For some time now i have noticed the windows file lsass.exe connecting to remote IP's, without
internet explorer open its the only
process with remote IP address's listed... the below list is from opening "cmd" and typing "netstat -nab", without the quotes

TCP


MyIP:2406






216.239.59.104:443



TIME_WAIT





0

TCP


MyIP:2412






216.239.59.104:443



TIME_WAIT





0

TCP


MyIP:2426






38.103.145.98:80





TIME_WAIT





0

TCP


MyIP:2427






38.103.145.98:80





TIME_WAIT





0

TCP


MyIP:2429






216.239.59.104:443



TIME_WAIT





0

TCP


MyIP:2433






92.122.126.250:80




TIME_WAIT





0

TCP


MyIP:2434






92.122.126.250:80




TIME_WAIT





0

TCP


MyIP:2435






92.122.126.250:80




TIME_WAIT





0
UDP


0.0.0.0:500










*:*


































764

[lsass.exe]

UDP


0.0.0.0:445










*:*


































4

[System]

UDP


0.0.0.0:4500









*:*


































764

[lsass.exe]
the above is not the complete list, but it has all the lsass.exe info there...i have already set zonealarm to block internet and server access in program control with 4 red x marks in a row (this program has no need to connect out of my pc), although the program itself remains trusted- 3 green trust marks... so i decided enough is enough and set the trust level to "Ask", yes its on custom settings rather than system... then i done another "netstat -nab" and got (same as above i replaced my ip address with MyIP)...


Proto
Local Address








Foreign Address






State









PID

TCP


MyIP:2433






92.122.126.250:80




TIME_WAIT





0

TCP


MyIP:2434






92.122.126.250:80




TIME_WAIT





0

TCP


MyIP:2435






92.122.126.250:80




TIME_WAIT





0

UDP


0.0.0.0:500










*:*


































764

[lsass.exe]

UDP


0.0.0.0:445










*:*


































4

[System]

UDP


0.0.0.0:4500









*:*


































764

[lsass.exe]
I guess when i changed the rights of lsass.exe some of the connections dissapeared?, or was that an odd coincidence...
done a netstat -nab again and found...



Operating System:Windows XP Pro
Software Version:8.0
Product Name:ZoneAlarm Internet Security Suite