Earlier today someone called me and asked me they had the file LSASS.EXE running in Task Manager and is it OK to remove it. It’s an interesting question, as it has been the subject of a Microsoft Security Bulletin, but the upshot is that it’s a required file used by Windows but can sometimes get hijacked by malware impersonating it in Task Manager.

 

Windows LSASS, or Local Security Authority Subsystem Service, is part of the Local Security Authority (LSA) used by more recent versions of Windows (NT upwards). The Service is used to validate users local logons and the LSA, which LSASS is a subsystem of, manages and enforces the local security policy on your computer.

LSASS became the subject of a Microsoft Security Bulletin (MS09-069) back in December 2009 where it was reported that a vulnerability in LSASS could allow an internet attack, see “Vulnerability in Local Security Authority Subsystem Service Could Allow Denial of Service (974392)” – the issue was addressed through automatic updates.

If you are worried about virus or other security concerns get your computer checked – there are a number of online virus checkers available including F-Secure Free Online Scanner, Trend Housecall and Symantec Free Virus Scan.

Related

• Task Manager Title Bar Missing
• Outlook closes but is still running in Task Manager
• Dealing with Event ID 2 and 3 on HP Systems Insight Manager
• Windows 7 Anti-Virus Packages
• Dealing with RTHDCPL.EXE – Illegal System DLL relocation