Should I block it?

No, this file is 100% safe to run.

Additional versions

6.1.7600.16385 (win7_rtm.090713-1255)	7.38%
6.1.7600.16385 (win7_rtm.090713-1255)	51.77%
6.1.7600.16385 (win7_rtm.090713-1255)	24.05%
6.1.7600.16385 (win7_rtm.090713-1255)	4.77%
6.1.7600.16385 (win7_rtm.090713-1255)	0.06%
6.1.7600.16385 (win7_rtm.090713-1255)	0.12%
6.1.7600.16385 (win7_rtm.090713-1255)	0.06%
6.1.7600.16385 (win7_rtm.090713-1255)	0.12%
6.0.6001.18000 (longhorn_rtm.080118-1840)	9.11%
6.0.6001.18000 (longhorn_rtm.080118-1840)	1.98%
6.0.6000.16386 (vista_rtm.061101-2205)	0.56%

Relationships

Parent process

wininit.exe (Windows Start-Up Application by Microsoft)

Related files

PE file structure

Show functions

Import table

advapi32.dll

TraceMessage, GetTraceEnableFlags, GetTraceEnableLevel, GetTraceLoggerHandle, RegisterTraceGuidsW, UnregisterTraceGuids, RegCloseKey, RegQueryValueExW, RegOpenKeyExW, SetSecurityDescriptorDacl, SetEntriesInAclW, SetSecurityDescriptorGroup, SetSecurityDescriptorOwner, InitializeSecurityDescriptor, GetTokenInformation, OpenProcessToken, OpenThreadToken, RegNotifyChangeKeyValue, AdjustTokenPrivileges, CloseServiceHandle, OpenSCManagerW, RevertToSelf, ImpersonateLoggedOnUser, LogonUserW, OpenServiceW, RegSetValueExW, NotifyServiceStatusChangeW, AccessCheckAndAuditAlarmW, SetThreadToken, DuplicateTokenEx, AuditFree, AuditQuerySystemPolicy, QueryServiceStatus, CreateWellKnownSid, MakeSelfRelativeSD, MakeAbsoluteSD, CheckTokenMembership, QueryServiceConfigW, StartServiceW, DuplicateToken, LookupAccountSidW, AddAce, GetAce, InitializeAcl, CopySid, GetLengthSid, GetAclInformation, GetSecurityDescriptorDacl, LsaFreeMemory, LsaGetUserName, ControlTraceW, StartTraceW, EnableTrace, QueryTraceW, ReportEventW, DeregisterEventSource, RegisterEventSourceW, IsValidSecurityDescriptor, RegCreateKeyExW, RegConnectRegistryW, RegOpenCurrentUser, I_ScSendTSMessage, RegEnumKeyExW, RegDeleteKeyW, GetSecurityDescriptorLength, PerfSetCounterRefValue, PerfCreateInstance, PerfStopProvider, PerfSetCounterSetInfo, PerfStartProvider

api-ms-win-core-errorhandling-l1-1-0.dll

SetUnhandledExceptionFilter, UnhandledExceptionFilter, GetLastError

api-ms-win-core-handle-l1-1-0.dll

CloseHandle, DuplicateHandle

api-ms-win-core-heap-l1-1-0.dll

HeapSetInformation

api-ms-win-core-interlocked-l1-1-0.dll

InterlockedIncrement, InterlockedDecrement, InterlockedExchange, InterlockedCompareExchange

api-ms-win-core-libraryloader-l1-1-0.dll

LoadStringW, GetModuleHandleW, GetProcAddress, FreeLibrary, GetModuleHandleA, LoadLibraryExA

api-ms-win-core-localregistry-l1-1-0.dll

RegNotifyChangeKeyValue, RegQueryValueExW, RegOpenKeyExW, RegSetValueExW, RegCloseKey

