CA eTrust Antivirus mistakenly remove LSASS.exe

Microsoft has received customer reports that the system cannot boot up due to LSASS.EXE being erroneously removed.

The Lsass.exe file in Microsoft Windows Server 2003 is being identified as an infected file and is being quarantined by Computer Associates (CA) eTrust Antivirus signature 303.3.30.54. This behavior may cause the computer to display a gray screen when the computer restarts. The computer may appear to stop responding.

CA has released new version 303.3.30.56, which fixed the problem.

For more information, please visit the following CA Web site:

To work around this problem, use one of the following methods to replace the Lsass.exe file.

Method 1: Start Recovery Console, and then replace the Lsass.exe file

Method 2: Use Recovery Console to disable eTrust services

Method 3: Use Windows Preinstallation Environment or a parallel installation on the system to gain access

For more information on detailed steps and technical information, please refer to KB

When you restart Windows Server 2003, the computer may display a gray screen or may appear to stop responding


Author: Cherry Qian

Comments (0)

Skip to main content