当您的电脑由于随机进程而突然变慢时,很容易认为这是恶意软件 - 但有时,这是因为合法的Windows程序。LSALSO.exe就是这样一种Windows进程,经常出现故障,导致(Windows)CPU使用率极高。
在本文中,我们将解释LSALSO.exe进程是什么、为什么它会导致CPU使用率过高以及如何修复它。
什么是LSALSO.exe?
LSALSO.exe(或LSAisolated)是与 Microsoft 的Credential Guard和KeyGuard进程关联的合法Windows可执行文件。(Windows)这是一个称为“trustlet”的重要过程。这是一个安全的进程,可以帮助Windows操作系统完成系统调用。
LSALSO.exe作为独立用户模式(Isolated User Mode)( IUM ) 进程存在于称为(IUM)虚拟安全模式(Virtual Secure Mode)( VSM )的安全环境中。VSM是(VSMs)Windows 10中引入的一项安全功能,可确保不同虚拟信任级别(Virtual Trust Levels)( VTL(VTLs) ) 中的进程无法访问其他VTL(VTLs)中的内存。从本质上讲,这可以防止不当访问(防止恶意软件和其他安全问题)。
本地安全机构(Local Security Authority)( LSASS ) 管理系统策略、用户身份验证,并处理密码哈希和Kerberos密钥等敏感数据。LSALSO.exe进程确保系统可以在不同的VTL之间(VTLs)进行(LSALSO.exe)通信。简而言之,LSALSO.exe在(LSALSO.exe)VTL1中运行,并与VTL0中的LSASS.exe共享加密通信,防止恶意代码在VTL0中运行。
为什么LSALSO.exe 的 CPU 使用率很高(Does LSALSO.exe Have High CPU Usage)?
虽然LSALSO.exe是一个安全且值得信赖的Microsoft Windows进程,但它通常与高CPU使用率相关。这通常是在驱动程序或其他应用程序尝试将动态链接库(Dynamic Link Library)( DLL ) 文件加载到LSALSO.exe中时引起的。在此过程中,系统有时会不稳定,导致系统使用率增加。
但是, LSALSO.exe(LSALSO.exe)中还有其他导致CPU使用率过高的潜在原因,包括:
- 恶意软件(Malware)。黑客经常设计恶意软件来伪装成系统可执行文件。如果您的系统已感染伪装为LSALSO.exe的恶意软件,您将看到的只是与该可执行文件相关的CPU使用率增加。
- (Corrupted)系统文件损坏。文件(File)损坏和其他常见故障可能会导致LSALSO.exe等进程出现故障。
- 过时的驱动程序。LSALSO.exe中CPU使用率增加通常是由尝试加载其程序的驱动程序引起的。更新旧驱动程序可以解决此问题。
- 超载的系统。尝试同时运行太多进程可能会导致CPU使用率过高。
如何修复 LSALSO.exe 高 CPU 使用率(Fix LSALSO.exe High CPU Usage)
当LSALSO.exe(LSALSO.exe)进程导致CPU使用率过高时,有 5 种方法可以修复该进程:
1.验证LSALSO.exe进程
第一步是确定LSALSO.exe进程是否合法。为此:
- Press Ctrl + Shift + Esc打开任务管理器(Task Manager)。
- 右键单击LSALSO.exe并选择属性。
- 选择“详细信息”(Details)选项卡,并确保“版权”旁边显示“Microsoft Corporation ” 。保留(Reserved)所有(All) 权利(Rights) 。如果这里显示其他内容,则很可能是恶意软件伪装成真实进程。
无论哪种方式,扫描您的电脑是否存在潜在的恶意软件和病毒都是一个好主意。打开防病毒软件并扫描您的电脑。如果您没有安装第三方防病毒软件,您可以按如下方式
使用Windows Defender :
- 按(Press)Windows键 + I 打开“(Windows)设置”(Settings)。
- 选择更新和安全。
- 选择“Windows 安全”。
- 选择病毒和威胁防护。
- 选择病毒和威胁防护。
- 选择快速扫描。
2.用排除(Elimination)法找出原因
遗憾的是,无法使用Windows 调试工具来检查(Windows Debugging Tools)LSAISO.exe CPU峰值的原因。这意味着您必须使用排除过程来删除可能有问题的应用程序和驱动程序。
第一步是禁用尽可能多的应用程序,直到LSALSO.exe文件停止峰值。为此:
- Press Ctrl + Shift + Esc打开任务管理器(Task Manager)。
- 选择“进程”(Processes)选项卡,然后滚动浏览列表。
- 右键单击每个任务并选择结束任务(End Task)。重点(Focus)关注非 Windows 进程以避免引起其他问题。
如果结束某个任务可以阻止LSALSO.exe激增,那么您就知道自己在处理什么问题。这可能是一次性的,在这种情况下您不需要执行任何操作。但是,如果再次发生这种情况(使用相同的过程),您应该更新或卸载该应用程序以防止将来发生此类事件。
3. 更新您的驱动程序
如果LSALSO.exe任务仍然显示CPU使用率较高,则需要禁用或手动更新驱动程序(manually update your drivers)。
为此:
- Press Ctrl + R打开“运行”(Run)对话框。
- 输入“(Type “) devmgmt.msc”并按Enter。这将打开设备管理器(Device Manager)。
