LSA Shell (Export Version) Alert.

[Dave_07]

Hey All,

What is "LSA Shell (Export Version)" or lsass.exe in the windows/system32 folder ? Side notes of the file say it is a microsoft windows os product. The reason i ask is because, just out of the blue a few minutes ago zonealarm brought up an alert pop up saying that "LSA Shell (Export Version) wants to accept connections form the internet". Now this is the first time that lsass or "LSA Shell (Export Version)" has wanted to do this is a very very long time, of course i had to configure what stance to take toward the program when i first installed zonealarm, but since then (which was about 1 year ago) this lsass file has never made ZA bring up a pop up, untill now.

Basically all i want to know is, is it normal for lsass.exe or "LSA Shell (Export Version)" to ask to accept connections out of the blue like this, or is there something more sinister going on ? Oh yeah, at the time lsass wanted to accept connections, i was playing counterstrike, if that figures into the equation at all ?

Anyway i looked up lsass.exe and apparently if it's in the windows/system32 folder and is listed as a microsoft product then it's the "Local Security Authentication Server". Which verifies the validity of user logons to your PC/Server yadda yadda...

Also ran avast, HijackThis, ms anti spyware and a2 squared scans, all of which say all is well.

So any thoughts ?

PS, lsass also seems to be occupying a open port, see info below:

Process: lsass.exe
PID: 828
Local IP: 0.0.0.0
Local Port: 500
Sate: LISTEN
Protocol: UDP
Path: windows/system32/lsass.exe

If that sheds and extra light. Though it seems to have allways done that.