My firewall is asking me if lsass.exe and tcpsvcs.exe need to connect to the internet... should they?

Answer 1

If they're running from the C:\Windows\System32 folder (C:\Winnt\System32 on versions of Windows earlier than XP) then it's safe (and maybe necessary) to allow them external access.

If they're running from any other folder they are NOT safe and are probably an indication of a virus or spyware infection.

Please note that there is a difference between LSASS.EXE (it's OK) and ISASS.EXE (begins with a capital 'i' and is NOT safe). A capital 'i' and a lower case 'L' are almost indistinguishable so watch out for that! (I l Which was which?)

Answer 2

Name: MSControl3d1
Filename: isasse.exe
Command: isasse.exe
Description: Added by the W32/Rbot-APE worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands.
File Location: %System%
Startup Type: This startup entry is started automatically from a Run, RunOnce, RunServices, or RunServicesOnce entry in the registry.

Description:
tcpsvcs.exe is a part of Microsoft Windows networking components. This essential system process is initiated when the computer uses special TCP/IP networking services such as DHCP, Simple TCP and print services. This program is important for the stable and secure running of your computer and should not be terminated

Answer 3

Go here http://www.processlibrary.com/

lsass.exe is a system process of the Microsoft Windows security mechanisms. It specifically deals with local security and login policies. This program is important for the stable and secure running of your computer and should not be terminated.

tcpsvcs.exe is a part of Microsoft Windows networking components. This essential system process is initiated when the computer uses special TCP/IP networking services such as DHCP, Simple TCP and print services. This program is important for the stable and secure running of your computer and should not be terminated.

Answer 4

^ What he said! ;) ^