- 滚动浏览(Scroll)并展开每个类别。然后,右键单击每个应用程序并选择“禁用(Disable)驱动程序”,然后检查LSALSO.exe是否仍然具有较高的CPU使用率。
- 如果您发现该应用程序有问题,请右键单击它并选择更新(Update)驱动程序。选择自动(Select Automatically)查找驱动程序,然后让向导完成安装。
4. 检查排队的 APC
虽然您无法使用 Windows 的调试工具来查找有故障的应用程序,但您可以使用它们来确定驱动程序是否有故障。
首先,下载并安装Windows 调试器(Windows Debugger)( WinDbg )。如果你的Windows(Windows)版本早于Windows 10 周年更新(Anniversary Update),则需要安装Visual Studio并下载正确版本的Windows 驱动程序工具包 (WDK)(Windows Driver Kit (WDK))。
接下来,您需要在CPU(CPU)峰值期间创建内核内存转储。这将帮助您确定哪个驱动程序有问题。
为此:
- 下载Sysinternals 套件(Sysinternals Suite)。
- 解压NotMyFault.exe 内核(NotMyFault.exe kernel)转储工具。
- 打开控制面板。
- 选择系统和安全。
- 选择系统。
- 选择高级系统设置。
- 在“高级”选项卡中的(Advanced)“启动(Startup)和恢复”(Recovery)下,选择“设置”(Settings)。
- 在“启动(Startup)和恢复”(Recovery)对话框中,选择“内核(Kernel)内存转储”。
- 记下转储文件(Dump File)位置,然后选择确定。
- (Run WinDbg.exe)以管理员身份
运行 WinDbg.exe 。
- 选择“文件”>“设置”。
- 选择调试设置。
- 接下来,您需要告诉调试器在哪里查找其符号文件路径。在“默认(Default)符号路径”旁边添加以下路径,然后选择“确定”:h ttps://msdl.microsoft.com/download/symbols
- 选择“文件”(File)菜单,然后选择“打开(Open)转储文件”。如果未打开,请确保以管理员身份运行WinDbg并手动浏览该文件。它位于 C:Windows。
- 浏览(Browse)到您之前记下的转储文件位置,然后选择(Dump File)“打开”(Open)。通过检查Properties(Properties)中的日期,确保此处的 .dmp 文件是今天(Make)创建(.dmp)的。
- 返回WinDbg.exe,在命令(Command)窗口中输入“!apc”并按Enter。
- 分析转储文件(Analyze the dump file)并查找“LSALSO.EXE”。如果驱动程序列在LSALSO.exe下,它将显示为“ Problem Driver.sys(用其实际名称代替“Problem Driver”)。如果此处列出了某个驱动程序,则表示它已创建APC队列。要修复此问题,请重新安装驱动程序或联系驱动程序制造商以进一步排除故障。
如果LSALSO.exe(LSALSO.exe)下没有列出任何驱动程序,则意味着没有排队的APC(APCs)。
5.重置Windows
如果上述方法无法帮助您解决CPU使用率高的问题,您可以尝试将Windows重置为出厂默认设置。通常(Often),这可以修复驱动程序和其他应用程序的任何残留问题,并将LSALSO.exe进程返回到其默认状态。
查看我们有关如何将Windows 10(Windows 10)和Windows 11恢复出厂设置的深入指南。
减少 CPU 使用率(Reduce CPU Usage)以获得更好的结果(Better Results)
没有什么比让一个随机进程无缘无故地消耗你的系统资源更糟糕的了。希望本疑难解答指南能够帮助您解决(Hopefully)LSALSO.exe 的(LSALSO.exe)问题,并使您的电脑再次像正常一样运行。
What Is LSAISO.exe and How to Reduce Its High CPU Usage
When your PC suddenly slowѕ down because of a random process, it can be easy to assume it’s malware – but occasionally, it’ѕ because of a legitimate Windows program. LSALSO.exe is one such Windows proceѕs that often malfunctіons, causing extremely high CPU υѕage.
In this article, we’ll explain what the LSALSO.exe process is, why it causes high CPU usage, and how to fix it.
What is LSALSO.exe?
LSALSO.exe (or LSA Isolated) is a legitimate Windows executable file that’s associated with Microsoft’s Credential Guard & KeyGuard process. It’s an essential process known as a “trustlet”. This is a secure process that helps the Windows operating system complete system calls.
