lsass inbound unknown activity

[mighty_moll]

Norton has started asking me if i want to allow or block inbound lsass to my computer. I have limited understanding of this - but does this basically mean someone is trying to gain access to my computer?

Just in case, i have configured lsass to go outbound only and in the process norton dicovered a couple of file and folder sharing weaknesses pointing to the c:\ drive in general (worring) and C:\windows.

 

[JN]

Norton has started asking me if i want to allow or block inbound lsass to my computer. I have limited understanding of this - but does this basically mean someone is trying to gain access to my computer?

Just in case, i have configured lsass to go outbound only and in the process norton dicovered a couple of file and folder sharing weaknesses pointing to the c:\ drive in general (worring) and C:\windows.

lsass _can_ be the target for some viruses. I can't remember which one not so long ago infected that file - maybe the Blaster worm?

Anyway, it probably is harmless as Windows does engage in a lot of 'outbound' connections for things like network discovery and a whole host of other stuff. I often think that by blocking legitimate Windows processes from doing their business you're more than likely slowing down your PC. Hence why I only run a hardware firewall on my router.

By default the C:\ is shared out as C$ so I dont think thats anything to worry about. As for the Windows directory...hmmm, maybe best to run a scan with something other than Norton and see what it turns up. TrendMicro Housecall is a good one for online scanning.

 

[mighty_moll]

ok thankyou - what a nightmare i set norton to monitor it and i just got about 50 accept or decline messages. I think because i recently installed sp2 and files have changed, norton is asking me to allow or block everything again. That said - from what i've read lsass 'inbound' connections are not normal, unless you are allowing remote connection to your pc. I now understand what you mean by slowing your pc down Took me 10 mins to get an internet connectin through all the messages. My router has a hardware firewall - do i have to configure it or is it automatic if i disable the norton firewall?

 

[JN]

ok thankyou - what a nightmare i set norton to monitor it and i just got about 50 accept or decline messages. I think because i recently installed sp2 and files have changed, norton is asking me to allow or block everything again. That said - from what i've read lsass 'inbound' connections are not normal, unless you are allowing remote connection to your pc. I now understand what you mean by slowing your pc down Took me 10 mins to get an internet connectin through all the messages. My router has a hardware firewall - do i have to configure it or is it automatic if i disable the norton firewall?

It really depends on what kind of router you've got. Most allow you to enable it and forget about it. By default they will only block inbound connections, but in most cases this is perfectly fine if you've got a decent Antivirus program protecting your PC from infection.

My current setup is a hardware firewall filtering all inbound connections and NOD32 AV protecting all PC's on my network. I've never had a single problem with viruses/spyware etc.

 

[mighty_moll]

Seems fine at the moment - i reset norton firewall and went thorugh everything for each application and service and its good now. Same here i've never had a virus or hack with protection always blocking it, only thing that gets in now and then is a tracking cookie. Also found an open port on my computer that i'd set up a while back on my router and thats sorted as well. So i've now got norton internet security, spy-bot seacrh and destroy resident and my hardware firewall. Thanks for the advice.