home PC software The lsass process loads the system. The lsass exe process is CPU intensive. Possible Causes of Overloading

The lsass process loads the system. The lsass exe process is CPU intensive. Possible Causes of Overloading

You may have seen in Task Manager a service in the Local Security Authority Process whose properties list the name lsass.exe. This is an important executable file in Windows 10 that handles many of the operations performed under the Windows operating system (OS) and serves to keep the system safe. Sometimes you may misinterpret this as a virus due to the .exe extension. Let's take a look at the details related to lsass.exe and how it works.

What is lsass.exe in Windows 10

Lsass.exe means local security subsystem service, where .exe indicates that it is an executable file. It works as a component of Windows 10 security policy, such as user verification on the server, password changes, and user authentication during login or logout. lsass.exe is activated when winlogon.exe is started, and if the password is correct, it transfers authority, or displays a message that the password does not match. The location of the Lsass.exe file is always the path C:\Windows\System32.

Is lsass.exe a virus?

No, lsass.exe is not a virus, it is an official file from Microsoft Corporation. You don't need to worry about any damage from this process as long as it's intact. The details of lsass.exe are as follows:

File Description - Local Security Authority Process ( Local Security Center).
Application product name - Operating Microsoft system Windows.
Copyright - Microsoft Corporation. All rights reserved.
Size - 56.6 KB.
English language.
The original file name is lsass.exe.

How does lsass.exe work in Windows 10?

lsass.exe in Windows 10 is the main system file, which participates in the work of root. If your system reboots repeatedly, it's because the lsass.exe file is corrupt or it could be a password error. The executable is known to run four different ways on your computer.

Encryption file system(EFS)- This file helps in processing and storing the encrypted file on your desktop. Encryption is a means of encoding information so that only an authorized user can access it. You can read more about encryption.
CNG key isolation (keyiso)- Works as a data protection process for private keys and cryptographic file. In the event that CNG key isolation does not work, the Extensible Authentication Protocol cannot be initialized.
Security Accounts Manager (SamSs)- It helps to reduce data crash when transmitting a signal from one server to another.
Credential Manager - Software also works for internet protocol control when connected to a network.

How to recognize it is a virus or not?

Sometimes developers malware create a file with the same name for the purpose of cheating, but you can easily distinguish original file lsass.exe from dubious. If a file named lsass.exe is located not along the path C:\Windows\System32, then there are big doubts about its originality, and you should delete it. To check this, simply open Task Manager and go to the Processes tab. Here you can view a list of all executable files. Find Local Security Authority Process, right-click on it, and then click Open file location. You will be transferred to the C:\Windows\System32 directory, and you will see there lsass.exe. If you were transferred to another place, then most likely this is malware. A virus similar to the lsass.exe service can heavily load the processor.

Should I disable lsass.exe in Windows 10?

As mentioned above, lsass.exe is a Windows security management program, there is no need to deactivate this file. You simply won't be able to delete this file in Windows 10 as it can damage the system.

Today I will continue to talk about processes and in this moment I want to talk about the lsass.exe process. If you open the task manager and display the processes for all users, you will see the same lsass.exe process.

LSASS originates from the English Local Security Authority Subsystem Service, which can be translated as "local security authentication server". This is the part operating system Windows, which is responsible for authorization local users separate computer. This is a critical service because without it, local users will not be able to log in.

What does this process do? It checks the data for authorization, and if authorization is successful, the service sets a flag that it is possible to enter. In the event that the authorization was started by the user, the flag for starting the user shell is also set. When an application or service initializes authorization, the application is granted the rights of the specified user.

The lsass.exe file is located in the C:\Windows\System32 folder, and the most common size for windows, including versions XP, 7, and 8, is 13,312 bytes. lsass.exe is not malicious in most cases. However, malware authors sometimes name their viruses and Trojans by the name of this process to avoid detection. Of course, if the specified file is located outside the C:\Windows\System32 directory, then it is clearly a virus or malware.

