The system simultaneously runs a huge number of processes. All of them together ensure the correct operation of services and applications. Some of them are user-defined, that is, they support the operation of third-party software installed on the computer. But there are system processes. They are responsible for working directly with the OS. The article will talk about the lsass.exe application. After reading, you will find out what kind of process it is, where it is located, whether it can be closed and how to detect a virus hiding under the same name.
Lsass.exe - what is this process?
It would be wise to start the article with a definition of this process. For most users, the wording comparing it with an antivirus will be more understandable. And this is partly true. But at the same time, he cannot catch virus programs that get into the system. It works this way: during system startup, the lsass.exe process is first launched. He analyzes an authorized user, and only in case of a successful check gives a command to launch explorer.exe (the graphical shell of the operating system desktop).
Is it possible to complete?
So we figured out what this process is - lsass.exe, but this knowledge is still not enough to eliminate any errors in its operation. Now let's see if it is allowed to complete it. In most cases, users are interested in this issue because the process loads the system using the resources of the central processor. And for low-power computers, each percent of the load is very weighty.
Looking ahead, it is worth saying right away that the process cannot be closed, because it is necessary for the system to work. The fact is that in the "Task Manager" the button responsible for this action will simply be inactive. Deleting it also does not work, for this special rights are required that a simple user will not be able to obtain.
Location in the system
Despite the fact that it is impossible to close the process, let's still figure out where its file is located to run. At the very least, it will come in handy in search of a virus hiding under the same name. But we will talk about malicious programs a bit later, right now - about the location of the file.
It is located in the System32 directory, which is located in the Windows folder on the local drive, most often C. But it is not necessary to open the file manager and manually follow this path, it can be made simpler:
- Open Task Manager.
- Go to the "Processes" section.
- Find the name "lsass.exe".
- Click on it with RMB.
- Select "Open file location" from the menu that appears.
A file manager window will appear , and it will show the "System32" folder with the highlighted lsass.exe file.
Multiple lsass.exe files on a computer
We already found out what kind of process it is - lsass.exe, even more than that - we found out where it is located. Now let's talk about the case when there are several processes of the same name in the "Task Manager". I must say right away that this should not be. Only one lsass.exe file can be launched on the system. An error, due to which the opposite can happen, appears only in the case of a virus entering the system. It is the second process that is the virus. And if you have it, then you must immediately remove it. How to do this will be explained right now.
How to remove a virus
Having seen two simultaneously working processes in the system, you must immediately take actions to eliminate the virus. This is at least because the third-party lsass.exe process is loading the processor. It is because of it that freezes and other glitches happen. Fortunately, fixing the problem is quite simple. We already know that the directory of the legal program is System32, respectively, if the lsass.exe file has a different directory, then this is a virus, and it must be deleted. How to find out where the location of this file is, you already know: in the "Task Manager", click RMB by name and select the option "Open file location".
Useful Tips
This could end the article, but in the end I would like to give some useful tips. Firstly, after you remove the virus, it is recommended to scan the system for other malicious programs. The fact is that most often a virus enters the system not in one file, but in several. Moreover, he can infect others. Secondly, you need to install other anti-virus software, since the anti-virus that you are using has missed this threat. It does not hurt to periodically look in the "Task Manager" and view system processes, so that if a threat is detected, it will be immediately eliminated. It is also worth remembering that not a single system process will heavily load the system. The load indicator can reach a maximum of 30%.
Conclusion
You learned not only what kind of process it is - lsass.exe, but also how to recognize a virus masquerading as it. It is very important to know as much about the processes in the system as possible, if necessary, to make some adjustments to their parameters to ensure the normal functioning of Windows. We hope that this article was useful to you, and you could learn more about a process like lsass.exe.