api-ms-win-core-misc-l1-1-0.dll

LocalAlloc, Sleep, LocalFree

api-ms-win-core-processthreads-l1-1-0.dll

OpenProcessToken, OpenThreadToken, GetCurrentThread, ProcessIdToSessionId, SetThreadToken, GetCurrentProcess, GetProcessId, GetCurrentThreadId, GetCurrentProcessId, TerminateProcess

api-ms-win-core-profile-l1-1-0.dll

QueryPerformanceCounter

api-ms-win-core-synch-l1-1-0.dll

WaitForSingleObject, OpenEventW, SetEvent, InitializeCriticalSection, OpenProcess, CreateEventW, WaitForMultipleObjectsEx, ResetEvent, DeleteCriticalSection

api-ms-win-core-sysinfo-l1-1-0.dll

GetTickCount, GetSystemTimeAsFileTime, GetTickCount64

api-ms-win-core-threadpool-l1-1-0.dll

UnregisterWaitEx

api-ms-win-security-base-l1-1-0.dll

SetSecurityDescriptorGroup, CopySid, InitializeSecurityDescriptor, GetTokenInformation, AdjustTokenPrivileges, SetSecurityDescriptorDacl, GetLengthSid, IsValidSid, DuplicateTokenEx, GetSecurityDescriptorLength, CreateWellKnownSid, MakeSelfRelativeSD, MakeAbsoluteSD, CheckTokenMembership, DuplicateToken, AddAce, GetAce, InitializeAcl, GetAclInformation, GetSecurityDescriptorDacl, RevertToSelf, ImpersonateLoggedOnUser, AccessCheckAndAuditAlarmW, IsValidSecurityDescriptor, EqualSid, SetSecurityDescriptorOwner

api-ms-win-service-management-l1-1-0.dll

OpenSCManagerW, OpenServiceW, StartServiceW, CloseServiceHandle

api-ms-win-service-management-l2-1-0.dll

QueryServiceConfigW, NotifyServiceStatusChangeW

api-ms-win-service-winsvc-l1-1-0.dll

QueryServiceStatus, I_ScSendTSMessage

kernel32.dll

QueueUserWorkItem, GetComputerNameW, WaitForMultipleObjects, RegisterWaitForSingleObject, LoadLibraryW, DelayLoadFailureHook, HeapAlloc, GetProcessHeap, HeapFree, ExpandEnvironmentStringsW, SetLastError, OutputDebugStringA, RtlCaptureStackBackTrace, LocalSize, SleepEx, GetVersionExW, CreateProcessW, DebugBreak, IsDebuggerPresent, GetSystemDirectoryW, RegCreateKeyExW, RegOpenCurrentUser, RegEnumKeyExW, VerifyVersionInfoW, VerSetConditionMask, LocalAlloc, UnhandledExceptionFilter, TerminateProcess, GetSystemTimeAsFileTime, GetCurrentProcessId, GetCurrentThreadId, GetTickCount, QueryPerformanceCounter, GetModuleHandleA, FormatMessageW, DeleteCriticalSection, GetProcAddress, InitializeCriticalSection, InterlockedCompareExchange, GetProcessId, UnregisterWaitEx, OpenProcess, DuplicateHandle, InterlockedExchange, ProcessIdToSessionId, HeapSetInformation, SetUnhandledExceptionFilter, CreateEventW, WaitForSingleObject, Sleep, InterlockedDecrement, InterlockedIncrement, WaitForMultipleObjectsEx, GetCurrentThread, GetCurrentProcess, CloseHandle, LocalFree, ResetEvent, OpenEventW, GetLastError, SetEvent, FreeLibrary

msvcrt.dll

DllMain

ntdll.dll

NtDelayExecution, RtlUnhandledExceptionFilter, EtwUnregisterTraceGuids, EtwRegisterTraceGuidsW, EtwGetTraceLoggerHandle, EtwGetTraceEnableLevel, EtwGetTraceEnableFlags, EtwTraceMessage, EtwEventWrite, RtlInitializeResource, EtwEventUnregister, RtlDeleteResource, NtNotifyChangeSession, RtlInsertElementGenericTable, RtlLookupElementGenericTable, RtlDeleteElementGenericTable, NtOpenEvent, RtlInitUnicodeString, RtlInitializeGenericTable, RtlEnumerateGenericTable, NtOpenSession, NtSetSystemInformation, NtQuerySystemTime, NtFreeVirtualMemory, NtAllocateVirtualMemory, RtlConnectToSm, RtlSendMsgToSm, NtDuplicateToken, RtlRaiseException, RtlAcquireResourceExclusive, RtlAcquireResourceShared, RtlReleaseResource, NtQuerySystemInformation, RtlEqualSid, NtSetSecurityObject, NtQuerySecurityObject, NtOpenSymbolicLinkObject, NtQueryDirectoryObject, NtCreateDirectoryObject, NtQueryValueKey, NtOpenKey, NtDuplicateObject, NtQueryInformationProcess, RtlMapGenericMask, RtlGetAce, RtlQueryInformationAcl, RtlGetDaclSecurityDescriptor, RtlCreateUserSecurityObject, RtlGetOwnerSecurityDescriptor, RtlDeleteAce, RtlSetGroupSecurityDescriptor, RtlCopySecurityDescriptor, RtlGetGroupSecurityDescriptor, NtTerminateProcess, NtWaitForSingleObject, RtlPrefixUnicodeString, NtClose, NtCreateEvent, RtlNumberGenericTableElements, RtlFreeSid, RtlSetDaclSecurityDescriptor, RtlAddAccessAllowedAce, RtlCreateAcl, RtlCreateSecurityDescriptor, RtlLengthSid, RtlAllocateAndInitializeSid, NtCreatePort, NtCompleteConnectPort, NtAcceptConnectPort, NtReplyPort, DbgPrint, NtOpenProcess, NtCreateSection, NtReplyWaitReceivePort, RtlNtStatusToDosError, NtQueryLicenseValue, RtlLeaveCriticalSection, RtlEnterCriticalSection, RtlAdjustPrivilege, NtQueryInformationToken, EtwEventRegister, DbgBreakPoint

rpcrt4.dll

RpcServerTestCancel, NdrAsyncServerCall, NdrServerCall2, RpcImpersonateClient, RpcRevertToSelf, I_RpcMapWin32Status, UuidCreate, UuidToStringW, RpcAsyncCompleteCall, RpcServerSubscribeForNotification, RpcServerInqCallAttributesW, RpcServerInqDefaultPrincNameW, RpcServerRegisterAuthInfoW, RpcServerUnsubscribeForNotification, I_RpcBindingIsClientLocal, I_RpcBindingInqLocalClientPID, RpcServerUseProtseqEpW, RpcServerRegisterIfEx, RpcServerListen, RpcBindingToStringBindingW, RpcStringBindingParseW, RpcMgmtWaitServerListen, RpcStringFreeW, UuidFromStringW

sysntfy.dll

SysNotifyStartServer

wmsgapi.dll

WmsgSendMessage

lsm.exe

Local Session Manager Service by Microsoft

Remove lsm.exe

Version:	6.0.6000.16386 (vista_rtm.061101-2205)
MD5:	77f52395637906269b91264ffe576b51
SHA1:	e249ae0fa37ba1afc3cf4609b6b81dfd0be2f37c
SHA256:	aa5c7fde0fe86e812e494d73966475b0b06236e17fb14c2f9839cd3f46664298

This is a Windows system installed file with Windows File Protection (WFP) enabled.

What is lsm.exe?

Local Security Authority Subsystem Service (LSASS), is a process in Microsoft Windows operating systems that is responsible for enforcing the security policy on the system. It verifies users logging on to a Windows computer or server, handles password changes, and creates access tokens.

