory:4.08 MB
    21.59 MB
    Virtual memory:37.5 MB
    140.96 MB
    Virtual memory (peak):38.54 MB
    169.69 MB
    Working set:6.27 MB
    18.61 MB
    Working set (peak):9.5 MB
    37.95 MB
    Page faults:16,730/min
    2,039/min
    I/O
    I/O read transfer:1.3 KB/sec
    1.02 MB/min
    I/O read operations:15/sec
    343/min
    I/O write transfer:2.34 KB/sec
    274.99 KB/min
    I/O write operations:15/sec
    227/min
    I/O other transfer:2.07 KB/sec
    448.09 KB/min
    I/O other operations:38/sec
    1,671/min
    Resource allocations
    Threads:8
    12
    Handles:776
    600

    BehaviorsProcess properties

    Integrety level:System
    Platform:32-bit
    Command line:C:\Windows\System32\lsass.exe
    Owner:SYSTEM
    Windows Service
    Service name:KeyIso
    Display name:Titkosított fájlrendszer (EFS)
    Description:“Durch den Start dieses Diensts wird anderen Diensten signalisiert, dass die Sicherheitskontenverwaltung (SAM) bereit ist, Anforderungen anzunehmen. Wenn Sie diesen Dienst deaktivieren, wird verhindert, dass andere Dienste im System benachrichtigt werden, wenn die Sicherheitskontenverwaltung bereit ist. Dies kann wiederum dazu führen, dass diese Dienste nicht korrekt gestartet werden. Dieser Dienst”
    Type:Win32ShareProcess
    Parent process:wininit.exe (Windows Start-Up Application by Microsoft)

    ResourcesThreads

    Averages
     
    ntdll.dll
    Total CPU:0.13220289%
    0.272967%
    Kernel CPU:0.08266432%
    0.107585%
    User CPU:0.04953857%
    0.165382%
    CPU cycles:2,719,119/sec
    5,741,424/sec
    Context switches:10/sec
    79/sec
    Memory:1.23 MB
    1.16 MB
    lsass.exe (main module)
    Total CPU:0.00085865%
    Kernel CPU:0.00027817%
    User CPU:0.00058047%
    CPU cycles:14,474/sec
    Memory:36 KB
    lsasrv.dll
    Total CPU:0.00043566%
    Kernel CPU:0.00017352%
    User CPU:0.00026215%
    CPU cycles:3,695/sec
    Memory:1 MB
    sechost.dll
    Total CPU:0.00013524%
    Kernel CPU:0.00008234%
    User CPU:0.00005291%
    CPU cycles:4,825/sec
    Memory:100 KB

    Common loaded modules

    These are modules that are typiclaly loaded within the context of this process.

    Windows OS versionsDistribution by Windows OS

    OS versiondistribution
    Windows 8.1 34.50%
    Windows 8.1 Pro 27.00%
    Windows 8.1 Single Language 12.00%
    Windows 7 Ultimate 10.50%
    Windows 7 Home Premium 7.00%
    Windows 8.1 Pro with Media Center 3.00%
    Windows 8.1 N 3.00%
    Windows 8.1 Enterprise Evaluation 3.00%

    Distribution by countryDistribution by country

    United States installs about 39.50% of Local Security Authority Process.

    OEM distributionDistribution by PC manufacturer

    PC Manufacturerdistribution
    ASUS 30.23%
    Dell 24.03%
    Acer 17.83%
    Lenovo 13.95%
    Hewlett-Packard 6.98%
    Toshiba 4.65%
    Alienware 2.33%
    Back to top
    Should I remove It? Clean your PC of unwanted adware, toolbars and bloatware.

    Download it for FREE