What is LSASS?

Would it be correct that if you did a search for all files and folders for lsass and found it anywhere except C:\windows\system32 or C:\winnt\system32 folders that would be a reason for concern?

EDITOR'S NOTE: I think it normally shows up in I386 (with .EX_ extension) and maybe the DLL cache folder, too. Where did you find it?

Very Useful information.

Thanks, Durga Charan Ojha

Recently, MSN messenger has been starting up automatically with my computer, tries to connect to the internet and won't close (claiming another program is using it, so I must close that program first) unless I go to the Close Program window and close "Lsass" (which has never infact shown up in the close program window before). Is this supposed to happen?

EDITOR'S NOTE: I would run a good virus and spyware scan...

I too had lsass.exe running on my system for several hours at bootup, taking over 30% of my cpu. It turned out that I somehow got over 1,200,000 files in

documents and settings\user name\application data\microsoft\protect

put there by a rogue program. These files were being inspected one by one by lsass.exe and the process was taking over my machine.

They all were created in January 2006 and didn't seem to serving a useful purpose so I took a chance and deleted them. Once I cleaned them out using CCleaner (taking over 3 hours) everything went A LOT faster. Since then I have gone through my c: drive and deleted over 75,000 other useless files, mostly MSMessenger ignore lists. My virus scan went from 3 hours down to 20 minutes.

I think I have the same problem.. While using messenger 7.5, lsass.exe is stable and working fine... when my messenger didn't allow me to be online before upgrading the messenger (this starten happening today), I did upgrade it to microsoft live messenger.. After the install, when I tried to connect , it couldn't.. The pc was slower so I looked to the taskmaneger and there was lsass.exe, using my %67 CPU power..

Whenewer I try to connect, the same thing happens.. How can I solve this problem ? Thanks..

EDITOR'S NOTE: How about removing the Messenger software that seems to be causing the problem? Uninstall it or use System Restore.

If I enable the Messenger option to store my address book on the local machine then lsass.exe takes 100% CPU for several minutes while Windows Live Messenger is connecting. Disabling this option cured the problem. I didn't notice it with any earlier Messenger.

I am increasingly disgusted by Microsoft's refusal to make software that isn't prepackaged with security vulnerabilities. Why does Microsoft get away with selling defective products? Its as if they do this purposefully for malevolent hackers and 3rd party software vendors to make money. My question is this, why are logon credentials among other things intentionally accessible to anyone on the internet? After a fresh install and offline update lsass and msdtc port 135 light up my firewall egress filter and its not doing so on 127.0.0.1. After detecting internet connectivity all this sensitive info is thrown out on the net without user consent.

EDITOR'S NOTE: It quite a leap of logic to say that just because a DLL is connecting to the Internet that logon credentials and other sensitive info is being broadcast on the internet. What makes you believe that?

if u have a rfi/emi problem, lsass goes to high cpu usages. wish i knew that info b4.