What Is LSAISO process? How to fix LSAISO process high CPU usage and what causes this problem? If you want to get answers, you can read this post, in which MiniTool gives you a detailed explanation and solutions.

LSAISO Process High CPU Usage

What Is LSAISO Process?

The LSAISO process is an isolated version of the Local Security Authority (LSA – or LSASS), which performs a number of security sensitive operations, the main one being the storage and management of user and system credentials like password hashes and Kerberos keys (hence the name – Credential Guard).

To protect these sensitive security data, the Credential Guard utilizes VSM (Virtual Secure Mode), which uses isolation modes that are known as Virtual Trust Levels (VTL) to protect IUM processes (also known as trustlets).

IUM processes such as LSAISO run in VTL1 while other processes run in VTL0. The memory pages of processes that run in VTL1 are protected from any malicious code that is running in VTL0.

In addition, the LSAISO trustlet that runs in VTL1 communicates through an RPC channel with the LSAISO process that is running in VTL0. The LSAISO secrets are encrypted before they are sent to LSASS, and the pages of LSAISO are protected from any malicious code that is running in VTL0.

How to Fix LSASS.EXE High CPU/Memory Usage Issue on Task Manager
How to Fix LSASS.EXE High CPU/Memory Usage Issue on Task Manager

This post introduces lsass.exe to you and shows you how to solve lsass.exe high CPU problem.

Read More

Possible Cause of LSAISO Process High CPU Usage

Some users might be faced with the problem in which the LSAISO.exe (LSA Isolated) process experiences high CPU usage on a Windows 10 computer. The possible cause of this problem is some apps or drivers.

Some applications and drivers trying to load a DLL (Dynamic Link Library) into an IUM process, inject a thread, or deliver a user-mode APC may destabilize the entire system. This destabilization can trigger the high LSAISO CPU usage in Windows 10.

How to Fix LSAISO Process High CPU Usage Issue

1. Use the Process of Elimination

As mentioned above, some applications (such as antivirus programs) and driver will inject DLLs or queue APCs to the LSAISO process, which will cause the LSAISO process to experience high CPU usage.

In this situation, you need to disable applications and drivers until the CPU spike is mitigated. After you identify the software that is causing the problem, contact the vendor for a software update.

2. Check for Queued APCs

Step 1: Download the free Windows Debugging (WinDbg) tool, which is included in the Windows Driver Kit (WDK).

Step 2: Use Microsoft NotMyFault.exe tool to generate a kernel memory dump while the CPU spike appears.

  • Press “Windows + R” keys simultaneously. Then, type “control system” in the Run dialog box and hit Enter to open the System applet in Control Panel. Then, select Advanced system settings.
  • On the Advanced tab of the System Properties dialog box, select Settings in the Startup and Recovery.
  • In the Startup and Recovery dialog box, select Kernel memory dump in the Write debugging information drop-down list.
  • Make a note of the Dump File location for future use, and then click OK.
Note: A complete memory dump is not recommended because it would require decryption if VSM is enabled on the system.

generate a kernel memory dump

Step 3: Click the Start button, and then locate and click Windows Kits entry on the Start menu. Select WinDbg(x64/x86) to launch the tool.

Step 4: On the File menu, click Symbol File Path, and then add the address path (https://msdl.microsoft.com/download/symbols) for the Microsoft Symbol Server to the Symbol path field. Click OK.

add Symbol File Path

Step 5: Click Open Crash Dump on the File menu. Then, browse to the location of the kernel dump file that you noted before, and select Open. Please check the date on the .dmp file to make sure it was newly created during this troubleshooting session.

Step 6: Type “!apc” in the Command window and hit Enter. Then, you’ll receive a similar output as shown below.

!apc command output

Step 7: Search the results for LsaIso.exe. If a driver named “<ProblemDriver>.sys” is listed under LsaIso.exe, as shown in the output above, please contact the vendor, and then refer to the recommended mitigation measures listed in this Microsoft document. If no drivers are listed under Lsaiso.exe, this means that the LSAISO process has no queued APCs.

Top 4 Fixes to Avast Service High CPU Usage Issue Easily
Top 4 Fixes to Avast Service High CPU Usage Issue Easily

If you are using the antivirus program Avast, you may encounter the Avast service high CPU usage issue. Don't worry. This article will show you solutions.

Read More
  • linkedin
  • reddit

About The Author

Linda
Linda

Position: Columnist

Linda has been working as an editor at MiniTool for 5 years. She is always curious about computer knowledge and learns it crazily. Her articles are simple and easy to understand. Even people who do not understand computer can gain something. By the way, her special focuses are disk management, data recovery and PDF editing.