Local Security Authority Subsystem Service: Difference between revisions

Latest revision as of 13:51, 24 June 2025

Template:Short description Template:Refimprove Local Security Authority Subsystem Service (LSASS)^[1] is a process in Microsoft Windows operating systems that is responsible for enforcing the security policy on the system. It verifies users logging on to a Windows computer or server, handles password changes, and creates access tokens.^[2] It also writes to the Windows Security Log.

Forcible termination of Template:Mono will result in the system losing access to any account, including NT AUTHORITY, prompting a restart of the machine. Because Template:Mono is a crucial system file, its name is often faked by malware. The Template:Mono file used by Windows is located in the directory Template:Mono, and the description of the file is Local Security Authority Process. If it is running from any other location, that Template:Mono is most likely a virus, spyware, trojan or worm. Due to the way some systems display fonts, malicious developers may name the file something like Template:Mono (capital "i" instead of a lowercase "L") in efforts to trick users into installing or executing a malicious file instead of the trusted system file.^[3] The Sasser worm spreads by exploiting a buffer overflow in the LSASS on Windows XP and Windows 2000 operating systems.

References

Template:Reflist

External links

Template:Windows Components

↑ Script error: No such module "citation/CS1".
↑ Script error: No such module "citation/CS1".
↑ Script error: No such module "citation/CS1".

[1] Script error: No such module "citation/CS1".

[2] Script error: No such module "citation/CS1".

[3] Script error: No such module "citation/CS1".

[1]

[2]

[3]

@@ Line 3: / Line 3: @@
 '''Local Security Authority Subsystem Service''' ('''LSASS''')<ref>{{cite web|url=https://docs.microsoft.com/en-us/windows-server/security/credentials-protection-and-management/configuring-additional-lsa-protection |title=Configuring Additional LSA Protection |publisher=Microsoft |access-date=2022-02-04}}</ref> is a [[Process (computing)|process]] in [[Microsoft Windows]] [[operating system]]s that is responsible for enforcing the [[security policy]] on the system.  It verifies users logging on to a Windows computer or server, handles password changes, and creates [[access token]]s.<ref>{{cite web|url=https://ss64.com/nt/syntax-services.html |title=Windows 7 Services &#124; Windows CMD |publisher=SS64.com |access-date=2016-05-24}}</ref> It also writes to the [[Windows Security Log]].
-Forcible termination of {{mono|lsass.exe}} will result in the system losing access to any account, including NT AUTHORITY, prompting a restart of the machine. Because, {{mono|lsass.exe}} is a crucial system file, its name is often faked by malware. The {{mono|lsass.exe}} file used by Windows is located in the [[Directory (computing)|directory]] {{mono|%WINDIR%\System32}}, and the description of the file is '''Local Security Authority Process'''. If it is running from any other location, that {{mono|lsass.exe}} is most likely a [[Computer virus|virus]], [[spyware]], [[Trojan horse (computing)|trojan]] or [[Worm (computing)|worm]]. Due to the way some systems display fonts, malicious developers may name the file something like {{mono|Isass.exe}} (capital "i" instead of a lowercase "L") in efforts to trick users into installing or executing a malicious file instead of the trusted system file.<ref>{{cite web |url=http://www.errorboss.com/exe-files/lsass-exe/ |title=The Best Way To Remove Lsass.exe Virus - Fix Lsass Process |date=23 December 2014 |publisher=Errorboss.com |access-date=2016-05-24 |archive-date=2015-09-24 |archive-url=https://web.archive.org/web/20150924001856/http://www.errorboss.com/exe-files/lsass-exe/ |url-status=dead }}</ref> The [[Sasser (computer worm)|Sasser worm]] spreads by exploiting a [[buffer overflow]] in the LSASS on [[Windows XP]] and [[Windows 2000]] operating systems.
+Forcible termination of {{mono|lsass.exe}} will result in the system losing access to any account, including NT AUTHORITY, prompting a restart of the machine. Because {{mono|lsass.exe}} is a crucial system file, its name is often faked by malware. The {{mono|lsass.exe}} file used by Windows is located in the [[Directory (computing)|directory]] {{mono|%WINDIR%\System32}}, and the description of the file is '''Local Security Authority Process'''. If it is running from any other location, that {{mono|lsass.exe}} is most likely a [[Computer virus|virus]], [[spyware]], [[Trojan horse (computing)|trojan]] or [[Worm (computing)|worm]]. Due to the way some systems display fonts, malicious developers may name the file something like {{mono|Isass.exe}} (capital "i" instead of a lowercase "L") in efforts to trick users into installing or executing a malicious file instead of the trusted system file.<ref>{{cite web |url=http://www.errorboss.com/exe-files/lsass-exe/ |title=The Best Way To Remove Lsass.exe Virus - Fix Lsass Process |date=23 December 2014 |publisher=Errorboss.com |access-date=2016-05-24 |archive-date=2015-09-24 |archive-url=https://web.archive.org/web/20150924001856/http://www.errorboss.com/exe-files/lsass-exe/ |url-status=dead }}</ref> The [[Sasser (computer worm)|Sasser worm]] spreads by exploiting a [[buffer overflow]] in the LSASS on [[Windows XP]] and [[Windows 2000]] operating systems.
 ==References==

Local Security Authority Subsystem Service: Difference between revisions

Latest revision as of 13:51, 24 June 2025

References

External links

Navigation menu

Search