Software:Local Security Authority Subsystem Service
Local Security Authority Subsystem Service (LSASS)[1] is a process in Microsoft Windows operating systems that is responsible for enforcing the security policy on the system. It verifies users logging on to a Windows computer or server, handles password changes, and creates access tokens.[2] It also writes to the Windows Security Log.
Forcible termination of lsass.exe will result in the system losing access to any account, including NT AUTHORITY, prompting a restart of the machine. Because, lsass.exe is a crucial system file, its name is often faked by malware. The lsass.exe file used by Windows is located in the directory %WINDIR%\System32, and the description of the file is Local Security Authority Process. If it is running from any other location, that lsass.exe is most likely a virus, spyware, trojan or worm. Due to the way some systems display fonts, malicious developers may name the file something like Isass.exe (capital "i" instead of a lowercase "L") in efforts to trick users into installing or executing a malicious file instead of the trusted system file.[3] The Sasser worm spreads by exploiting a buffer overflow in the LSASS on Windows XP and Windows 2000 operating systems.
References
- ↑ "Configuring Additional LSA Protection". Microsoft. https://docs.microsoft.com/en-us/windows-server/security/credentials-protection-and-management/configuring-additional-lsa-protection.
- ↑ "Windows 7 Services | Windows CMD". SS64.com. https://ss64.com/nt/syntax-services.html.
- ↑ "The Best Way To Remove Lsass.exe Virus - Fix Lsass Process". Errorboss.com. 23 December 2014. http://www.errorboss.com/exe-files/lsass-exe/.
External links
 |  |
