Does lsass.exe need to access the internet to perform its security functions?

Assume it's not a trojan or any malware (i.e., it is the actual program and not dangerous). Does it need internet access for any legitimate reason on a single computer that goes online to surf the web? The single computer is not part of any network or anything.

What's the file path of lsass.exe? It must be C:\Windows\System32\lsass.exe (http://www.neuber.com/taskmanager/process/lsass.exe.html). To be sure it's not malware, scan it at VirusTotal (http://www.virustotal.com/) (don't post the scan result here).

{QUOTE-> LSASS (Local Security Authority System Service): LSASS is the Local Security Authority Subsystem. It receives authentication requests from Winlogon and calls the appropriate authentication package. There have been reported numerous exploits and DoS scenarios for LSASS, so I strongly disrecommend having LSASS open to communicate with the Internet. There is a particular exploit using null sessions, leading to filled-up session arrays in LSASS. The worm Lovgate will also abuse LSASS. If LSASS crashes, your system willeither reboot automatically or simply deny any further logon attempts for you. <-QUOTE}

thanatos

As far as i read about this on the net,yes it does.When i used zone alarm or comodo ,i also got these pop-ups ,got me a little bit-worried,but it's a legit process of windows.It can be malware as thanatos said when the file is not located in %windir%.

{QUOTE-> Does lsass.exe need to access the internet to perform its security functions?

Assume it's not a trojan or any malware (i.e., it is the actual program and not dangerous). Does it need internet access for any legitimate reason on a single computer that goes online to surf the web? The single computer is not part of any network or anything. <-QUOTE}

Where it want to access? That's help a lot to solve this problem. In my system if it's want to connect HTTP, HTTPS, IMAP (SSL) server IP, SMTP (SSL) server IP or DNS server IP then it's allowed otherwise blocked. I have rulebased firewall so I can't check it now.

No need to get to net on my computer. I've even closed the service (ipsec) totally.

I don't think it does unless the computer is part of a networked domain and file sharing occurs between computers.

If it's just a stand alone computer, it doesn't need internet access. I've blocked it and I've had no probs. If I file shared across a network though, then there would be probs if security was set up.