What is LSASS?

Firstly, LSASS stands for:
Local Security Authority Subsystem Service.

It is a standard process within Windows operating systems and is responsible for enforcing the security policy on the machine.  It handles things like password changes, handles access tokens and writes to the Windows Security Log.

As it’s a standard system process, termination of it will result in Windows losing its accounts and having to restart.

Similar to svchost.exe it is often used by malware to hide itself.

The genuine lsass.exe should be located in %WINDIR%\System32 and should not be running from any other location.  If it is then you have got a problem!

Read More



Leave a Reply

Your email address will not be published. Required fields are marked *