Monday, September 15, 2008

200.10 - Important Window Process Files


At Any Given time, there are numerous processes running on your computer. Viruses generally try to hide their presence by closing imitating a real process that is important to the operation of your system.
See Blog Post # 200.06 for help in correctly identifying processes. Here is a few of the Important ones that should NOT be deleted.

LuCallBackProxy

Several people have asked me about this process. It is actually part of your Norton Internet Security software. It assists LiveUpdate in retrieving and loading updates for Norton programs.

This is important for keeping security programs up to date. Don’t disable it. If you do, your computer could be open to malware.

lsass.exe

This is a Windows system process. It deals with local security and log-in policies. It’s used to authenticate users trying to sign on to your computer. This is crucial for the security of your PC.

However, Isass.exe is a virus. Wait, don’t they look the same? Yes, and that’s the point. The good process’ name begins with a lowercase L. The bad one begins with an uppercase I. When looking at processes on your PC, the font is usually san-serif. This font can make it difficult to tell the difference. The use of the upper-case I is not coincidental.

Isass.exe can disable your security programs, including your firewall. It also opens a backdoor for hackers. This program should be disabled and removed immediately. But be careful not to mix it up with lsass.exe.

csrss.exe

This is part of the Microsoft Client/Server Runtime Server Subsystem. It handles most of the graphical commands for Windows.

You need this file for your PC to run properly. Leave it alone.

smss.exe

This process is part of Windows. Its real name is Session Manager Subsystem. It controls sessions for your PC.

If you end this process, many programs will not function properly.

wuauclt.exe

This process manages automatic updates for Windows. It runs in the background and continually checks for updates. It uses your Internet connection to do the checking.


200.10

Contributing Source:

Kim Komando

9/15/08
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)