Sunday, June 21, 2009
"lsass.exe" is the Local Security Authentication Server. It verifies the validity of user logons to your PC or server. Lsass generates the process responsible for authenticating users for the Winlogon service. This is performed by using authentication packages such as the default, Msgina.dll. If authentication is successful, Lsass generates the user's access token, which is used to launch the initial shell. Other processes that the user initiates then inherit this token.
Often it is confused with confused with sasser virus, this lsass is a system program if you remove it your computer is left wide open for an attacker as lsass.exe is a security program to verify computers on your network.
There are chances of some malicious softwares acting on lsass.exe, so a root folder checking, and protection by a premier antivirus like Kaspersky Antivirus or Kaspersky Internet security will surely help in times of errors relating to it.