Question about an event (lsass.exe)

ZoomerZoomer Member Posts: 126
I've been recently monitoring multiple computers and print workstations using an event analyzer and have been seeing multple counts that relate to lsass.exe which at first freaked me out (sasser worm), but haven't had any automatic shutdowns or anything.

This is what the event says:

The Windows Firewall has detected an application listening for incoming traffic. Name: - Path: C:\WINDOWSsystem32lsass.exe Process Identifier: 808 User account: SYSTEM User domain: NT AUTHORITY Service: Yes RPC server: No IP version: IPv4 IP protocol: UDP Port Number: 2320 Allowed: No User notified: No

Is there anything I should be concerned about? I'm getting this error at least four dozen times on about 9 stations and it has been checking since midnight this morning. Im in the process of running a virus scan (we have mcafee) on one of the systems that is having the failure, I ran one on the system32 folder and didn't find anything and am now running one on the whole computer.

Any suggestions?


Sign In or Register to comment.