lsass.exe concerns. Anyone advice please?

Discussion in 'other firewalls' started by truthseeker, Jan 27, 2008.

Thread Status:
Not open for further replies.
  1. truthseeker

    truthseeker Former Poster

    Joined:
    Jan 26, 2008
    Posts:
    977
    When I look in COMODO Firewall / Active Connections, I see the following running:

    C:/Windows/System32/lsass.exe TCP Listening: 49156

    Is this a trojan or rootkit or virus?

    Thanks
     
  2. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    In that location it should be Windows Local security authentication server

    One way to tell is to open a command window....Start > Run > and type tasklist /svc and you should see similar results. What does the LASSS.exe entry say ?

     
  3. truthseeker

    truthseeker Former Poster

    Joined:
    Jan 26, 2008
    Posts:
    977
    When I typed: tasklist /svc

    Image Name PID Services
    ========================= ======== ========================================
    System Idle Process 0 N/A
    System 4 N/A
    smss.exe 420 N/A
    csrss.exe 472 N/A
    csrss.exe 524 N/A
    wininit.exe 532 N/A
    services.exe 568 N/A
    lsass.exe 580 KeyIso, SamSs
    lsm.exe 588 N/A
    winlogon.exe 716 N/A
    svchost.exe 772 DcomLaunch, PlugPlay
    svchost.exe 828 RpcSs
    svchost.exe 960 Audiosrv, Dhcp, Eventlog, lmhosts, wscsv
    svchost.exe 996 AudioEndpointBuilder, hidserv, Netman,
    PcaSvc, TabletInputService, TrkWks, UxSm
    WdiSystemHost, Wlansvc, WPDBusEnum, wudf
    svchost.exe 1024 AeLookupSvc, BITS, Browser, CertPropSvc,
    EapHost, gpsvc, IKEEXT, iphlpsvc,
    LanmanServer, MMCSS, ProfSvc, RasMan,
    Schedule, seclogon, SENS, SessionEnv,
    ShellHWDetection, Winmgmt, wuauserv
    audiodg.exe 1140 N/A
    SLsvc.exe 1168 slsvc
    svchost.exe 1200 EventSystem, fdPHost, FDResPub,
    LanmanWorkstation, netprofm, nsi, SSDPSR
    upnphost, W32Time, wcncsvc, WebClient
    svchost.exe 1308 CryptSvc, Dnscache, KtmRm, NlaSvc, TapiS
    TermService
    ASLDRSrv.exe 1444 ASLDRService
    HControl.exe 1484 N/A
    ATKOSD2.exe 1492 N/A
    wcourier.exe 1500 N/A
    ACMON.exe 1508 N/A
    BatteryLife.exe 1516 N/A
    ACEngSvr.exe 1548 N/A
    svchost.exe 1588 BFE, DPS, MpsSvc
    ATKOSD.exe 1752 N/A
    svchost.exe 1788 BthServ
    cmdagent.exe 1816 cmdAgent
    PnkBstrA.exe 124 PnkBstrA
    PnkBstrB.exe 344 PnkBstrB
    svchost.exe 584 PolicyAgent
    spmgr.exe 1128 spmgr
    svchost.exe 1196 stisvc
    StkCSrv.exe 1348 StkSSrv
    WUDFHost.exe 2160 N/A
    taskeng.exe 2252 N/A
    WmiPrvSE.exe 2400 N/A
    taskeng.exe 3052 N/A
    dwm.exe 3084 N/A
    explorer.exe 3164 N/A
    ehsched.exe 3260 ehSched
    ehrecvr.exe 3340 ehRecvr
    jusched.exe 3688 N/A
    cfp.exe 3696 N/A
    ehtray.exe 3704 N/A
    ehmsas.exe 3784 N/A
    wmpnscfg.exe 4064 N/A
    usnsvc.exe 3668 usnjsvc
    firefox.exe 1300 N/A
    taskeng.exe 2784 N/A
    TrustedInstaller.exe 2284 TrustedInstaller
    WmiPrvSE.exe 2852 N/A
    cmd.exe 2664 N/A
    tasklist.exe 644 N/A


    Does that look OK?

    THanks
     
  4. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    As far as the executable LSASS goes, that is fine.

    LSASS.EXE and it's services are Netlogon,NtLmSsp,PolicyAgent and SamSs, which is the Security Accounts Manager service. The KeyIso entry next to the LSASS entry is Vista's CNG Key Isolation service. So your LSASS entry is fine and legit in regards to your initial question as it related to Comodo.
     
  5. truthseeker

    truthseeker Former Poster

    Joined:
    Jan 26, 2008
    Posts:
    977
    cool :) thanks.
     
Thread Status:
Not open for further replies.