lsass.exe

[Guest]

Archived from groups: microsoft.public.windowsxp.general (More info?)

I am having issues with this file constantly causing my security logs to
fill up.

Error

Source : Security
Category: Detailed Tracking
Event ID: 861



The windows firewall detected an application listening for incoming traffic.


Isn't it suppose to do this? Why would the XP Firewall cause this log an
event.


This is occuring on multiple computers.


Please help


Thank You

 

[Guest]

Archived from groups: microsoft.public.windowsxp.general (More info?)

Double check your systems do not have multiple locations for the LSASS.EXE.
You could be infected with w32.nimos.worm or some other virus. Make sure
your anitvirus software is updated and reboot in safe mode and run a full
virus scan.


"TPSchaefer@hotmail.com" wrote:

> I am having issues with this file constantly causing my security logs to
> fill up.
>
> Error
>
> Source : Security
> Category: Detailed Tracking
> Event ID: 861
>
>
>
> The windows firewall detected an application listening for incoming traffic.
>
>
> Isn't it suppose to do this? Why would the XP Firewall cause this log an
> event.
>
>
> This is occuring on multiple computers.
>
>
> Please help
>
>
> Thank You
>
>
>
>
>

 

[newguy]

Archived from groups: microsoft.public.windowsxp.general (More info?)

I have the same problem with the firewall. Did you find a solution? I do not
think is is a virus.

"TPSchaefer@hotmail.com" wrote:

> I am having issues with this file constantly causing my security logs to
> fill up.
>
> Error
>
> Source : Security
> Category: Detailed Tracking
> Event ID: 861
>
>
>
> The windows firewall detected an application listening for incoming traffic.
>
>
> Isn't it suppose to do this? Why would the XP Firewall cause this log an
> event.
>
>
> This is occuring on multiple computers.
>
>
> Please help
>
>
> Thank You
>
>
>
>
>

 

[Guest]

Archived from groups: microsoft.public.windowsxp.general (More info?)

You might consider removing the sasser virus from the machine. That is what
Lssas.exe is.

"newguy" <newguy@discussions.microsoft.com> wrote in message
news:3DC48CC8-F10A-4D13-9CA0-B0E5BF5D3945@microsoft.com...
>I have the same problem with the firewall. Did you find a solution? I do
>not
> think is is a virus.
>
> "TPSchaefer@hotmail.com" wrote:
>
>> I am having issues with this file constantly causing my security logs to
>> fill up.
>>
>> Error
>>
>> Source : Security
>> Category: Detailed Tracking
>> Event ID: 861
>>
>>
>>
>> The windows firewall detected an application listening for incoming
>> traffic.
>>
>>
>> Isn't it suppose to do this? Why would the XP Firewall cause this log an
>> event.
>>
>>
>> This is occuring on multiple computers.
>>
>>
>> Please help
>>
>>
>> Thank You
>>
>>
>>
>>
>>

 

[newguy]

Archived from groups: microsoft.public.windowsxp.general (More info?)

I was under the impression that lssas.exe was a process that deals with local
security and login policies. Check out the link.

http://www.liutilities.com/products/wintaskspro/processlibrary/lsass/

Plus the virus scan did not find anything. Maybe I should post my errors.

++++++++++++++++++++++++++++++++++++++++++++++++++++=
#1
Event Type: Failure Audit
Event Source: Security
Event Category: Detailed Tracking
Event ID: 861
Date: 9/17/2005
Time: 2:10:06 AM
User: NT AUTHORITY\SYSTEM
Computer: 3207-21
Description:
The Windows Firewall has detected an application listening for incoming
traffic.

Name: -
Path: C:\WINDOWS\system32\svchost.exe
Process identifier: 1068
User account: SYSTEM
User domain: NT AUTHORITY
Service: Yes
RPC server: No
IP version: IPv4
IP protocol: UDP
Port number: 3022
Allowed: No
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++==
#2
Event Type: Failure Audit
Event Source: Security
Event Category: Detailed Tracking
Event ID: 861
Date: 9/17/2005
Time: 2:15:24 AM
User: NT AUTHORITY\SYSTEM
Computer: 3207-21
Description:
The Windows Firewall has detected an application listening for incoming
traffic.

Name: -
Path: C:\WINDOWS\system32\lsass.exe
Process identifier: 728
User account: SYSTEM
User domain: NT AUTHORITY
Service: Yes
RPC server: No
IP version: IPv4
IP protocol: UDP
Port number: 3029
Allowed: No
++++++++++++++++++++++++++++++++++++++++++++++++++++++

Any suggestions?


