What Is lsass.exe and Is It Safe?

All tools can be used as weapons

Imagine a car with thousands of moving parts and looking under the hood to see all the parts whizzing and turning. Until one of them does something unexpected, it’s hard to know what to expect it to do. Yet you definitely know when something’s not right.

Some Windows processes are like that, andlsass.exeis one of them. When lsass.exe does its job, no one cares. When lssas.exe has high CPU usage or crashes, we notice and wonder why it’s even there.

What Is lsass.exe and Is It Safe?

All tools, in the wrong hands, are weapons. Thelsassin lssas.exe is an acronym ofLocal Security Authorization Subsystem Service. Local Security Authorization is a system for authenticating users and logging them on. It also keeps track of security policies and generates system log alerts for events related to security.

You can imagine that when lsass.exe is doing its job, it’s a powerful tool and very safe. You can also imagine that when it’s not doing its job, things get bad.

How to Remove lsass.exe From Windows 11/10

Don’t remove lsass.exe from Windows unless you’re certain it is a fake lsass.exe. It’s that crucial to Windows 11/10. Trying to kill the lsass.exe process in Windows 11/10 will result in the error messageDo you want to end the system process ‘Local Security Authority Process’?

Choosing to do so will cause Windows to shut down and unsaved work will be lost. If lsass.exe fails for any reason, it will likely shut down Windows instantly.

How to Check If lsass.exe Is Real or Not

If you suspect that lsass.exe is causing issues, first check to see if it’s the real lsass.exe.

The lower-case L, the upper-case i (I), and the number 1 can be deceptive to the eye. Hackers will substitute one for the other. What you think is the real lsass.exe could be Isass.exe or 1sass.exe.

The name of the fake process may also have a slight spelling variation. Perhaps there’s one S too many, a space, or some other small, easy-to-overlook difference.

If there are still concerns, do the same scan with a different trusted antivirus or antimalware application.

If any of the above checks fail, begin the process of removing viruses or malware from your computer.

Can lsass.exe Cause High CPU, RAM, or Other High System Resource Usage?

Most criticalWindows processesdon’t use many resources. They have limited jobs and require little to carry them out. However, lsass.exe can spike when handling something like a login, yet it should return to using nearly nothing within a second or two.

If CPU usage by lsass.exe on adomain controller(DC) server is fairly high, it’s likely because it’s processing security for a large number of users. It controls theActive Directorydatabase. If you know about Active Directory (AD), then it’s not surprising that lsass.exe will use more resources on a DC than on an average computer.

On a DC, expect lsass.exe to stay well under 10% CPU except for peak times of people logging on or off. On a PC, expect lsass.exe to stay under 1% most of the time.

If RAM or network usage by lsass.exe seems high, there’s a chance it’s not the real lsass.exe or it’s been infected. Take the usual precautions like running an offline virus scan with Microsoft Defender.

Anything that affects security can affect how many resources lsass.exe uses. Time differences between a DC and a system connected to it. Accurate time is crucial for things like security certificates. Check the DC and attached systems for time differences. You may want touse a Network Time Protocol (NTP) serverto sync time for all devices on the domain.

Corrupted system files may also be the cause of a legitimate lsass.exe’s high resource usage. Try using the SFC and DISM commands toclean up and repair system files.

If an offline virus scan and using the SFC and DISM commands don’t fix the problem, it’s possible the only option is towipe and reinstall Windows.

Where Can I Learn More About Windows Processes?

Good on you for taking an interest in how your Windows device works! We’ve got manyarticles about Windows processes, whether they can be removed, and why the process may have CPU, memory, network, ordisk usage that’s too high.

We also showhow to use SysInternals Process Monitor and Process Explorerto troubleshoot issues. If you don’t see an article for the process you’re curious about, let us know. We’d be glad to write it for you.

Guy has been published online and in print newspapers, nominated for writing awards, and cited in scholarly papers due to his ability to speak tech to anyone, but still prefers analog watches.Read Guy’s Full Bio

Welcome to Help Desk Geek- a blog full of tech tips from trusted tech experts. We have thousands of articles and guides to help you troubleshoot any issue. Our articles have been read over 150 million times since we launched in 2008.

HomeAbout UsEditorial StandardsContact UsTerms of Use

Copyright © 2008-2024 Help Desk Geek.com, LLC All Rights Reserved