Jump to content

Local Security Authority Subsystem Service

From Wikipedia, the free encyclopedia
This is an old revision of this page, as edited by 37.30.16.150 (talk) at 20:34, 13 April 2020 (Fixed the example of naming - in Arial font which is used here as the font of article text, lowercase letter "L" and capital "i" look exactly the same! (I'm surprised noone has fixed this earlier)). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

Local Security Authority Subsystem Service (LSASS) is a process in Microsoft Windows operating systems that is responsible for enforcing the security policy on the system. It verifies users logging on to a Windows computer or server, handles password changes, and creates access tokens.[1] It also writes to the Windows Security Log.

Forcible termination of lsass.exe will result in the Welcome screen losing its accounts, prompting a restart of the machine.

Because lsass.exe is a crucial system file, its name is often faked by malware. The lsass.exe file used by Windows is located in the directory %WINDIR%\System32. If it is running from any other location, that lsass.exe is most likely a virus, spyware, trojan or worm. Due to the way some systems display fonts, malicious developers may name the file something like Isass.exe (capital "i" instead of a lowercase "L") in efforts to trick users into installing or executing a malicious file instead of the trusted system file.[2]

References

  1. ^ "Windows 7 Services | Windows CMD". SS64.com. Retrieved 2016-05-24.
  2. ^ "The Best Way To Remove Lsass.exe Virus - Fix Lsass Process". Errorboss.com. Retrieved 2016-05-24.
Retrieved from "https://en.wikipedia.org/w/index.php?title=Local_Security_Authority_Subsystem_Service&oldid=950783901"