"Jone Doe" wrote:

> You might consider removing the sasser virus from the machine. That is what
> Lssas.exe is.
>
> "newguy" <newguy@discussions.microsoft.com> wrote in message
> news:3DC48CC8-F10A-4D13-9CA0-B0E5BF5D3945@microsoft.com...
> >I have the same problem with the firewall. Did you find a solution? I do
> >not
> > think is is a virus.
> >
> > "TPSchaefer@hotmail.com" wrote:
> >
> >> I am having issues with this file constantly causing my security logs to
> >> fill up.
> >>
> >> Error
> >>
> >> Source : Security
> >> Category: Detailed Tracking
> >> Event ID: 861
> >>
> >>
> >>
> >> The windows firewall detected an application listening for incoming
> >> traffic.
> >>
> >>
> >> Isn't it suppose to do this? Why would the XP Firewall cause this log an
> >> event.
> >>
> >>
> >> This is occuring on multiple computers.
> >>
> >>
> >> Please help
> >>
> >>
> >> Thank You
> >>
> >>
> >>
> >>
> >>
>
>
>

 

[Guest]

Archived from groups: microsoft.public.windowsxp.general (More info?)

In news:C0EB662B-EEC6-4575-BBC4-573DD20AF61C@microsoft.com,
newguy <newguy@discussions.microsoft.com> typed:

> I was under the impression that lssas.exe was a process that
> deals
> with local security and login policies. Check out the link.
>
> http://www.liutilities.com/products/wintaskspro/processlibrary/lsass/


Please note that your link references lsass.exe. It's lssas.exe
that's one of several different worms, trojans, etc.


--
Ken Blake - Microsoft MVP Windows: Shell/User
Please reply to the newsgroup



>
> Plus the virus scan did not find anything. Maybe I should post
> my
> errors.
>
> ++++++++++++++++++++++++++++++++++++++++++++++++++++=
> #1
> Event Type: Failure Audit
> Event Source: Security
> Event Category: Detailed Tracking
> Event ID: 861
> Date: 9/17/2005
> Time: 2:10:06 AM
> User: NT AUTHORITY\SYSTEM
> Computer: 3207-21
> Description:
> The Windows Firewall has detected an application listening for
> incoming traffic.
>
> Name: -
> Path: C:\WINDOWS\system32\svchost.exe
> Process identifier: 1068
> User account: SYSTEM
> User domain: NT AUTHORITY
> Service: Yes
> RPC server: No
> IP version: IPv4
> IP protocol: UDP
> Port number: 3022
> Allowed: No
> +++++++++++++++++++++++++++++++++++++++++++++++++++++++++==
> #2
> Event Type: Failure Audit
> Event Source: Security
> Event Category: Detailed Tracking
> Event ID: 861
> Date: 9/17/2005
> Time: 2:15:24 AM
> User: NT AUTHORITY\SYSTEM
> Computer: 3207-21
> Description:
> The Windows Firewall has detected an application listening for
> incoming traffic.
>
> Name: -
> Path: C:\WINDOWS\system32\lsass.exe
> Process identifier: 728
> User account: SYSTEM
> User domain: NT AUTHORITY
> Service: Yes
> RPC server: No
> IP version: IPv4
> IP protocol: UDP
> Port number: 3029
> Allowed: No
> ++++++++++++++++++++++++++++++++++++++++++++++++++++++
>
> Any suggestions?
>
>
> "Jone Doe" wrote:
>
>> You might consider removing the sasser virus from the machine.
>> That
>> is what Lssas.exe is.
>>
>> "newguy" <newguy@discussions.microsoft.com> wrote in message
>> news:3DC48CC8-F10A-4D13-9CA0-B0E5BF5D3945@microsoft.com...
>>> I have the same problem with the firewall. Did you find a
>>> solution?
>>> I do not
>>> think is is a virus.
>>>
>>> "TPSchaefer@hotmail.com" wrote:
>>>
>>>> I am having issues with this file constantly causing my
>>>> security
>>>> logs to fill up.
>>>>
>>>> Error
>>>>
>>>> Source : Security
>>>> Category: Detailed Tracking
>>>> Event ID: 861
>>>>
>>>>
>>>>
>>>> The windows firewall detected an application listening for
>>>> incoming
>>>> traffic.
>>>>
>>>>
>>>> Isn't it suppose to do this? Why would the XP Firewall
>>>> cause this
>>>> log an event.
>>>>
>>>>
>>>> This is occuring on multiple computers.
>>>>
>>>>
>>>> Please help
>>>>
>>>>
>>>> Thank You