3 replies to this topic

[watcherduck]

I was browsing my services to see what was started manually and what was started automatically, and what was dependent on the service. (okay, I was bored).

I came across "Protected Storage" and upon looking at the path and dependencies, I noticed that the path was C:\WINDOWS\system 32\Isass.exe. I cant tell whether it is a capital I or a lower case l. The dependency is Remote Proceedure Call (RPC) which strikes me as suspicious.

Can someone look at these captures and give me an educated opinion?
Thanks! and Aloha, Don

[Abydos]

Hi Watcherduck

All 3 services are normal benign in nature.

lsass.exe (with lower L) is a system process that control local security and login policies. It should not be teminated as it is vital to the overall security of your windows system.

Sidenote: The most notably infection in this file that springs to mind, is the lsass.worm.
But if you were infected, you would know, as it starts a clock on your screen, bidding you to close everything and backup your stuff before its countdown reaches zero (something like that anyhow). Google it if you want.

Remote Procedure Call

Protected Storage (Can be closed without any complications other than you have to write your passwords in OE and IE thereafter)

Regards Abydos

[watcherduck]

Thanks! I did google some, but couldn't find a satisfactory explanation, except the lsass worm, and was wondering. These links are excellent. Again thanks! Aloha, Don

[Abydos]

Hi Watcherduck

Youre welcome

If you have similar questions, a great site is this one

At the bottom of the page, look for the category Libraries.

TheEldergeek.com is also great.

Kind regards Abydos