.. / lsaiso.exe

When Credential Guard is enabled, the functionality of lsass.exe is split between two processes – itself and lsaiso.exe. Most of the functionality stays within lsass.exe, but the important role of safely storing account credentials moves to lsaiso.exe. It provides safe storage by running in a context that is isolated from other processes through hardware virtualization technology. When remote authentication is required, lsass.exe proxies the requests using an RPC channel with lsaiso.exe in order to authenticate the user to the remote service. Note that if Credential Guard is not enabled, lsaiso.exe should not be running on the system.

Image Path

Executable’s image path.

Parent Process

A process which spawned the analyzed process.

Number of Instances

Expected number of processes running which may normally run on Windows.

User Account

Windows account with which the process was launched. This defines what privileges given process has.

Start Time

Expected time of process to be launched.