Overview

lsm.exe executes as a process under the SYSTEM account with extensive privileges (the system and the administrator accounts have the same file privileges) typically within the context of its parent wininit.exe (Windows Start-Up Application by Microsoft). This version is designed to run on Windows Vista and is compiled as a 32 bit program.

Details

File name:	lsm.exe
Publisher:	Microsoft Corporation
Product name:	Local Session Manager Service
Description:	Microsoft® Windows® Operating System
Typical file path:	C:\Windows\System32\lsm.exe
Original name:	lsm.exe.mui
File version:	6.0.6000.16386 (vista_rtm.061101-2205)
Product version:	6.0.6000.16386
Size:	206 KB (210,944 bytes)
Digital DNA
Entropy:	6.506473
File packed:	No
Code language:	Microsoft Visual C++
.NET CLR:	No

More details

Resource utilization

(Note: statistics below are averages based on a minimum sample size of 200 unique participants)

Averages

CPU
Total CPU:	0.00237147%	0.028634%
Kernel CPU:	0.00189615%	0.013761%
User CPU:	0.00047532%	0.014873%
Kernel CPU time:	1,483,535 ms/min	100,923,805ms/min
CPU cycles:	240,484/sec	17,470,203/sec
Memory
Private memory:	3.59 MB	21.59 MB
Private (maximum):	3.74 MB
Private (minimum):	1.97 MB
Non-paged memory:	3.59 MB	21.59 MB
Virtual memory:	31.47 MB	140.96 MB
Virtual memory (peak):	31.83 MB	169.69 MB
Working set:	2.58 MB	18.61 MB
Working set (peak):	4.44 MB	37.95 MB
Page faults:	15,283/min	2,039/min
I/O
I/O read transfer:	0 Bytes/sec	1.02 MB/min
I/O read operations:	1/sec	343/min
I/O write transfer:	0 Bytes/sec	274.99 KB/min
I/O write operations:	1/sec	227/min
I/O other transfer:	6 Bytes/sec	448.09 KB/min
I/O other operations:	1/sec	1,671/min
Resource allocations
Threads:	10	12
Handles:	521	600

Process properties

Integrety level:	System
Platform:	32-bit
Command line:	C:\Windows\System32\lsm.exe
Owner:	SYSTEM
Parent process:	wininit.exe (Windows Start-Up Application by Microsoft)

Threads

Averages

RPCRT4.dll
Total CPU:	0.03467936%	0.272967%
Kernel CPU:	0.01198490%	0.107585%
User CPU:	0.02269446%	0.165382%
CPU cycles:	726,660/sec	5,741,424/sec
Context switches:	6/sec	79/sec
Memory:	780 KB	1.16 MB
lsm.exe (main module)
Total CPU:	0.00029033%
Kernel CPU:	0.00027844%
User CPU:	0.00001189%
CPU cycles:	4,618/sec
Memory:	216 KB
ntdll.dll
Total CPU:	0.00000836%
Kernel CPU:	0.00000248%
User CPU:	0.00000588%
CPU cycles:	80/sec
Memory:	1.12 MB

Distribution by Windows OS

OS version	distribution
Windows 7 Home Premium	56.00%
Windows 7 Ultimate	26.00%
Windows 7 Professional	9.00%
Windows 7 Home Basic	3.50%
Windows Vista Home Premium	3.50%
Windows 7 Starter	1.00%
Windows Seven Black Edition	0.50%
Windows Vista Home Basic	0.50%

Distribution by country

United States installs about 47.24% of Local Session Manager Service.

Distribution by PC manufacturer

PC Manufacturer	distribution
Dell	26.42%
Hewlett-Packard	18.87%
ASUS	13.58%
Acer	12.83%
Toshiba	12.08%
Sony	3.77%
Lenovo	3.02%
Samsung	2.26%
GIGABYTE	2.26%
MSI	1.51%
Alienware	0.75%
Medion	0.75%
Intel	0.75%
Gateway	0.75%
Sahara	0.38%

Remove Adware and Spyware Programs, FREE Download!