We take so much for granted, such as the trusty Windows 10 and 11 operating systems. Fire up the laptop and it starts to work flawlessly, letting you create presentations, accept Zoom calls, and check bank accounts.
What most forget is that the Windows operating system is the single largest software package (with the exception of its rival MacOS) and employs a whopping 50 million lines of code written into thousands of system files.
When they all work as they should, we don’t bother. When one starts to act differently, we experience slowness due to the overuse of CPU and RAM by the faulty process.Lsass or Local Security Authority Subsystem process is one such service that tends to go awry.
Do not think lsass.exe is a virus.
Today, we shall focus on:
- What is lsass.exe?
- How to test if it is authentic
- Should you remove it?
What is Lsass.exe?
Lsass.exe file is a vital part of the Windows 10 and 11 OS. It stores data about login and password for admin and guests. The lsass.exe file enforces the security policy of Windows and maintains logs in that regard. In other words, it acts as the gatekeeper and prevents unauthorised intrusions into the computer. Such as a guest user who wants to change the size of the page file cannot get past the lsass.exe authentication.
The lsass.exe file can be found in Windows > System 32 folder.
It goes without saying that the file is of immense curiosity to hackers since it contains security credentials.
Deleting Lsass - Not An Option
You notice that the CPU usage is high. So high that it is impeding work using any software. Otherwise, the RAM has high usage.
You go hunting on the net and come up with the solution that the lsass.exe file might be causing these problems.
Should you just hit delete and be done?
In one word, never.
The lsass file is a system file and deleting it has cascading effects. The first being you can no longer log in.
You must never tinker with Windows system files unless you have expert knowledge and understanding of the moving parts. You are likely to end up in a situation where you cannot get past the welcome screen.
That means your PC is as good as dead to you.
You can never delete a system file. Expert users can slightly modify it through Registry and other means.
Also Read: Free Data Recovery Tools from Stellar
5 Ways of Authenticating the Lsass.exe File
The lsass file in Windows 10 is a natural target since it has login credentials. Admins control hundreds of computers through a system and targeting the computer of an employee is the ideal way to sneak into a secured system and steal data.
1. Check the name
The name lsass.exe is made of lowercase letters.
Is it lsass or 1sass or Isass (upper case I and lower case l look the same)?
Someone may also tinker with the spelling of lsass to lssas or lssass.
They inject a new exe file and that opens a backdoor.
Hence, the first step is to check the spelling carefully.
2. Check Properties
- Open Task Manager by hitting Ctrl + Alt + Del
- Click on Processes
- Scroll down to Windows Processes in the left pane.
- Locate Local Security Authority Process
- Right-click on it and select Properties
- Check the spelling
- Check the location Windows\System32
- Check the size. It is around 58 KB.
- Click on the Digital Signature tab
- It should be signed by Microsoft Windows Publisher
3. Scan File
- Open C and navigate to Windows > System32
- Scroll down to lsass.exe
- Right-click and use the antivirus scan on the drop-down menu.
4. Use Boot Scan
If in spite of the above, the Local Security Authority Process in Task Manager shows consistently high CPU or memory usage, then it is time to use a boot time scan.
Most antivirus (but not Microsoft Security Essential) can run a boot scan.
Boot scan is faster and more thorough since the OS has not completely loaded.
You can also get basic editions of top-notch anti-virus programs such as Avast and AVG free of cost that offer boot time scans.
5. Use SFC Scan
SFC stands for System File Checker. It is a tool that checks if every Windows system file is as it should be and repairs the files from a cached source.
- Type CMD into the Search bar.
- Right-click and Run as administrator
- At the prompt type sfc / scannow
- Do not close the CMD window till the scan and repair has run its course.
- In the end, reboot and check how the PC performs.
Note- If you are running Windows 8, 8.1, 10, or 11 there is an extra step before you type sfc / scannow
Windows uses Deployment Image Servicing and Management (DISM) from Windows 8 onwards.
- At CMD prompt type DISM.exe /Online /Cleanup-image /Restorehealth
DISM uses Windows Update to obtain the files that are corrupted.
Lsass.exe is an important part of Windows systems file. It handles login credentials and prevents anyone else from tampering with your device. Rest assured there is nothing remotely sinister about it. If lsass.exe begins to consume a lot more resources than usual then the steps above will usually repair it. However if the problem persists (Windows SFC and other methods cannot cure every eccentricity of the OS) a clean install or reformat might be the only option. It takes time to set up the PC exactly as it was but is a sure fire way to fix system problems that persist.