What is Winlogon.exe

Called by synchronous pressing hotkey combinations ESC+Shift+Ctrl the task manager program, we will definitely find, among others, the Winlogon process, the execution of which begins after the Winlogon.exe program is launched. What is this process?

This is a very important process that controls the login and logout of users. It cannot be forced to terminate under any circumstances. Being “trusted”, it is responsible for the relationship between the system and the user and is associated with security. With his help:
- There is complete coordination of the registration process.
- Ensures that an individual user shell is launched upon login.
- The process of logging the user out of the system is being worked out
- Processing operations related to protection
- We are working on operations related to entering passwords during registration and changing them.
- Operations related to blocking and unlocking workstations are being practiced.
- The “invisibility” of operations related in any way to protection is ensured.
- The execution of “untrusted” processes is blocked. Winlogon prevents them from intercepting password and desktop control.
- Not all of its useful functions are listed, although the direction of its work is quite clear. Such versatility and importance of this process naturally could not go unnoticed by the authors of all kinds of viruses. Hackers often disguise malware under this name. With a fairly high degree of reliability, you can identify such facts by right-clicking the Winlogon name in the task manager and selecting the line that determines the location of the file.

If this is the Windows system folder\system32\, then everything is fine. If any other, the probability that the file is infected is very high. Therefore, always use antiviruses, and also scan the system regularly, for example using healing utility Dr.Web CureIt.