Is lsass.exe a virus?
Is lsass.exe a virus? the process is often targeted by malware and mimicked. The original location of this file is C:\Windows\System32 when C: is your system partition. So, if the process with a similar name is running on the Task Manager but the location is different, you know that the process is a threat and is exploiting the security on your computer. In this article, we will be discussing the high resource consumption of the original lsass.exe on Windows.
lsass.exe High CPU and Disk usage
If LSASS.exe or Local Security Authority Subsystem Service is displaying High CPU and Disk usage on Windows 11/10, follow these suggestions:
1] Check for malware
The main cause of this High CPU and Disk usage issue cannot be narrowed down to a single culprit, and that is malware. So start by running a full system scan using your antivirus software.
2] Run SFC scan
You may also run System File Checker at boot time to replace a potentially damaged lsass.exe file.
3] Use Performance Monitor’s Active Directory Data Collector
If you need to investigate further, you can use the Performance Monitor’s Active Directory Data Collector set on a computer. This method will work only on the recent versions of Windows Server. To fix this error, we need to start by running the Active Directory Data Collector. Start by opening the Server Manager or by opening the Performance Monitor. To open the Performance Monitor, you can hit WINKEY + R button combinations to launch the Run utility. Now, type in the following and hit Enter: Now, from the left side navigation bar, navigate to Diagnostics > Reliability, and Performance > Data Collector Sets > System.
Right-click on Active Directory Diagnostics and then select Start in the context menu. It will take about 300 seconds or 5 minutes depending upon the performance capabilities of your hardware to gather the required data and will then take some additional time to compile a report. And these both timings are interdependent on each other. Once compiled, the report can be found under Diagnostics > Reliability and Performance > Reports > System > Active Directory Diagnostics. This report will contain all the information and conclusions in the report. This does not mean that it will contain the exact cause of the error but will help you investigate the real cause of the issue.
lsass.exe terminated unexpectedly
The message that appears is usually in this format: If lsass.exe terminated unexpectedly causing the system to restart there is a high likelihood that your computer is infected. You need to run a full scan with your security software. Additionally, you could perform Clean Boot and manually troubleshoot and find out which 3rd-party process or code may be causing this issue. All the best! Other posts about processes using high resources:
System interrupts high CPU usageWMI Provider Host High CPU Usage issuesWindows Modules Installer Worker consumes High CPU & Disk UsageDesktop Window Manager dwm.exe consumes high CPUiTunes High CPU usageOneDrive high CPU usage problemNtoskrnl.exe high CPU & Disk usageDesktop Window Manager dwm.exe consumes high CPUWindows Driver Foundation using high CPUVSSVC.exe high disk usageWuauserv high CPU usageWindows Shell Experience Host uses high CPUWindows Image Acquisition High CPU and Disk usage.
