All executable files lying inside the System32 folder on Windows PC are important and are responsible to perform some major functions. When a virus enters your system, it tries to copy the name of such files so that you never question these system files. In this post, we will discuss one such file named lsass.exe, what functions lsass.exe performs, and how to delete it if it is found to be a fake system file.
How to Force Delete Files or Folders in Windows 11
What is lsass.exe and how does it function?
lsass.exe is basically a system file and is used to enforce security policies on Windows PC. It is because of this file, your system is able to store credentials in memory to enable a single sign-in. Moreover, this file has a lot to do with password changes and login verifications on Windows.
The lsass.exe file has a lot to do when you are working on a server managing several domains or computers. On a server, this file stores thousands of IDs and their passwords. Whenever a domain is trying to sign in, this file checks for the entered ID and password and matches the same with the stored information on the server.
It is because of this constant monitoring, users find this system file consuming more CPU, RAM, or sometimes IO resources on a domain controller computer. The RAM usage increases the first time a domain logins and it lowers significantly when the connection establishes. However, if you still notice a very RAM consumption, this must be because of some malware attack.
Whenever malware attacks your system, it copies the system file name and behaves like it is a system file. However, there are tricks using which you can differentiate between a system file and viruses. This post discusses how to detect a faulty file on your system based on its file location, name, and size. After you have identified the corrupt file, you may manually delete that file or use Windows Defender.
What is Jucheck.exe and how to remove it on Windows PC
1] Double-check its name for spelling
The lowercase “L” (l) and uppercase “i” (I) look almost identical when not looked at closely. Hackers utilize this abnormality to generate malware named Isass.exe and put it inside your system. Users think of it as a system file and thus their PCs are always at risk of the data breach.
If your system is running slow, and you came to know of this file on your system, we suggest checking if the file on your PC is really a genuine file or simply a virus. Here’s how to identify a corrupt file based on its name –
- First of all, copy the file name and paste it into MS Word.
- Select all the letters and press Shift + f3.
- lsass.exe will either change to Isass.exe or Lsass.exe.
- If it is Isass.exe then it’s a virus. However, if it changes to Lsass.exe, then this is a genuine system file.
I hope this method alone helps you to detect the fake system file on your Windows PC.
Note: The malware could also take up some other names as well like lsassa.exe, lsasss.exe, etc. So, check for different possibilities and disable all these fake files.
How to solve esentutl.exe error in Windows 10
2] Open File Location
The system “lsass.exe” file lies within the folder located at C:\Windows\System32. Any file bearing a similar name but found at a different location must be malware. So, check if the lsass.exe file really lies at its default location or if some virus has entered your system.
Here’s how to check the file location of any file in Windows –
- Press Win + R to launch the Run dialog.
- Type “
taskmgr
” on it and hit OK to launch Task Manager. - Go to the Processes tab and look for a file named lsass.exe. In case you didn’t find this file under the Processes tab, look for the same under the Details tab.
- Once located, right-click on this file, and choose the option – Open file location.
- The system will redirect you to the chosen file’s current location in File Explorer.
- If the URL of this folder is C:\Windows\System32, the lsass.exe file is a system file.
- However, if you are redirected to any location other than the System32 folder, the lsass.exe is simply a virus and must be removed from your system.
Note: If you see more than one lsass.exe file, one of them must be genuine while the rest are simply fake executable files. You need to manually find the genuine one and delete the remaining ones.
What is winlogon.exe in windows 10 and how does it work
3] Look for its file size
The system lsass.exe file is around 84 KB in size on Windows 11. If you check its file size on other versions of Windows, it would come to around 57 KB on Windows 10, and 46 KB on Windows 8. In short, you will never find its size more than 100 KB. On the contrary, any virus resembling its name will be much more in size.
To confirm the Genuity of the system file by its size, follow these steps –
- Press Ctrl + Alt + Del, and choose the option, Task Manager.
- When the task manager opens up, go to the Processes tab.
- Scroll down and locate the lsass.exe file. If you didn’t find this file under the Processes tab, go to the Details tab.
- Now, look again for the lsass.exe file, and right-click on it.
- Select Properties and check what is its size under the General tab.
If its size or size on disk is not more than a few KBs, rest assured as this must be a system file. Worry only when its size comes to around a few MBs or more.
How do I remove the lsass.exe virus from my system?
If you have confirmed this file to be a virus, you must remove this file from your system. Follow the below instructions on how to get rid of this file from Windows 11/10 –
- Right-click anywhere on the taskbar and select Task Manager. Alternatively, one may also use the hotkey “Ctrl + Shift + Esc” to start the Task Manager.
- Select the Details tab on the left pane and head over to the right side.
- Scroll down and locate lsass.exe. When found, right-click on it and select Open file location.
- Right-click again on the lsass.exe file and hit End task this time.
- Go back to its file location, and clear all the contents inside that folder. Make sure to delete the folder as well after you are done deleting its contents.
How to remove the wab.exe file from the PC
Should I disable the lsass.exe system file?
The lsass.exe file is a system file and it informs other services when the Security Accounts Manager (SAM) is ready to receive requests. When you disable this process, system services won’t receive notifications when the SAM is ready. This results in delayed or not starting certain services on your Windows PC.
We suggest differentiating between the system file and the malware that takes up its name and removing the malicious file from your device.
How can I fix lsass.exe high RAM usage issues?
If the lsass.exe file is consuming very RAM or CPU on your Windows PC, consider applying the following fixes –
- Launch CMD as administrator first, and run the below two commands on it –
sfc /scannow
DISM /online /cleanup-image /restorehealth
- The first command will check for any missing or damaged system files on your computer. In case it does find some file corruption, the SFC tool will automatically repair them.
- The DISM tool will check for corruption within your System Image and repair the same.
If both these tools complete 100% without informing any system corruption, go to Settings > Windows Update and check for pending updates. The system will connect to Microsoft servers online, and if any updates are pending, the same will be downloaded and installed automatically on your computer.
Go for system restore as the last resort as this takes a considerably good amount of time to revert your PC to an earlier stable state. One may even go for a clean install of Windows 11 or Windows 10 if nothing seems to be working on his or her device.