|Windows Help > Windows Processes > lsm.exe|
lsm.exe - Local Session ManagerThe lsm.exe file is a legitimate Windows component. It is included in the standard OS distribution as of the Vista release. LSM refers to the "Local Session Manager" service, which provides session functions for Windows Terminal Server users.
In Vista, the Terminal Server interface is used for more than just Remote Desktop sessions from remote users as is the case under Windows XP/2003. Local sessions are also considered Terminal Server connections, even when you are logged into the PC at the PC itself. Under Vista all sessions, whether local or remote, are virtualized terminal server sessions.
The lsm.exe process is started by the Wininit process during boot time, and appears to interact with the smss.exe process in order to provide overall session management. This is a critical component of the overall Windows session management subsystem, so attempts to alter or shut down the service may result in an unbootable machine. It is probably impossible to stop this service altogether, as doing so would surely cripple the ability to log into a new session.
There are reports of excessive resource consumption by the lsm.exe process when, for instance, Windows Media Player was in use. The lsm.exe process consumed many file handles and memory under certain conditions. A patch was issued by Microsoft to address this problem.
No reports have been received regarding lsm.exe as a vector for viruses or other malware, but users should always be aware that virus authors often hijack legitimate Windows file names when distributing malware. The official copy of this file can be found in the c:\windows\system32 directory. Other copies should be inspected closely and the machine scanned to determine if a virus has been loaded.
As always, if you suspect a malware infestation you should download and run a current copy of an antivirus/malware scanner in order to isolate and remove the offending application. Be sure to obtain the most recent definition files, since these are critical to the removal of current malware variants.