tds3 update

Discussion in 'Trojan Defence Suite' started by the mul, Mar 11, 2004.

Thread Status:
Not open for further replies.
  1. the mul

    the mul Registered Member

    Joined:
    Jul 31, 2003
    Posts:
    1,703
    Location:
    scotland
    When tds starts to download the update, up pops a warning box from norton firewall saying, programme- c:/windows/system32/lsass.exe
    protocol-udp [inbound] what do u want to do, [permit] or [block] and norton says that this is also a low risk warning.
    I have not seen this before when updating tds, and the update works fine with no problems, even if i block lsass.exe [ inbound] all works well.
    Can u tell me what lsass.exe does, or is, and is it ok to permit.


    thanks the mul
     
  2. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Hi Mul, I'd guess that the connection is internal to your pc "LocalHost" So probably your system talking to itself:
    If you use Port Explorer you could see it easily, If you have not tried PE then get the free trial :D

    Process File: lsass or lsass.exe
    Process Name: Local Security Authority Service
    Description: Windows Local Security Authority Server Process handles Windows security mechanisms. It verifies the validity of user logons to your computer or server. Technically, the software generates the process that is responsible for authenticating users for the Winlogon service.
    Company: Microsoft Corp.
    System Process: Yes
    Security Risk ( Virus/Trojan/Worm/Adware/Spyware ): No
     
  3. puff-m-d

    puff-m-d Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    4,451
    Location:
    North Carolina, USA
    the mul,

    There are several possibilities for lsass.exe. since yours is located at c:/windows/system32/lsass.exe, I would say it is the legitimate Windows file. You can find more info here.

    Also, lsass.exe can come from a virus. See here.

    I am not sure whether you want to permit or block the connection attempt tho. I have never seen it trying to connect on my system. You could try blocking it and see what happens or wait for someone else to give advice.

    Regards,
    Kent
     
  4. puff-m-d

    puff-m-d Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    4,451
    Location:
    North Carolina, USA
    You might also want to take a look at this thread.

    Regards,
    Kent
     
  5. the mul

    the mul Registered Member

    Joined:
    Jul 31, 2003
    Posts:
    1,703
    Location:
    scotland
    Thanks for all your help, i do have port explorer v1.800and the next time i will use pe and see what is going on .
    I did check windows c:/windows/system32/lsass.exe,and i also confirmed it as Local Security Authority Service as well, and as i say everything is ok, and working fine.
    In norton firewall, i have automatic programme control box unchecked, so that if anything requires permmision to install, it asks the user first, rather than the programme doing it for u, so maybe this is the reason i am getting this warning box.

    Thanks Again

    The Mul
     
Thread Status:
Not open for further replies.