What Is lsalso.exe and Why Is It Causing High Usage?

There is a process called lsalso.exe in Windows that is troubling Windows users because of its extremely high CPU usage. This process in the Task Manager is associated with Credential Guard & KeyGuard. Below, we have discussed what exactly this process is and how to fix the high CPU usage issue in detail.

What is Lsalso.exe?

Lsalso.exe is an executable file associated with the Credential Guard and KeyGuard process and is developed by Microsoft. The process of this file typically runs in a secure environment called Virtual Secure Mode (VSM) as an Isolated User Mode (IUM) process.

VSM protects processes like Lsalso.exe by using isolation processes called Virtual Trust Level (VTL). LSAISO.exe runs in VTL1 while other processes run in VTL0. 

Windows 10 and Windows Server 2016 changed the Local Security Authority Subsystem Service (LSASS) process, which managed security policy, user authentication, and auditing while also handling sensitive data such as hashed passwords and Kerberos keys.

This process is generally considered safe and essential, but can sometimes cause issues like high CPU usage within the system. This is typically caused due to certain drivers and applications that attempt to load a Dynamic Link Library file (DLL) into the IUM process. This can cause the system to destabilize, causing the issue at hand.

Use the Process of Elimination

As we just mentioned, certain applications and drivers can load DLL into the IUM process, resulting in a spike in CPU usage associated with lsalso.exe. The simplest solution to this is to eliminate the processes of these problematic applications and drivers and see if that fixes the issue. 

Here is what you need to do:

  1. Type Task Manager in the search area of the taskbar and click Open.
  2. Head over to the Processes tab and locate the targeted application.
  3. Then, right-click on it and select End task. Do the same with other potentially problematic applications.
    End the application
  4. Next, launch Device Manager and locate the targeted drivers.
  5. Right-click on them and choose Uninstall driver from the context menu and see if that makes any difference in the high CPU usage caused by lsalso.exe.

Check for Queued APCs

Microsoft has also developed several Debugging Tools for Windows users that you can find in both the Windows Driver Kit (WDK) and the Windows Driver Kit (WDK). If the method mentioned above did not work for you, then you can take the help of these free tools to check for problematic drivers. 

Here is what you need to do:

  1. Install the Windows Debugging (WinDbg) tool from the Windows Driver Kit.
    Download the file
  2. Then, use NotMyFault.exe from the Sysinternals website to generate a kernel memory dump during the spike.
  3. To enable kernel memory, launch a Run dialog box by pressing Windows + R keys together.
  4. After that, type control system in the text field of the dialog box and hit Enter.
  5. Click Advanced system settings. 
    Advanced system settings
  6. Head over to the Advanced tab in the System Properties dialog box.
  7. Click on the Settings button associated with Startup and Recovery.
    Choose settings
  8. Next, expand the drop-down menu for Write debugging information and choose Kernel memory dump.
    Choose kernel memory dump
  9. Hit OK. Note the Dump File location here.
  10. Now navigate to the Start menu and click on the Windows Kits entry. Choose WinDbg(x64/x86) to proceed.
  11. Click on File and select Symbol File Path.
    Symbol file path
  12. Now, type https://msdl.microsoft.com/download/symbols for the Microsoft Symbol Server in the Symbol path section.
    Type the link mentioned
  13. Click OK and access the File menu again.
  14. Choose Open Crash Dump and browse the location you noted in the 9th step.
    Open crash dump
  15. Next, Click Open.
  16. Then, type !apc in the command window and hit Enter.
  17. Once the command is executed, look for <ProblemDriver>.sys under LsaIso.exe.
    Find and report the problem
  18. Contact your driver vendor now and then refer them to this Microsoft document for mitigation recommendations for Isolated User Mode (IUM).

Reach Out to Microsoft Support

In most cases, one of the methods above should fix the high CPU usage problem associated with lsalso.exe. However, if you still encounter the problem even after performing these methods, then we highly recommend that you reach out to the Microsoft support team and explain the issue to them. In cases such as these, they can better assist you on how to move forward without damaging any components of your operating system. 

Another thing that you can try doing before reaching out to the Microsoft team is resetting your Windows to its default state and see if that fixes the problem. There might be a bug or a corruption error within the system causing the high CPU usage. If it is not resolved by performing the conventional troubleshooting methods, then resetting is a good way to go.

Your operating system will go back to its original, default state when you reset it. This is the state in which the PC was when it arrived. However, doing so will make you lose any personal data or installed applications that you might have on your system. 


Zainab Falak

Zainab Falak is a highly educated professional with a background in actuarial science and a strong passion for technology. Her expertise lies in the field of data analytics and she is a proficient programmer in languages such as Python and R. At Appuals, Zainab shares her extensive knowledge of Windows 8, 10, and 11, covering a broad range of topics related to these operating systems. Zainab's ability to effectively communicate technical concepts in a clear and concise manner has earned her recognition and respect in the tech community. She is committed to staying up-to-date with the latest developments in the field and providing readers with insightful and informative content.