If lsass.exe loads the processor

As for the processor load, if lsass.exe loads it, then by very small amounts. Some users report that lsass.exe loads the processor by 50-70%. If this happens, then it is most likely a virus or trojan. Try using an antivirus as well free utilities Dr. type Web Cureit to find malware.

Many operating system users Windows Vista and modifications above face an unexpected problem when the Lsass.exe service loads the processor (Windows 7 is no exception), and to such an extent that it is simply impossible to work even with "native" OS services, not to mention launching custom applications. What is the reason for this phenomenon and how to fix the problem, now we will figure it out.

Lsass.exe service is CPU intensive (Windows 7): what is this process?

First, let's look at the service itself. It is a kind of user ID when logging in. The process itself belongs to the local security authentication components and is completely safe in the original.

But why, then, in some cases, the Lsass.exe process loads the processor (Windows 7)? Reviews of experts suggest that short-term spikes in consumption computing power may occur - this is normal. But at the same time, peak values of loads can be no more than 50-60%. But not all the same a hundred?

You can, of course, try to disable the indexing service in the appropriate section, but there is little chance of success, since in most cases this situation is associated with a virus effect.

Possible Causes of Overloading

In fact, the situation when the Lsass.exe service loads the processor (we take Windows 7 just as an OS example) can only indicate that a virus is present on the computer. This is usually a Trojan or a spy masquerading as system process.

And most often, the matter is not limited to only one process participating in the load on the processor. Along the way, in the same "Task Manager" you can notice the appearance a large number processes with the general designation svhost.exe. And this already speaks for sure about the viral impact.

Note: there can be four or five svhost processes. If their number clearly exceeds this figure, this is a symptom of infection.

If Lsass.exe loads the processor (Windows 7), what should I use first?

Thus, it is not difficult to guess that when such symptoms appear, you should immediately check the system with an anti-virus scanner, but not with the one installed in the system. In addition, it is desirable to use third-party utilities of a portable type.

You can find the virus yourself. If it becomes noticeable that the Lsass.exe service loads the processor (Windows 7), in the very simple version you should look at the original executable. It must be located exclusively in the System32 directory of the main system folder. At the same time, for Windows versions Vista and above its size is 56.5 KB. If the search reveals any other components (perhaps even hidden ones) in a different location and with a different size than the original, such objects should be removed immediately. If the system issues a ban on deletion, you need to restart the computer in safe mode and try to delete again. It is very likely that the read-only attribute will need to be removed from the properties.

The most suitable tools

But the main problem, judging by the feedback from Internet users, is that not all antiviral agents protection can detect the presence of this threat on the computer. For example, the same Avast does not give any result. In general, it is not recommended to use free scanners to check the system (only because of their limited capabilities).

But back to the situation when the Lsass.exe service loads the processor (Windows 7). What to do in this case? It is best to seek help from specialized utilities, among which are the following:

AdwCleaner.
Anti Malware.
Kaspersky Anti-Ransomware Tool.
FixSecurity, etc.

It is these programs that are just good because they have a narrow focus on identifying threats of a strictly defined nature. However, the list is not limited to these utilities. If you wish, you can look for something else similar.

Troubleshooting Google Chrome Browser Issues

There is another type of situation when the Lsass.exe service loads the processor (Windows 7). Quite often this is due to Internet surfing, when it is used as the main browser. Google Chrome. It is still not clear why this happens, but the fact remains.

At least, judging by the reviews, the usual reinstallation of the program helps. Maybe too much is at play here. installed extensions, which influence the behavior of the system. After reinstalling the browser, if there is a need to use additional add-ons, it is better to install them or enable them one by one, and not all at once.

Instead of an afterword

As you can see, excessive load on the processor can be caused by several factors. In the case of viruses, it is best to use the above utilities as the main method of fixing the problem, but updating the databases to the current state is a prerequisite, because otherwise the threat may not be detected. Regarding the use of other antivirus programs, some users claim that they do not detect threats. Also, some applications like free version AVZ does not fully work correctly with 64-bit systems, although the manufacturer claims otherwise. The same free packages are very often limited in their main functionality or do not even allow you to update your own databases.

