lsass.exe Virus/Trojan or innocent program?

[T3hG33ko]

That's lsass with an "L" and not an uppercase i. Anyways, if you click your start button and search lsass.exe there's a big chance you have it as well. Here's where it gets tricky. Many users reported this file as malicious. On the other hand Microsoft says otherwise. Some people remove this unwanted program while some sources say to not remove it or that it is simply unremovable.


I'm in a bit of a pickle. I care about my safety so should I delete it or keep it? Hard to tell whether to trust this file.

 

[MarkW]

"lsass.exe" is the Local Security Authentication Server. It verifies the validity of user logons to your PC or server. Lsass generates the process responsible for authenticating users for the Winlogon service. This is performed by using authentication packages such as the default, Msgina.dll. If authentication is successful, Lsass generates the user's access token, which is used to launch the initial shell. Other processes that the user initiates then inherit this token. http://www.neuber.com/taskmanager/process/lsass.exe.html
Note: The lsass.exe file is located in the folder C:\Windows\System32. In other cases, lsass.exe is a virus, spyware, trojan or worm! Check this with Security Task Manager

 

[peterracine]

You could check that particular file by uploading it to virustotal.com. If you can find it on your system you can upload it to said website where it is scanned with many (at least 50) anti-virus signature engines and I would like to add if only a few deem it malicious it is likely a false positive.