Excessive RAM/CPU by LSASS.EXE

[markstrelecki]

OK. I've noticed strange and unexplained activity on my install of the W8 Dev Preview x64 edition. And I trust y'all to help me get to the bottom of it.

I have noticed, on multiple occasions in the past three weeks of testing, unexplained CPU activity (5-7%) when the system SHOULD be idle, as well as excessive network activity on the order of 1.9Mb/sec uploads and 1.76Mb/sec downloads. Not abnormal, BUT I'M NOT DOWNLOADING ANYTHING.

LSASS.EXE is now consuming over 1,270,000KB of memory! That's 1.27GB, and it's been rising the whole time I've been monitoring it this evening.

RAM use for lsass.exe now stands at 1,295,000KB. All I can say is WOW! What the heck is doing this??

Other processes that are seeing activity are System and Svshost.

I really Win8 DevPre, as it seems more stable than W7SP1x64 (was getting F4 BSODs during idle times, like overnight). I ran W8DevPre for over fifteen days with no BSODs, then had to switch back to W7SP1x64 (because for the life of me I could not network the W8 box to a W7 system on the same LAN. Would never accept my user ID and password for the other system, and I tried it both ways, multiple times...) and I got the BSOD F4 within 24 hours. Go figure.

LSASS.EXE now at 1,354,000KB and still rising, LAN activity staying the same.

OK, I'll bite: WTF is this, man??

Can anyone shed any insight? Is this Windows Update in disguise? Are my files being hijacked or analyzed for any reason?

I've been beta testing Windows 95OSR2 thru WinXP and NEVER saw activity like this before.

I would heartily appreciate your feedback, as I certainly respect your technical experience and skillsets.

Thanks for any time you can provide.

Best wishes from Atlanta, GA. USA.

MARK STRELECKI

P.S. - lsass.exe RAM at 1,979,000KB and STILL going up.

[MagicAndre1981]

install the Assessment and Deployment Kit (ADK) and select the "Windows Performance Toolkit".

Go to C:\Program Files (x86)\Windows Kits\8.0\Windows Performance Toolkit, run WPRUI.exe, select under "more options" VAlloc Usage and Network IO Activity and click on Start. After tracing this for a while stop and save the trace. Compress the ETL + the corresponding NGENPDB folder as 7z and upload the 7z file.

[MagicAndre1981]

do you use the Windows Defender from Win8? Try to disable it and look if you still have the high CPU/mem usage

[SausageHack]

lsass.exe is the Local Security Authentication Server process, which handles user logons and whatnot. I'm suspicious that your failed attempts at connecting computers over the LAN might be affecting this (you mentioned that logins were failing). Perhaps LSASS is trying to connect over the LAN repeatedly, or is simply tripping over itself due to your specific configuration? Just my brainstorming.

[MagicAndre1981]

@markstrelecki

does it still happen in the Release Preview?