Cases of problems with Google browser Chrome can be called single, however, they still occur. In order not to lose your own data, before deleting the browser, you can export the bookmarks to a file so that you can quickly restore them later. And it is desirable to remove it not with your own uninstaller, but with more powerful tools, for example, with the program iObit Uninstaller, which remove not only the main ones, but also residual files programs, as well as keys and records system registry.

But in general, the problem should be treated in the same way as the usual elimination of virus threats. And the situation itself is not out of the ordinary either. Although, if the suspicion of a virus is too late, personal data may be at risk. So, as soon as you see the first symptoms, you must immediately take drastic measures. In any case, you need to take care of the security of your own computer in advance and install at least some shareware antivirus. A good solution would be to install the package ESET Smart security. True, the activation of this software product have to be done every month. But license keys or "rectifiers" can be searched even on the developer's official Russian-language resource, so this is not a problem. But the risk of catching the virus will decrease very significantly. It goes without saying that you can install other similar applications, especially since all of them provide database updates several times a day.

The question is why Lsass.exe loads Windows processor 7 is of interest to many. The answer can only be a complete analysis of this process in the system. Sometimes the problem can spread to the entire computer, but there are cases of high loads when the browser is running. For each specific case, users were able to find a solution.

Lsass.exe what is this process

First you need to understand what Lsass.exe it's just an abbreviation. Actually the title is: Local Security Authority Subsystem Service or LSA Shell. And if you have noticed, then "Security" is already shedding light on the activity of this process. It is the security of your OS that Lsass.exe takes care of. Through it, the user, using a password, if any, logs into his account Windows.

Local Security Authority Subsystem Service process in Windows 10

In the task manager this process works on behalf of the system. It cannot be completed like other actions. The location of the file becomes a folder System32(on drive C).

Most often, the problem of loading this process occurs due to viruses or when starting browsers. Next, we will look at two of the most suitable solutions which are suitable for Windows XP/7/8/10.

Checking the authenticity of the process

It is viruses that most often try to present themselves on behalf of Lsass.exe. After all, if you remember, he is responsible for logging into the operating system under a specific user. Therefore, hackers are trying to hack into a computer in order to intercept valuable user information. Trojans and worms can pose as administrators and act on behalf of the user.

Loading lsass.exe due to browsers

If the problem is only in the browser (more often when it starts), then it is worth looking for the cause directly in it. It is his conflicts that cause the high load on Windows. The fact that Lsass.exe assumes them does not mean anything at all. The most common situation faced by users Google Chrome(less often Opera).

Recommended delete your browser from a computer. Better to do it with CCleaner. In the same place, erase any information about the work this utility - clean registry.
Reinstall it again. Try work without extensions. It is their large number that sometimes leads to system failures.
Once again we will raise the issue of viruses. When the browser is opened installed viruses trying to perform some action, but Lsass.exe blocks them. This conflict creates a download CPU. Make sure there is no Trojans.

The problem when Lsass.exe loads the Windows 7 processor and leads to system error, is not very common. If you're unlucky, the main thing is to stay calm. Do not forget that it is always possible to check your computer for viruses in online mode or from a flash drive. Not always one antivirus is able to cope with all hacker attacks.

Surely, many users of Windows Vista and higher operating systems have encountered such a problem when the processor loads the Lsass.exe service. This service can load the system to such an extent that it becomes impossible to work even with the native services of the operating system, let alone launch user applications. Let's try to figure out what is the cause of this phenomenon, and how to fix the problem.

The Lsass.exe service is consuming the processor: what is the process?

First of all, let's look at the service itself. It represents a kind of user ID when logging in. The process itself is a component of local security authentication. In the original, it is absolutely harmless. But why, then, in some cases, the Lsass.exe processor loads the processor? In their reviews, experts often say that short-term bursts of computing power consumption may well occur. This phenomenon is considered normal. However, peak load values in this case can be no more than 50-60%. It's not 100%. Of course, you can try to disable the indexing service in the corresponding section, but there will be very little chance of success, since in most cases this situation is associated with the effects of viruses.