LSALSO.exe exists in a secure environment called Virtual Secure Mode (VSM) as an Isolated User Mode (IUM) process. VSMs are a security feature introduced in Windows 10 that ensures that processes within different Virtual Trust Levels (VTLs) can’t access memory in other VTLs. Essentially, this prevents inappropriate access (protecting against malware and other security issues).
The Local Security Authority (LSASS) manages system policy, user authentication, and handles sensitive data like password hashes and Kerberos keys. The LSALSO.exe process ensures that the system can communicate between different VTLs. In short, LSALSO.exe runs in VTL1 and shares encrypted communication with LSASS.exe in VTL0, preventing malicious code from running in VTL0.
Why Does LSALSO.exe Have High CPU Usage?
While LSALSO.exe is a secure and trusted Microsoft Windows process, it’s often associated with high CPU usage. This is usually caused when drivers or other applications try to load a Dynamic Link Library (DLL) file into LSALSO.exe. Occasionally during this process, the system destabilizes, causing increased system usage.
However, there are other potential causes of high CPU usage in LSALSO.exe, including,
- Malware. Hackers often design malware to masquerade as system executable files. If your system has been infected with malware that’s disguised as LSALSO.exe, all you’ll see is increased CPU usage linked to that executable.
- Corrupted system files. File corruption and other common glitches can cause processes like LSALSO.exe to malfunction.
- Outdated drivers. Increased CPU usage in LSALSO.exe is often caused by drivers that are trying to load their programs. Updating old drivers can resolve this issue.
- An overloaded system. Trying to run too many processes at once can lead to high CPU usage.
How to Fix LSALSO.exe High CPU Usage
Here are 5 ways to fix the LSALSO.exe process when it’s causing high CPU usage:
1. Verify the LSALSO.exe Process
The first step is to make sure whether the LSALSO.exe process is legitimate or not. To do so:
- Press Ctrl + Shift + Esc to open the Task Manager.
- Right-click LSALSO.exe and select Properties.
- Select the Details tab and ensure that next to “Copyright”, it says Microsoft Corporation. All Rights Reserved. If it says something else here, it’s likely malware masquerading as the real process.
