This file is not a Windows system file and is contained in the system32 folder under the path %system%\system32\isass.exe. Many users confuse it with the legitimate security process lsass.exe (especially if written starting with a capital ‘I’, which resembles an ‘L’ in lowercase). It has a known file size of 234496 bytes on Windows XP in 27% of all occurrences; it has a file size of 893011 bytes. The process is able to remain invisible and is unknown in the Windows folder. It is able to record and monitor inputs, applications and conceal itself from the task manager. Technical security rates it as 76% dangerous. However, when the file is located in the C:\Windows folder, the security rating shoots up to 90% risky. The file also does not have any information about the author and there is no description of the program. It should however be remembered that despite it implanting itself in the system’s folder, it is not a Microsoft Windows core file.

The program is known to use ports to gain access to the Internet or the LAN. As a result, some files may camouflage themselves as isass.exe to gain network access. This is especially the case if they are located in the system32 folder of the Windows system folder. It is therefore recommended to check whether the process on a PC with a network or Internet connection is malware.

Something of importance is that isass.exe is not to be confused with Lsass. The lsass.exe process is responsible for enforcing the security policy within the operating system. It serves as the Local Security authentication Server for Microsoft operating systems. The process is responsible for checking a user’s login identification and making sure that he or she does not access private information belonging to other users. It is also responsible for handling password modifications made by the user. It operates by creating access tokens encapsulated securely with a user’s authentication data. Security restrictions and permissions contained within the access token control access to files. At login, a token created by lsass.exe process is generated. It is then validated and authorization given. On task manager, the distinction between the two files can be hard. Furthermore, once infected, isass.exe assumes the computer responsibilities of lsass disabling the firewall and other security features. Thus, it is a gateway worm registered as the Optix.Pro virus. Its backdoor capabilities make it hard to detect and contain. However, using an authentic scanner will help to contain its functions.