lsass.exe security errors

  • Thread starter Thread starter John Bacon
  • Start date Start date
J

John Bacon

My security event log is filled with these errors.
Does anyone know why or how to fix it?
The Windows Firewall has detected an application listening for incoming
traffic.

Name: -
Path: C:\WINDOWS\system32\lsass.exe
Process identifier: 1160
User account: SYSTEM
User domain: NT AUTHORITY
Service: Yes
RPC server: No
IP version: IPv4
IP protocol: UDP
Port number: 2938
Allowed: No
User notified: No

For more information, see Help and Support Center at
 
Re: lsass.exe security errors

On Jul 13, 3:32 pm, John Bacon <JohnBa...@discussions.microsoft.com>
wrote:
> Mysecurityevent log is filled with these errors.
> Does anyone know why or how to fix it?
> The Windows Firewall has detected an application listening for incoming
> traffic.
>
> Name: -
> Path: C:\WINDOWS\system32\lsass.exe
> Process identifier: 1160
> User account: SYSTEM
> User domain: NT AUTHORITY
> Service: Yes
> RPC server: No
> IP version: IPv4
> IP protocol: UDP
> Port number: 2938
> Allowed: No
> User notified: No
>
> For more information, see Help and Support Center at

Could be a security threat---Trojan.Backdoor, Verify through any anti-
spyware or anit-malware software that you are familiar with. Then
follow the listed link in order to remove it.

http://wiki.answers.com/Q/How_do_you_remove_the_issas.exe_computer_virus

Ben
 
Re: lsass.exe security errors

I only have Lsass.exe on disk which seems to be the correct Microsoft program.
Can't find any entries in registry.
Virus scanner doesn't find anything.
But still getting security events.

"Benny Van" wrote:

> On Jul 13, 3:32 pm, John Bacon <JohnBa...@discussions.microsoft.com>
> wrote:
> > Mysecurityevent log is filled with these errors.
> > Does anyone know why or how to fix it?
> > The Windows Firewall has detected an application listening for incoming
> > traffic.
> >
> > Name: -
> > Path: C:\WINDOWS\system32\lsass.exe
> > Process identifier: 1160
> > User account: SYSTEM
> > User domain: NT AUTHORITY
> > Service: Yes
> > RPC server: No
> > IP version: IPv4
> > IP protocol: UDP
> > Port number: 2938
> > Allowed: No
> > User notified: No
> >
> > For more information, see Help and Support Center at
>
> Could be a security threat---Trojan.Backdoor, Verify through any anti-
> spyware or anit-malware software that you are familiar with. Then
> follow the listed link in order to remove it.
>
> http://wiki.answers.com/Q/How_do_you_remove_the_issas.exe_computer_virus
>
> Ben
>
>
 

Similar threads

AWS
How to proactively defend against Mozi IoT botnet
Replies
1
Views
323
Tony D
Tony D
AWS
A closer look at Qakbot’s latest building blocks (and how to knock them down)
Replies
1
Views
291
Tony D
Tony D
Tony D
Too much protection
Replies
10
Views
11K
starbuck
starbuck
Tony D
MBAM found Rootkit.Fileless.MT Gen
Replies
18
Views
2K
starbuck
starbuck
AWS
FinFisher exposed: A researcher’s tale of defeating traps, tricks, and complex virtual machines
Replies
2
Views
764
allheart55 (Cindy E)
allheart55 (Cindy E)
Back
Top