Either way, it’s a good idea to scan your PC for potential malware and viruses. Open your antivirus software and scan your PC. If you don’t have a third-party antivirus installed, you can use Windows Defender as follows:
- Press the Windows key + I to open Settings.
- Select Update & Security.
- Select Windows Security.
- Choose Virus & threat protection.
- Select Virus & threat protection.
- Choose Quick scan.
2. Use the Process of Elimination to Find the Cause
Unfortunately, it isn’t possible to use the Windows Debugging Tools to check for the causes of LSAISO.exe CPU spiking. This means that you’ll have to use the process of elimination to remove applications and drivers that could be at fault.
The first step is to disable as many applications as possible until the LSALSO.exe file stops spiking. To do so:
- Press Ctrl + Shift + Esc to open the Task Manager.
- Select the Processes tab, then scroll through the list.
- Right-click each task and select End Task. Focus on non-Windows processes to avoid causing additional issues.
If ending a certain task stops the LSALSO.exe from spiking, you know what you’re dealing with. It may be a one-off, in which case you won’t need to do anything. However, if it happens again (with the same process), you should update or uninstall that application to prevent future incidents.
3. Update Your Drivers
If the LSALSO.exe task is still showing high CPU usage, it’s time to disable or manually update your drivers.
To do so:
- Press Ctrl + R to open the Run dialog box.
- Type “devmgmt.msc” and press Enter. This will open the Device Manager.
- Scroll through and expand each category. Then, right-click on each application and select Disable driver, then check whether LSALSO.exe still has high CPU usage.
- If you find the application at fault, right-click it and select Update driver. Select Automatically find drivers, and let the wizard complete the installation.
4. Check for Queued APCs
While you can’t use Windows’ debugging tools to find faulty applications, you can use them to determine whether a driver is at fault.
First, download and install the Windows Debugger (WinDbg). If your version of Windows is prior to the Windows 10 Anniversary Update, you’ll need to install Visual Studio and download the right version of the Windows Driver Kit (WDK).
Next, you need to create a kernel memory dump during the CPU spike. This will help you determine which driver is at fault.
To do so:
- Download the Sysinternals Suite.
- Unpack the NotMyFault.exe kernel dump tool.
- Open the Control Panel.
- Select System and Security.
- Select System.
- Select Advanced system settings.
- In the Advanced tab, under Startup and Recovery, select Settings.
- In the Startup and Recovery dialog box, select Kernel memory dump.
- Note the Dump File location, then select OK.
- Run WinDbg.exe as an administrator.
- Select File > Settings.
- Select Debugging settings.
- Next, you need to tell the debugger where to look for its symbol file path. Add the following path next to “Default symbol path” and select OK: https://msdl.microsoft.com/download/symbols
- Select the File menu then select Open dump file. If it doesn’t open, make sure you run WinDbg as an administrator and manually browse for the file. It’s located in C:\Windows.
- Browse to the Dump File location that you noted previously and select Open. Make sure that the .dmp file here has been created today by checking the date in Properties.
- Back in WinDbg.exe, in the Command window, type “!apc” and press Enter.
- Analyze the dump file and look for “LSALSO.EXE”. If a driver is listed under LSALSO.exe, it will appear as “Problem Driver.sys (with its actual name in place of “Problem Driver”).” If a driver is listed here, it means that it’s created an APC queue. To fix it, reinstall the driver or contact the driver manufacturer to troubleshoot further.
If no driver is listed under LSALSO.exe, it means there are no queued APCs.
5. Reset Windows
If the above methods didn’t help you resolve the high CPU usage issue, you could try resetting Windows to its factory defaults. Often, this fixes any residual issues with drivers and other applications and returns the LSALSO.exe process to its default state.
Check out our in-depth guides on how to factory reset Windows 10 and Windows 11.
Reduce CPU Usage For Better Results
There’s nothing worse than having a random process chew up your system resources for no obvious reason. Hopefully, this troubleshooting guide has helped you resolve your issues with LSALSO.exe and get your PC running like normal once again.
