每台机器都有系统文件。这些系统文件负责不同的进程。当您打开一台机器时,多个进程开始在后台运行,确保机器正常运行。其中之一是lsass.exe。但是你知道一些恶意软件和病毒可以伪装成系统文件吗?许多用户不知道如何识别此类病毒和恶意软件。因此,威胁在他们的系统中保持活跃很长时间而不会被注意到,因为他们将威胁视为系统文件。
什么是Windows 10中的 lsass.exe(Windows 10)进程(Process)
Lsass.exe是一个可执行的Windows文件,代表本地安全机构子系统服务(Local Security Authority Subsystem Service)。如您所见,该进程的名称包含“安全授权(Security Authority)”两个词,该进程控制与安全策略相关的Windows 10的任务。(Windows 10)例如,用户在服务器的验证、用户登录时的认证、密码的修改等。
当您在Windows(Windows) PC上登录您的帐户时输入错误的密码时,是Lsass.exe进程显示消息“密码不匹配(Password does not match)”。如果lsass.exe 进程失败(lsass.exe process fails),用户将立即失去对Windows计算机上所有帐户的访问权限。
可以在任务管理器中查看lsass.exe进程。为此,右键单击任务栏并选择“任务管理器(Task Manager)”。现在转到“详细信息(Details)”选项卡并向下滚动以查看Lsass.exe进程。
什么是显示高 CPU和内存使用率的(Memory Usage)Lsass.exe(Lsass.exe Showing High CPU)?
有时,Lsass.exe会显示CPU和磁盘使用率过高的问题。某些Windows文件和进程不应显示高内存消耗和CPU负载。如果是这样,则表明出现问题,可能是病毒或恶意软件已进入系统。
你能终止 lsass.exe进程(Process)吗?
因为它是系统文件,所以终止它没有意义。但是,如果您尝试这样做,您将面临严重的系统错误,因为它是一个安全子系统服务。您还应该避免从您的计算机系统中删除该文件。
lsass.exe是病毒吗?
我们在本文前面已经解释过Lsass.exe是一个系统文件。因此,您不必担心此文件会对您的计算机系统造成任何威胁。因此,它既不是病毒也不是恶意软件。
合法的 lsass.exe 文件位于 C:WINDOWSsystem32 文件夹中。如果在其他地方发现它,则可能是恶意软件。
此外,此合法文件的版权归Microsoft Corporation 所有(Microsoft Corporation)。
如果在其他地方发现它,您应该在引导时使用您的防病毒软件运行完整的 PC 扫描。(run a full PC scan at Boot-Time)
我们在这里列出了两种方法,您可以通过它们来区分真正的Lsass.exe文件和假文件。
方法一:
您可以检查Lsass.exe文件的授权签名。请按照下列步骤操作:
1]打开(Open)任务管理器并转到“详细信息(Details)”选项卡。向下滚动(Scroll)以找到Lsass.exe进程。现在,右键单击它并选择“属性(Properties)”。
2]您的系统上将打开一个新窗口。在“数字签名(Digital Signature)”选项卡下,您可以查看签名者的姓名。如果文件是真实的,则签名者将是Microsoft Windows Publisher。选择签名者并单击“详细信息(Details)”按钮。这将打开另一个窗口,其中包含发布者的所有详细信息。您还可以通过单击“查看证书(View Certificate)”按钮查看证书详细信息。
如果数字签名不是来自Microsoft Corporation,则该文件可能是病毒或恶意软件。
相关(Related):lsass.exe 终止和高 CPU 或磁盘使用问题。
方法二
检查Lsass.exe(Lsass.exe)是否为恶意软件的另一种方法是检查它的位置。这一次,您必须在任务管理器中右键单击Lsass.exe文件后选择“(Lsass.exe)打开文件位置”选项。(Open File Location)
这将打开文件所在的路径。如果文件的路径不是C:\Windows\System32,则可能是病毒或恶意软件。
如何删除Lsass.exe 病毒(Lsass.exe Virus)或恶意软件(Malware)?
