"lsm.exe" Process on Windows 7

Q

What is the "lsm.exe" process on windows 7? Is the "lsm.exe" process a virus? Can I terminate the "lsm.exe" process?

✍: FYIcenter.com

A

"lsm.exe" process represents "Local Session Manager Service" program. "lsm.exe" manages connections related to the terminal server.

"lsm.exe" process is normally running under the parent process "wininit" as shown in the process tree below:

Boot
   wininit
      lsm

On the Processes tab of "Task Manager", "lsm.exe" process may be listed as:

Image Name                 Memory   Description
--------------------   ----------   -----------
lsm.exe                   6,524 K   Local Session Manager Service

Additional information about "lsm.exe" process:

Command line:
   C:\windows\system32\lsm.exe

Programe file information:
   Name: lsm.exe
   Location: C:\windows\system32\lsm.exe
   Description: Local Session Manager Service
   Version: 6.1.7600.16385 (win7_rtm.090713-1255)
   Size: 343040 bytes
   Last modified: 11/20/2010 10:23:53 PM
   Company Name: Microsoft Corporation

Some data files used:
C:\Windows\System32
C:\Windows\System32\en-US\lsm.exe.mui

Some registry keys used:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
HKLM\SYSTEM\ControlSet001\Control\Nls\Sorting\Versions
HKLM\SYSTEM\ControlSet001\Control\SESSION MANAGER
HKLM\SYSTEM\ControlSet001\Control\Terminal Server
HKLM\SOFTWARE\Policies
HKLM\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy
HKLM\SYSTEM\ControlSet001\Control\Terminal Server\WinStations

Some DLL libraries used:
C:\windows\SYSTEM32\ntdll.dll
C:\windows\system32\kernel32.dll
C:\windows\system32\KERNELBASE.dll
C:\windows\system32\msvcrt.dll
C:\windows\SYSTEM32\sechost.dll
C:\windows\system32\RPCRT4.dll
C:\windows\system32\SYSNTFY.dll
C:\windows\system32\WMsgAPI.dll
C:\windows\system32\CRYPTBASE.dll
C:\windows\system32\pcwum.dll

"lsm.exe" process is not a virus. You should not terminate "lsm.exe" process.

 

System Processes on Windows 7

⇒⇒Windows 7 Processes Tutorials

2016-07-27, 2004👍, 0💬