Tag Archives: authentication package

Winlogon and its function

Understanding Winlogon and its functions.

We usually come across the term Winlogon in windows world and the first perception that we get is that this process might be used for handling interactive logons. This is partially correct but there’s a lot more in it that winlogon does.A legitimate winlogon process runs from “%Systemroot%\System32\Winlogon.exe” so make sure that you don’t get fooled by a virus or a Trojan running a process as winlogon from some other location.Let’s understand its role in different scenarios. Continue reading