"winlogon.exe" Process on Windows 7

Q

What is the "winlogon.exe" process on windows 7? Is the "winlogon.exe" process a virus? Can I terminate the "winlogon.exe" process?

✍: FYIcenter.com

A

"winlogon.exe" process represents "Windows Logon Application" program. "winlogon.exe" is responsible for handling the secure attention sequence, loading the user profile on logon, and optionally locking the computer when a screensaver is running.

"winlogon.exe" process is normally running under the parent process "Boot" as shown in the process tree below:

Boot
   winlogon

On the Processes tab of "Task Manager", "winlogon.exe" process may be listed as:

Image Name                 Memory   Description
--------------------   ----------   -----------
winlogon.exe              6,228 K   Windows Logon Application

Additional information about "winlogon.exe" process:

Command line:
   winlogon.exe

Programe file information:
   Name: winlogon.exe
   Location: C:\windows\system32\winlogon.exe
   Description: Windows Logon Application
   Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850)
   Size: 455168 bytes
   Last modified: 7/16/2014 10:07:24 PM
   Company Name: Microsoft Corporation

Some data files used:
C:\Windows\System32
C:\Windows\System32\en-US\user32.dll.mui
C:\Windows\System32\en-US\winlogon.exe.mui

Some registry keys used:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
HKLM\SYSTEM\ControlSet001\Control\Nls\Sorting\Versions
HKLM\SYSTEM\ControlSet001\Control\SESSION MANAGER
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
HKU\.DEFAULT\Control Panel\International
HKLM\SYSTEM\ControlSet001\Control\Nls\Locale
HKLM\SYSTEM\ControlSet001\Control\Nls\Locale\Alternate Sorts
HKLM\SYSTEM\ControlSet001\Control\Nls\Language Groups
HKU\.DEFAULT\Software\Microsoft\Windows NT\CurrentVersion
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags

Some DLL libraries used:
C:\windows\SYSTEM32\ntdll.dll
C:\windows\system32\kernel32.dll
C:\windows\system32\KERNELBASE.dll
C:\windows\system32\USER32.dll
C:\windows\system32\GDI32.dll
C:\windows\system32\LPK.dll
C:\windows\system32\USP10.dll
C:\windows\system32\msvcrt.dll
C:\windows\system32\WINSTA.dll
C:\windows\system32\RPCRT4.dll

"winlogon.exe" process is not a virus. You should not terminate "winlogon.exe" process.

 

System Processes on Windows 7

⇒⇒Windows 7 Processes Tutorials

2016-07-28, 1695👍, 0💬