Ok to block Lsass.exe ??

Discussion in 'other firewalls' started by Rainwalker, Nov 11, 2003.

Thread Status:
Not open for further replies.
  1. Rainwalker

    Rainwalker Registered Member

    Joined:
    May 18, 2003
    Posts:
    2,106
    Location:
    USA
    Greetings,
    I posted something about this awhile back but can't locate it so as to continue in that thread....sorry.......My firewall is blocking LSA shell ( export ) whenever i request a TDS-3 update. I receive the download but why is this happening? This LSA blocking ONLY happens with TDS update. Anyone with thoughts on this. o_O
     
  2. Rainwalker

    Rainwalker Registered Member

    Joined:
    May 18, 2003
    Posts:
    2,106
    Location:
    USA
    Hellooooooooooooooooo :D
     
  3. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,876
    Location:
    New England
    It's so quiet in here you can here a pin drop... :D

    The LSA shell (export) is used for network authentication. It is not terribly surprising that when you access a network resource (i.e. using your username and password to access the TDS-3 update defs) that you might trigger the LSA service. If you don't generally use it, (it's used for things like remote network authentication, VPN authentication, and other network accesses), you could try disabling the service altogether.

    However, regardless of what you do with the service, the key rule in security (and firewalls), if blocking something still allows it to work, then keep blocking it. Always go with the least privileges needed. The less you allow and still get full functionality, the better.
     
  4. Rainwalker

    Rainwalker Registered Member

    Joined:
    May 18, 2003
    Posts:
    2,106
    Location:
    USA
    Thanks LWM....... what was strange to me was that I have been using TDS-3 for some time now and this only started 2 months ago.
    It's times like these I am glad there are no dumb questions. Thanks again...... needed the reminder.
     
  5. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    Hi Rainwalker

    TDS requiring lsass is not something I have experienced.

    Do you have the IPSec Policy Agent service running? If so, and not required, try stopping it and set it to manual and see if that stops the prompts.

    Regards,

    CrazyM
     
  6. BlitzenZeus

    BlitzenZeus Security Expert

    Joined:
    Feb 11, 2002
    Posts:
    451
    Location:
    Oregon, USA
    On my install this runs 3 services so I can't really just shutdown the service from their discriptions.

    LSASS.EXE: PolicyAgent, ProtectedStorage, SamSs

    Either way just block outside access from it with your firewall.

    If you run XP Pro(not home), or a newer NT OS the command 'tasklist /svc' in the command prompt will bring up which windows programs are running windows services.
     
  7. Rainwalker

    Rainwalker Registered Member

    Joined:
    May 18, 2003
    Posts:
    2,106
    Location:
    USA
    Crazym.....thanks for comment....i do not have IPSec Policy Agent

    BlitzenZeus....thank you also....i can not really shut it down for same reason so i blocked outside access ( local Port 500 UDP ). Have not tried updating TDS since and again this activity happens only with TDS.....nothing else. Running XP Home.
     
  8. subratam

    subratam Registered Member

    Joined:
    Nov 14, 2003
    Posts:
    1,310
    Location:
    Issaquah, WA
    hey i also hav LSASS running... local ports 500 and 4500 anyway i also want to block outside access.....i hav tiny firewall as blitz knoz by nou....
     
  9. Rainwalker

    Rainwalker Registered Member

    Joined:
    May 18, 2003
    Posts:
    2,106
    Location:
    USA
    Hello Subratam
    I used Port Explorer to block.....if you have not yet used it check it out.
     
  10. subratam

    subratam Registered Member

    Joined:
    Nov 14, 2003
    Posts:
    1,310
    Location:
    Issaquah, WA
    hey i used Kerio firewall to block incoming windows services 135,445 and 500 thx :D
     
Loading...
Thread Status:
Not open for further replies.