csrss.exe, smss.exe and lsass.exe
Whenever I open the Task Manager I see the processes csrss.exe, smss.exe and lsass.exe listed there among others. I guess the same can be said for your version of Windows where those processes are most likely running as well.
To find out if that is the case, use Ctrl-Shift-Esc to bring up the Task Manager. You may need to scroll a bit -- Windows 8 users need to enable the advanced display mode -- before you find the processes, as everything is sorted alphabetically there.
You may also need to select the show processes from all users option before you find them listed here.
So, what are these processes actually doing and are they required to run whenever Windows starts?
Here is the explanation for the three processes csrss.exe, smss.exe and lsass.exe.
smss.exe - Windows Session Manager
The process smss.exe is the Session Manager Subsystem located in C:\Windows\System32. If this file is located somewhere else it is most likely a trojan or virus. It is a critical Windows process that is responsible for the Winlogon and Win32 processes among other things.
To find out if it is located in the right directory, right-click on it and select the open file location option. If it is located in c:\windows\system32, it is in the right location.
The component does a lot of things. It creates environment variables, starts the kernel and user modes of the Win32 subsystem, creates DOS device mappings, virtual memory paging files, and starts winlogon.exe.
csrss.exe - Client Server Runtime Process
Next in the line is the process csrss.exe which is the Windows Client/Server Runtime Server Subsystem. It should be located in C:\Windows\System32 as well. If csrss.exe is located in another location it is most likely a virus or trojan. Like smss.exe csrss.exe is important for Windows to run.
The process is started along with winlogon.exe. If the file is corrupt, Windows will automatically shut down and you will experience a blue screen error with error code 0xc000021a.
The process should not be terminated, as it will lead to system failure if done. If you try to do so under Windows 7 or newer systems, you will receive a warning:
Do you want to end the system process 'csrss.exe'?
Ending this process will shut down the operating system immediately. You will lose all unsaved data. Are you sure you want to continue?
lsass.exe - Local Security Authority Subsystem Service
Last in the line we have lsass.exe which is the Local Security Authentication Server. If lsass.exe is executed from C:\Windows\System32 everything is fine. If it is not it could be a virus or trojan again. All three processes are important Windows system processes and should not be terminated.
This process enforces the security policy on the system. Among other things, it is responsible for user verification, password changes, and the creation of access tokens.Advertisement