What Is LSAISO process? How to fix LSAISO process high CPU usage and what causes this problem? If you want to get answers, you can read this post, in which MiniTool gives you a detailed explanation and solutions.
LSAISO Process High CPU Usage
What Is LSAISO Process?
The LSAISO process is an isolated version of the Local Security Authority (LSA – or LSASS), which performs a number of security sensitive operations, the main one being the storage and management of user and system credentials like password hashes and Kerberos keys (hence the name – Credential Guard).
To protect these sensitive security data, the Credential Guard utilizes VSM (Virtual Secure Mode), which uses isolation modes that are known as Virtual Trust Levels (VTL) to protect IUM processes (also known as trustlets).
IUM processes such as LSAISO run in VTL1 while other processes run in VTL0. The memory pages of processes that run in VTL1 are protected from any malicious code that is running in VTL0.
In addition, the LSAISO trustlet that runs in VTL1 communicates through an RPC channel with the LSAISO process that is running in VTL0. The LSAISO secrets are encrypted before they are sent to LSASS, and the pages of LSAISO are protected from any malicious code that is running in VTL0.
Possible Cause of LSAISO Process High CPU Usage
Some users might be faced with the problem in which the LSAISO.exe (LSA Isolated) process experiences high CPU usage on a Windows 10 computer. The possible cause of this problem is some apps or drivers.
Some applications and drivers trying to load a DLL (Dynamic Link Library) into an IUM process, inject a thread, or deliver a user-mode APC may destabilize the entire system. This destabilization can trigger the high LSAISO CPU usage in Windows 10.
How to Fix LSAISO Process High CPU Usage Issue
1. Use the Process of Elimination
As mentioned above, some applications (such as antivirus programs) and driver will inject DLLs or queue APCs to the LSAISO process, which will cause the LSAISO process to experience high CPU usage.
In this situation, you need to disable applications and drivers until the CPU spike is mitigated. After you identify the software that is causing the problem, contact the vendor for a software update.
2. Check for Queued APCs
Step 1: Download the free Windows Debugging (WinDbg) tool, which is included in the Windows Driver Kit (WDK).
Step 2: Use Microsoft NotMyFault.exe tool to generate a kernel memory dump while the CPU spike appears.
- Press “Windows + R” keys simultaneously. Then, type “control system” in the Run dialog box and hit Enter to open the System applet in Control Panel. Then, select Advanced system settings.
- On the Advanced tab of the System Properties dialog box, select Settings in the Startup and Recovery.
- In the Startup and Recovery dialog box, select Kernel memory dump in the Write debugging information drop-down list.
- Make a note of the Dump File location for future use, and then click OK.
Step 3: Click the Start button, and then locate and click Windows Kits entry on the Start menu. Select WinDbg(x64/x86) to launch the tool.
Step 4: On the File menu, click Symbol File Path, and then add the address path (https://msdl.microsoft.com/download/symbols) for the Microsoft Symbol Server to the Symbol path field. Click OK.
Step 5: Click Open Crash Dump on the File menu. Then, browse to the location of the kernel dump file that you noted before, and select Open. Please check the date on the .dmp file to make sure it was newly created during this troubleshooting session.
Step 6: Type “!apc” in the Command window and hit Enter. Then, you’ll receive a similar output as shown below.
Step 7: Search the results for LsaIso.exe. If a driver named “<ProblemDriver>.sys” is listed under LsaIso.exe, as shown in the output above, please contact the vendor, and then refer to the recommended mitigation measures listed in this Microsoft document. If no drivers are listed under Lsaiso.exe, this means that the LSAISO process has no queued APCs.