LSASS.exe: what is this process, and how to reduce the load on computer system resources?
There are quite a few situations with the appearance of increased load on the computer system resources. One of the services that was seen in such situations most often is LSASS.exe. What is this process, they know not all. Some try to complete it right away, others assume it is a virus and scan the system. But what is it really? Let's figure it out.
LSASS.exe: what is this process?
Yes, indeed, the appearance of the virus of the same name in the system is not excluded. But first, let's talk about the original LSASS.exe component. What is this process?
It is believed that this system tool is a kind of intelligent tool that constantly monitors all actions of the Windows user and independently makes a decision on the inclusion or deactivation of some kind of protective equipment.Naturally, the operation of this service implies a load on resources, but in the standard version it should be short-term (the activation of this module occurs for a maximum of ten minutes), and the peak load should not exceed 40-70%. Not a hundred.
If the use of system resources of the above values, and in the list of processes there are several identical, you can be sure that this is a virus, and the virus is quite dangerous, belonging to the class of spyware and rootkits. However, you can get rid of it quite simply (this will focus on separately).
Why in Windows 7 LSASS.exe loads the processor?
But even the original system component is capable of producing excessive loads. Why is this happening? But only because the above values apply, so to speak, for ideal cases of system downtime.
If there are a lot of user programs running on Windows, moreover, the background components from autoload, which start together with the operating system, run, the user gets a situation where the use of the processor or RAM goes off scale, and a huge number of svchost.exe processes appear that This service is only indirectly related.
But you should not get upset, because you can apply a fairly simple and universal solution, which is to deactivate this system process and the service responsible for it. This can be done quite simply, and by and large, this will not affect the stability of the operating system.
How to disable the standard service?
So, we assume that the standard LSASS.exe process loads the processor too much. You can rectify the situation by simply disabling this component, although it is the system services that is deactivated and is not recommended. However, with a weak processor, this option will be the only way to reduce the load:
- First you need to use the “Run” console and enter the string services.msc in it to enter the services section.
- On the right in the list, you need to find the Credential Manager service (LSASS.exe loads the processor just in case it is in the active state and starts automatically).
- Double-click to call the parameter editing menu, press the stop button of the process (this is mandatory), set the start type to “Disabled”,save changes and reboot the system. Reboot in this case is a prerequisite for the application of new user settings.
Note: In some cases, it may be necessary to first terminate the lsass.exe process in the Task Manager or to stop again after disabling the service in the above section.
What if it is a virus?
But sometimes the load may not be connected with the LSASS.exe system component. What is this process in this case? As you have probably guessed, this is a real virus masquerading as a system process.
You can make sure that this is a virus, you can by the presence of several identical processes in the "Task Manager". You can also go to the file location via the PCM menu (the original object is located in the System32 directory and nowhere else).
When identifying a threat, do the following:
- First, it is recommended to find the AppData directory in the user folder. It may have the attribute hidden, so you will first have to turn on the display of such objects in the Explorer view menu.
- In the specified folder through the Local directory you need to get to the Temp directory and completely clear its contents.
- After that, it is recommended to check the system with some kind of anti-adware utility like AdwCleaner, and also use the special UnHackMe applet (a program for detecting spyware and rootkits) to rescan the system.
- After the removal of threats is completed, it is desirable to clean the system, for which you can use at least the universal application CCleaner.
In principle, it is not recommended to disable the above service, like any other system component of this plan. But if the load increases to such an extent that it becomes impossible to work at the computer, then, alas, you will have to work without it, relying on other means of protection, including system services, and third-party programs (at least the same regular antivirus).