lsass.exe is an executable process that belongs to Windows Operating System. It’s a safe file and should not be removed from the system. The lsass full form is Local Security Authority Subsystem Service.
The lsass.exe file can be located inside the C:\Windows\System32 folder. You can easily find out whether lsass is working in the system background or not. For this, press the Ctrl+Shift+Esc button and go to the Details tab. And from there you can locate whether it’s running or not.
Quick Overivew
What it is & its use?
lsass.exe is a dynamic link library file that administers and sees the compliance of the Windows Operating System’s security policy. Its uses are:
- It checks log in information of the user
- It takes care of any changes to the password made by the user
- It creates access tokens upon successful user authentication. This is used to then generate the initial shell. Access tokens store security details of the user, his groups and privileges, and login sessions.
- It also creates a Windows Security Log and writes onto it.
This way, lsass.exe helps the system prevent unauthorized users to access the authorized user’s personal data.
File size & location
The default location of lsass.exe is under the C:\Windows\System32 directory. Whereas the file size is approx 57 KB. The current file version of lsass on Windows 10 is 10.0.18362.1.
Quick Overview
| Filename: | lsass.exe |
| File description: | Local Security Authority Process |
| File version: | 6.1.7600.16385 |
| File Size: | 32.0 KB |
| Product name: | Microsoft® Windows® Operating System |
| File type: | Application |
| Copyright: | Microsoft Corporation |
| Language: | English |
Its file name is Local Security Authority Process, which can be found under the details tab of the file properties. Follow the below steps to check the lsass properties:
1) Press Ctrl+Shift+Esc button together
2) Click on the Details tab
3) Locate lsass
4) Right-click on it and select Open file location
This will take you directly inside the System32 folder and highlight lsass.exe
Now you can right-click over the file and choose properties. From here you can find all the necessary detail about lsass.
Is lsass.exe a virus?
lsass.exe is a safe program and not a threat to the system. Nonetheless, since it is a system program, malware may copy its name and pose a threat. It may change its initial letter and name itself as isass.exe to confuse the system.
Below two steps can be used to find out whether lsass.exe is a virus or malware,:
- If the file is not located in the C:\Windows\System32 folder.
- If the digital signatures of the file is not Microsoft Windows Publisher.
If you notice that the file location or the signature it not same as mentioned above then lsass.exe is a malware or virus. In such case, complete system scanning is recommended.
Additionally, if you find lsass on pen-drive or desktop then immediately remove it from the system and run full system scan with Antivirus like Avira.
Errors & their causes
Some common errors that occur in the system due to lsass.exe are:
- lsass.exe – System Error
Security Accounts Manager initialization failed because of the following error: Directory Service cannot start.”
This error occurs when copies of cross-reference objects are present in the active directory service, due to which it is unable to start.
- lsass.exe–SystemError
Security Accounts Manager initialization failed because of the following error:
The handle is invalid, Error Status: 0xc0000008
This error occurs when Windows cannot find a file because it is corrupt or missing.
How to fix high CPU Usage?
If you have notice that lsass.exe is consuming high CPU resources then below 2 methods can be used to identify the causes and fix it accordingly:
Method I: Using Performance Monitor
1) Press Windows + R button
2) Type perfmon.msc and press the enter key.
3) Navigate to Performance > Data Collector Sets > System.
4) Now, Right-click on System Diagnostics and select “Start”, This will start collecting data for and then compiling the report. This will take few minutes.
5) Once finished, go to Performance > Reports> System > Active Directory Diagnostics to see the compiled report.
The report will contain Diagnostic Results which has eight categories. Take note of the active directory category that will show the causes and actions affecting the CPU’s performance. Also, take note of the Diagnostic results point that will show the performance issues.
If the lsass.exe is still consuming high CPU resources, then it’s time to run Antivirus.
Method II: Anti-virus
Malware usually hogs a lot of CPU resources. Scan and fix any malware posing itself as lsass.exe with the anti-virus software installed in your system or Windows firewall.
Other similar executable files:
