想象一辆有数千个活动部件的汽车，从引擎盖下看，所有部件都在呼啸而过。除非其中一个人做了一些意想不到的事情，否则很难知道它会做什么。然而，你肯定知道什么时候出了问题。

一些Windows进程就是这样，lsass.exe就是其中之一。当 lsass.exe 完成它的工作时，没有人在乎。当 lssas.exe 具有高CPU使用率或崩溃时，我们会注意到并想知道为什么它甚至在那里。

什么是 lsass.exe，它安全吗？^{(What Is lsass.exe and Is It Safe?)}

所有工具，落入坏人手中，都是武器。lssas.exe^(lsass)中的lsass 是Local Security Authorization Subsystem Service的缩写。本地安全授权^{(Security Authorization)}是一个用于验证用户并让他们登录的系统。它还跟踪安全策略并为与安全相关的事件生成系统日志警报。 

您可以想象，当 lsass.exe 执行其工作时，它是一个强大的工具并且非常安全。你也可以想象，当它不做它的工作时，事情会变得很糟糕。 

How to Remove lsass.exe From Windows 11/10

除非您确定它是假的 lsass.exe，否则不要从Windows中删除 lsass.exe。^(Windows)这对Windows 11/10至关重要。尝试在Windows 11/10中杀死 lsass.exe 进程将导致错误消息是否要结束系统进程“本地安全机构进程”？ ^{(Do you want to end the system process ‘Local Security Authority Process’? )}

选择这样做将导致Windows关闭并且未保存的工作将丢失。如果 lsass.exe 因任何原因失败，它可能会立即关闭Windows。 

如何检查 lsass.exe 是否真实^{(How to Check If lsass.exe Is Real or Not)}

如果您怀疑 lsass.exe 引起了问题，请首先检查它是否是真正的 lsass.exe。

仔细检查 lsass.exe 名称^{(Check the lsass.exe Name Closely)}

小写 L、大写 i (I) 和数字 1 可能会欺骗眼睛。黑客会用一种代替另一种。你认为真正的 lsass.exe 可能是Isass.exe或 1sass.exe。

伪造进程的名称也可能有轻微的拼写变化。也许有一个 S 太多、一个空格或其他一些小的、容易忽略的差异。

检查 Lsass.exe 数字签名和文件位置^{(Check Lsass.exe Digital Signature and File Location)}

1. 按Ctrl + Shift + Esc打开任务管理器^{(Task Manager)}。选择更多详细信息^{(More Details)}。

1. 向下滚动并找到Local Security Authority Process。右键单击它并选择Properties。

1. 在常规^{(General )}选项卡上，位置旁边的位置^{(Location )}应为C:\Windows\System32 或您系统的等效项。大小^{(Size )}应该非常接近 58 KB。如果它超过两倍，您可能遇到了问题。

1. 在数字签名^{(Digital Signatures )}选项卡上，签名者的名称^{(Name of signer )}应为Microsoft Windows Publisher。

使用 Microsoft Defender 扫描 Lsass.exe^{(Scan Lsass.exe With Microsoft Defender)}

1. 在任务管理器中，再次找到本地安全机构进程^{(Local Security Authority Process )}。右键单击它并选择Open File Location。

1. 文件资源管理器^{(File Explorer)}将打开并选择 lsass.exe。右键单击它并选择Scan with Microsoft Defender。

1. 结果应该是没有当前威胁^{(No current threats)}。

如果仍有问题，请使用其他受信任的防病毒^{(trusted antivirus)}或反恶意软件应用程序进行相同的扫描。

如果上述任何检查失败，请开始从您的计算机中删除病毒或恶意软件。

lsass.exe 是否会导致 CPU、RAM 或其他高系统资源使用率？^{(Can lsass.exe Cause High CPU, RAM, or Other High System Resource Usage?)}

大多数关键的Windows 进程^{(Windows processes)}不使用很多资源。他们的工作有限，几乎不需要执行它们。但是，lsass.exe 在处理诸如登录之类的事情时可能会出现峰值，但它应该会在一两秒内恢复到几乎不使用任何内容。

如果域控制器^{(domain controller)}(DC) 服务器上 lsass.exe 的 CPU 使用率相当高，可能是因为它为大量用户处理安全问题。它控制Active Directory数据库。如果您了解Active Directory (AD)，那么 lsass.exe 在 DC 上比在普通计算机上使用更多资源也就不足为奇了。

在 DC 上，除了人们登录或注销的高峰时间外，预计 lsass.exe 的CPU占用率将保持在 10%以下。在 PC 上，预计 lsass.exe 大多数时间都保持在 1% 以下。

如果lsass.exe 的RAM或网络使用率似乎很高，则有可能它不是真正的 lsass.exe 或已被感染。采取通常的预防措施，例如使用 Microsoft Defender 运行脱机病毒扫描^{(running an offline virus scan with Microsoft Defender)}。

任何影响安全的事情都会影响 lsass.exe 使用的资源数量。DC 与连接到它的系统之间的时间差。^(Time)准确的时间对于安全证书之类的事情至关重要。检查 DC 和连接的系统是否存在时差。您可能希望使用网络时间协议 (NTP) 服务器^{(use a Network Time Protocol (NTP) server)}来同步域中所有设备的时间。

损坏^(Corrupted)的系统文件也可能是合法 lsass.exe 资源使用率高的原因。尝试使用SFC和DISM命令清理和修复系统文件^{(clean up and repair system files)}。

如果脱机病毒扫描和使用SFC和DISM命令不能解决问题，则唯一的选择可能是擦除并重新安装 Windows^{(wipe and reinstall Windows)}。

在哪里可以了解有关 Windows 进程的更多信息？^{(Where Can I Learn More About Windows Processes?)}

对您的Windows设备的工作方式感兴趣，真是太好了！我们有很多关于 Windows 进程的文章，它们是否可以被删除，以及为什么进程的CPU、内存、网络或磁盘使用率过高^{(disk usage that’s too high)}。 

我们还展示了如何使用 SysInternals Process Monitor 和 Process Explorer^{(how to use SysInternals Process Monitor and Process Explorer)}来解决问题。如果您没有看到有关您感兴趣的过程的文章，请告诉我们。我们很乐意为您编写。

What Is lsass.exe and Is It Safe?

Imagine a car with thousands of moving parts and looking under the hood to see all the partѕ whizzing and turning. Until one of them does ѕomething unexpected, it’s hard to know what to expect it to do. Yet you definitely know when sоmething’s not right.

Some Windows processes are like that, and lsass.exe is one of them. When lsass.exe does its job, no one cares. When lssas.exe has high CPU usage or crashes, we notice and wonder why it’s even there.

What Is lsass.exe and Is It Safe?

All tools, in the wrong hands, are weapons. The lsass in lssas.exe is an acronym of Local Security Authorization Subsystem Service. Local Security Authorization is a system for authenticating users and logging them on. It also keeps track of security policies and generates system log alerts for events related to security. 

You can imagine that when lsass.exe is doing its job, it’s a powerful tool and very safe. You can also imagine that when it’s not doing its job, things get bad. 

How to Remove lsass.exe From Windows 11/10

Don’t remove lsass.exe from Windows unless you’re certain it is a fake lsass.exe. It’s that crucial to Windows 11/10. Trying to kill the lsass.exe process in Windows 11/10 will result in the error message Do you want to end the system process ‘Local Security Authority Process’? 

Choosing to do so will cause Windows to shut down and unsaved work will be lost. If lsass.exe fails for any reason, it will likely shut down Windows instantly. 

How to Check If lsass.exe Is Real or Not

If you suspect that lsass.exe is causing issues, first check to see if it’s the real lsass.exe.

Check the lsass.exe Name Closely

The lower-case L, the upper-case i (I), and the number 1 can be deceptive to the eye. Hackers will substitute one for the other. What you think is the real lsass.exe could be Isass.exe or 1sass.exe.

The name of the fake process may also have a slight spelling variation. Perhaps there’s one S too many, a space, or some other small, easy-to-overlook difference.

Check Lsass.exe Digital Signature and File Location

1. Press Ctrl + Shift + Esc to open Task Manager. Select More Details.

1. Scroll down and find Local Security Authority Process. Right-click on it and select Properties.

1. On the General tab, next to Location it should read C:\Windows\System32 or the equivalent for your system. Size should be very close to 58 KB. If it’s more than double that, you’ve probably got an issue.

1. On the Digital Signatures tab, the Name of signer should be Microsoft Windows Publisher.

Scan Lsass.exe With Microsoft Defender

1. In Task Manager, find Local Security Authority Process again. Right-click on it and select Open File Location.

1. File Explorer will open and lsass.exe will be selected. Right-click on it and select Scan with Microsoft Defender.

1. The result should be No current threats.

If there are still concerns, do the same scan with a different trusted antivirus or antimalware application.

If any of the above checks fail, begin the process of removing viruses or malware from your computer.

Can lsass.exe Cause High CPU, RAM, or Other High System Resource Usage?

Most critical Windows processes don’t use many resources. They have limited jobs and require little to carry them out. However, lsass.exe can spike when handling something like a login, yet it should return to using nearly nothing within a second or two.

If CPU usage by lsass.exe on a domain controller (DC) server is fairly high, it’s likely because it’s processing security for a large number of users. It controls the Active Directory database. If you know about Active Directory (AD), then it’s not surprising that lsass.exe will use more resources on a DC than on an average computer.

On a DC, expect lsass.exe to stay well under 10% CPU except for peak times of people logging on or off. On a PC, expect lsass.exe to stay under 1% most of the time.

If RAM or network usage by lsass.exe seems high, there’s a chance it’s not the real lsass.exe or it’s been infected. Take the usual precautions like running an offline virus scan with Microsoft Defender.

Anything that affects security can affect how many resources lsass.exe uses. Time differences between a DC and a system connected to it. Accurate time is crucial for things like security certificates. Check the DC and attached systems for time differences. You may want to use a Network Time Protocol (NTP) server to sync time for all devices on the domain.

Corrupted system files may also be the cause of a legitimate lsass.exe’s high resource usage. Try using the SFC and DISM commands to clean up and repair system files.

If an offline virus scan and using the SFC and DISM commands don’t fix the problem, it’s possible the only option is to wipe and reinstall Windows.

Where Can I Learn More About Windows Processes?

Good on you for taking an interest in how your Windows device works! We’ve got many articles about Windows processes, whether they can be removed, and why the process may have CPU, memory, network, or disk usage that’s too high. 

We also show how to use SysInternals Process Monitor and Process Explorer to troubleshoot issues. If you don’t see an article for the process you’re curious about, let us know. We’d be glad to write it for you.

Related posts

• Windows 中的 conime.exe 是什么（它是否安全）？

• Context Menu编辑：Add，在Windows 11 Remove Context Menu项目

• 如何将任何应用程序放到Windows 11中的Taskbar

• 如何在Windows 11上更改Taskbar size

• 在Windows 11上启用或禁用Wi-Fi和Ethernet adapter

• 如何检查您的电脑是否可以运行Windows 11 PC Health Check tool

• 如何加快Windows 10，使其运行Start，Run，Shutdown faster

• Dynamic Refresh Rate feature如何在Windows 11中工作

• 支持Windows 11 operating system的芯片组和主板

• Checkit Tool将告诉您为什么您的PC不支持Windows 11

• 如何在Windows 11上设置不同桌面上的不同壁纸

• 该PC无法运行Windows 11 - 修复它！

• 如何使用Reigstry Editor移动Taskbar给Top上Windows 11

• 如何在Windows 11中从Photos中制作Video

• 视窗11 Release Date，Price，Hardware Requirements

• 如何安装Windows Subsystem为Linux上Windows 11

• Click在此处在Windows 11中输入您最近的凭据信息

• 如何在Windows 11中隐藏Taskbar Icons上的Badges

• 如何阻止Windows 11在计算机上安装

• 如何在Windows 11启用或禁用动态Refresh Rate（DRR）