The occurrence of excessive loads on the processor: causes

In fact, the situation in which the Lsass.exe service loads the processor may indicate that there is a virus on the computer. It could be a Trojan or a spy that masquerades as a system process. Most often, the matter is not limited to only one process participating in the load. You can also notice along the way that a large number of processes appear in the "Task Manager" with the general designation svhost.exe. This already certainly indicates the impact of viruses. There can be five or four svhost processes. If their total number exceeds this figure, then we are definitely talking about infection. What should be used in the first place if Lsass.exe loads the processor in the operating Windows system 7? As you can guess, when these symptoms appear, you should immediately check the system with virus scanner, but not the one installed in the system. It is advisable to use third-party portable utilities for this purpose. You can also find the virus yourself. If you suddenly notice that the Lsass.exe service is loading the processor, then in the simplest case, you need to look at the original executable file. It must be located exclusively in the System32 directory of the main system folder. For operating system versions Windows Vista and above, its size is 56.5 KB. If the search reveals other components located in a different location and having a size different from the original, then such components must be removed immediately. If a prohibition on deletion appears, then you must restart the computer in safe mode and try to uninstall again. It will probably be necessary to remove the attribute in the properties that indicates read-only.

The most suitable tools

Judging by the feedback from Internet users, the main problem is that not all anti-virus protection tools are able to detect the presence of this threat on personal computer. For example, the same Avast will not bring results. In general, it is not recommended to use free scanners to check the system. The reason is their limited capacity. But let's get back to the situation where the Lsasss.exe service is CPU-intensive. What can be done in this case? Your best bet is to ask for help special utilities. Among these utilities, the following stand out:

— Anti-Malware;

— Kaspersky Anti-Ransomware Tool;

- fix security.

These programs are good just because they have a narrow focus on identifying threats of a strictly defined nature. The list is not limited to these utilities. If you want, you can always try to find something similar.

Problems with the Google Chrome browser

Sometimes there is another type of situation in which the Lsass.exe service loads the processor. This is quite often associated with Internet surfing when Google Chrome is used as the main browser. It is still not clear why this can happen, but the fact remains. Judging by user reviews, the usual reinstallation of the program helps. It is also possible that a large number of installed extensions play a role here, which affect this behavior of the system. If you reinstall the browser if you need to use additional add-ons, it is better to enable and install them one by one, and not all at once.

Conclusion

As you can see for yourself, several factors can cause excessive CPU usage. If the cause is virus activity, then the main method of fixing the problem is to use the above utilities, but updating the databases to the current state is a prerequisite. Otherwise, the threat will not be detected.

As for the use of other antivirus programs, some users claim that they do not detect threats. Plus, some applications, like the free version of AVZ, do not work correctly on 64-bit systems, although the manufacturer claims otherwise. Free packages programs often have limited functionality. Sometimes they do not even allow you to update their own databases. Situations in which there are problems with the Google Chrome browser can be called isolated. However, they still meet. In order not to lose necessary information, before deleting the Internet browser, you need to export the bookmarks to a file so that you can quickly restore them later. It is advisable to uninstall not with your own operating system uninstaller, but with more powerful tools like the iObit Uninstaller program. Such software packages remove not only the main, but also the residual files of the program. They also remove keys and system registry entries. However, in general, it is worth treating the problem in the same way as the simple elimination of virus threats. The situation itself is not out of the ordinary. Although if the suspicion of a virus turned out to be somewhat belated, then your personal information may be at risk. If you see the first symptoms viral infection need to take drastic measures as soon as possible. In any case, you need to take care of the security of your own computer in advance. For this purpose, you need to install at least some kind of shareware antivirus. Installing the ESET package smart security might be a good solution. However, the activation of this product will have to be carried out every month. In this case, the risk of catching an infection will be significantly reduced.

Just about the complex. Programs. Iron. Internet. Windows