我们在这里列出了删除假Lsass.exe文件的步骤。
- 首先,您必须使用任务管理器中的“(First)结束任务(End Task)”选项来终止伪造的Lsass.exe进程。确保(Make)只禁用虚假的Lsass.exe进程,而不是真正的进程,因为它可能会导致错误。
- 之后,使用“打开文件位置(Open File Location)”选项转到它所在的文件夹并将其删除。删除之前,请检查路径。伪造文件不应位于C:\Windows\System32文件夹中。
- 使用受信任的防病毒程序扫描您的整个系统。
合法的 lsass.exe 是Windows系统的重要文件。杀死它可能会导致PC重新启动。删除它可能会导致严重错误,您可能必须重新安装操作系统。始终(Always)遵循本文中讨论的安全步骤来保护您的设备免受Lsass.exe病毒和恶意软件的侵害。
您可能还喜欢(You may also like):Windows 中的 svchost.exe 是什么?
What is lsass.exe in Windows 10 and How to know If It is a Virus?
Every machine has system files. These system files take care of different processes. When you turn ON a machine, multiple processes start running in the background ensuring the machine will perform correctly. One among them is lsass.exe. But do you know that some malware and viruses can camouflage as system files? Many users do not know how to identify such types of viruses and malware. Due to this, threats remain active in their systems for a long time without being noticed as they consider threats as the system files.
What is lsass.exe Process in Windows 10
Lsass.exe is an executable Windows file and stands for Local Security Authority Subsystem Service. As you can see the name of this process contains two words, “Security Authority,” this process controls the tasks of Windows 10 concerned with the security policy. For example, user’s verification in the server, user’s authentication during login, password changes, etc.
When you enter the wrong password during login into your account on Windows PC, it is the Lsass.exe process that displays the message “Password does not match.” If the lsass.exe process fails, the user immediately loses access to all his accounts on the Windows machine.
You can view the lsass.exe process in the task manager. For this, right-click on the taskbar and select the “Task Manager.” Now go to the “Details” tab and scroll down to view the Lsass.exe process.
What is Lsass.exe Showing High CPU and Memory Usage?
Sometimes, Lsass.exe shows high CPU and disk usage issues. Some Windows files and processes should never show high memory consumption and CPU load. If they do, it is an indicator of something wrong, probably a virus or malware has entered the system.
Can you Terminate the lsass.exe Process?
Because it is the system file, it does not make sense of terminating it. However, if you try to do so, you will face a critical system error because it is a security subsystem service. You should also refrain from deleting the file from your computer system.
Is lsass.exe a Virus?
We have explained earlier in this article that Lsass.exe is a system file. Therefore, you need not worry about any threat to your computer system due to this file. THence, it is neither a virus nor malware.
The legit lsass.exe file is located in the C:\WINDOWS\system32\ folder. If it is found elsewhere, it could be malware.
Moreover, the copyright of this legit file goes to Microsoft Corporation.
If it is found elsewhere, you should run a full PC scan at Boot-Time with your antivirus software.
We are listing here two methods by which you can distinguish the real Lsass.exe file from the fake one.
Method 1:
You can check the authorized signature of the Lsass.exe file. Follow the below-listed steps:
1] Open the task manager and go to the “Details” tab. Scroll down to find the Lsass.exe process. Now, right-click on it and select the “Properties.”
2] A new window will open on your system. Under the “Digital Signature” tab, you can view the name of the signer. If the file is real, the signer will be the Microsoft Windows Publisher. Select the signer and click on the “Details” button. This will open one more window containing all the details of the publisher. You can also view the certificate details by clicking on the “View Certificate” button.
If the digital signature is not from the Microsoft Corporation, the file may be a virus or malware.
Related: lsass.exe terminated and High CPU or Disk usage issues.
Method 2
Another method to check whether the Lsass.exe is malware or not is by checking where it is located. This time, you have to select the “Open File Location” option after right-clicking on the Lsass.exe file in the task manager.
This will open the path where the file is located. If the path of the file is other than C:\Windows\System32, it may be the virus or malware.
How to remove Lsass.exe Virus or Malware?
We are listing here the steps to delete the fake Lsass.exe file.
- First of all, you have to terminate the fake Lsass.exe process by using the “End Task” option in the task manager. Make sure that you disable only the fake Lsass.exe process and not the real one, as it may cause errors.
- After that, go to the folder where it is located by using the “Open File Location” option and delete it. Before deleting it, please check the path. The fake file should not be located in the C:\Windows\System32 folder.
- Scan your entire system with a trusted antivirus program.
The legit lsass.exe is a crucial file for Windows systems. Killing it could cause the PC to reboot. Deleting it can cause serious errors and you may have to reinstall the OS. Always follow the safety steps discussed in this article to protect your device from Lsass.exe viruses and malware.
You may also like: What is svchost.exe in Windows?
