What is Lsass.exe

Local Security Authority Process - Microsoft® Windows® Operating System - Microsoft Corporation

File description

Lsass.exe with description Local Security Authority Process is a process file from company Microsoft Corporation belonging to product Microsoft® Windows® Operating System.
The file is digitally signed from Microsoft Windows - Microsoft Time-Stamp Service
We do not recommend removing digitally signed files from Microsoft Windows

What is lsass.exe?
Lsass.exe is by Microsoft's definition, the Local Security Authentication Server. Its purpose is to validate attempts to log on to your machine. If the login is successful, it generates the user's access token and uses it to launch the shell (explorer.exe). Any processes the user launches will also inherit this token.

Due to the critical nature of this process, it cannot be stopped from the task manager. The screenshot below illustrates how it should appear in the task manager:



Notice that lsass.exe always runs as SYSTEM.

Dangers of lsass
Due to the critical nature of this process and the fact that it runs on all Windows NT-based systems (including Windows 2000, XP, and Vista), it is common for virus writers and spyware vendors to make their malware appear as though it is the genuine one.

Some malicious files may have the same name but will be stored somewhere other than in %SystemRoot%\System32. Other malware will use a name that appears similar to it but with slight differences in spelling or with appended digits. These include:
  • Isass.exe (starts with a capital i)
  • lsasss.exe (the Sasser worm)
If you are able to terminate the process from the task manager, the process is not the legitimate one. Furthermore, there will never be more than one copy of this process running at a given time.

Common problems
  • Error message "lsass.exe. system error" on startup
    • This error is caused by the Sasser worm. This error may prevent you from logging in. Try booting into safe mode to run a scan if possible. After removal, a repair installation of Windows may be necessary to restore functionality.
  • This process uses an excessive amount of CPU time
    • There are a myriad causes for lsass to use too much CPU time; however, the most common cause was addressed by a Windows update back in 2006. Ensure that your system is up to date.

Automatic startup locations

001 Running Processes
002 Autorun registry entries local machine
003 Autorun registry entries Current User
004 All users startup startmenu
005 Current user startup startmenu
006 Start Menu\Programs\Startup
007 Roaming Start Menu\Programs\Startup
008 Autorun registry entries Default user
009 Autorun registry entries SYSTEM user
010 Installed services
012 Autorun registry entries S-1-5-XX users
033 Winlogon Userinit
034 Winlogon Shell
035 Active Setup Installed Components
037 Winlogon System
065 Image File Execution Options (debugger)
135 Current User Runonce (+ subkeys)
136 Local Machine Runonce (+subkeys)
166 HKCU Policies\Explorer\Run
167 HKLM Policies\Explorer\Run

Digital signatures found for this file

    Certificate 
194 Microsoft Windows - Microsoft Time-Stamp Service
61 Microsoft Windows Component Publisher - Microsoft Timestamping Service
33 Microsoft Windows Publisher - VeriSign Time Stamping Services Signer
29 Microsoft Windows XP Publisher - VeriSign Time Stamping Service
27 Microsoft Windows 2000 Publisher - VeriSign Time Stamping Services Signer
14 Microsoft Windows 2000 Publisher - VeriSign Time Stamping Service
13 Microsoft Windows XP Publisher (Europe) - VeriSign Time Stamping Service
7 Microsoft Windows - Microsoft Timestamping Service
3 Microsoft Windows - VeriSign Time Stamping Services Signer
2 Microsoft Windows 2000 Publisher (Europe) - VeriSign Time Stamping Service
2 Microsoft Windows 2000 Publisher (Europe) - VeriSign Time Stamping Service CA SW1
1 Microsoft Windows Component Publisher - VeriSign Time Stamping Services Signer
1 Microsoft Windows 2000 Publisher - VeriSign Time Stamping Service CA SW1
1 Microsoft Windows Publisher - VeriSign Time Stamping Service
1 Ts Security System - Seguranc a em Sistemas Ltda - Symantec Time Stamping Services Signer - G3

MD5 security rating in our database

417 files (Not yet rated and not signed)
123 files (Not yet rated and digitally signed)
7 files (Safe and not signed)
306 files (Safe and digitally signed)
1 files ( malware and not signed)
Some versions of this file are spyware, a virus or other malware.
Warning: Some malware might rename itself to lsass.exe. Always make sure that your file is from a verified publisher.

User ratings for this file

File rating: Average rating of lsass.exe: by 854 files and users.

Application errors

Fix lsass.exe application error:  Run a FREE registry scan

User comments

I had the lsass.exe issue on XP sp-2 pro editing.I tried a scan in safe mode and that removed svchost.exe and i had to repaired OS.Ended up formating and reinstalling OS .So beaware of this lsass.exe error

Surendra Dawane .


Please add your comments if you have more information about this file or if you know how to solve lsass.exe application errors.


File safety :

File security rating :

Are you human? How much is 18+14:


Like this page?

Please support this free service by giving us a Google+1


Browse files by letter

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

More system processes

lsasss.exe lsassv.exe lsaus.exe
lsbackup.exe lsbcmnds.sys lsbuilder.exe
lsburnwatcher.exe lsc.exe LscaGui.exe
LScanPort.exe lscape.exe lscass.dll

Lansweeper computer inventory From the creator of Runscanner:

Lansweeper
is an automated IT asset management tool. It can quickly scan your computers and has over 250 default reports available.

There is no need to install any agents on the scanned computers, all hardware and software inventory scanning is done by standard build-in functionality.