Cng key isolation

The CNG (Cryptographic Next Generation) Key Isolation service provides key process isolation to private keys and a number of associated cryptographic operations as required by the Common Criteria. The default path khổng lồ the executable associated with the CNG Key Isolation service is C: windows system32 lsass.exe cộ.

Bạn đang xem: Cng key isolation

CNG Key Isolation Explained

The CNG key isolation service runs as a LocalSystem in a shared process (hosted in the LSA process). The service stores long-lived keys lớn authenticate users in the Winlogon service. For example, the CNG Key Isolation service will store a wireless network key or the required cryptographic information for a smart thẻ. All operations performed by the CNG Key Isolation service are performed by following the Common Criteria requirements.

In the sự kiện that the CNG Key Isolation service fails khổng lồ load or initialize, the behavior is recorded in the Event Log. Most of the time, the service fails khổng lồ start because the Remote Procedure gọi (RPC) service is forcibly stopped or disabled. If the CNG Key Isolation service is stopped, the Extensible Authentication Protocol (EAP) will fail khổng lồ start and initialize at startup.

As you’ll come to see below, the CNG key isolation service shares an executable (lsass.exe) with several other services.

What is Lsass.exe?

LSASS stands for Local Security Authority Subsystem Service. The genuine lsass.exe is a legitimate software component part of the Windows environment. The executable is regarded as a core system local authority process that is built inlớn Windows. The mặc định location os lsass.exe is in C: Windows System 32.

The Lass.exe process handles four main authentication services in Windows:

KeyIso (CNG Key Isolation) – The most important authentication service hosted in the LSA process. It provides key process isolation lớn private keys và associated cryptographic operations.EFS (Encrypting File System) – A core file encryption technology mainly used lớn store encrypted files on NTFS file system volumes. Stopping this service will prevent your system from accessing encrypted files.SamSS (Security Accounts Manager) – The main purpose of this service is khổng lồ act as a beanhỏ and signal other services when the Security Account Manager (SAM) is ready to receive sầu requests. Stopping this service will prevent other services relying on the Security Account Manager from being notified. This will create a snowball effect that will cause a lot of dependent services khổng lồ fail or start incorrectly.Local IPSEC Policy – Manages và starts the ISAKMP/Oakley (IKE) & various IP security drivers in Windows Server.

Xem thêm: Lợi Ích Của Vật Liệu Eva Là Gì ? Và Ứng Dụng Của Eva Mút Xốp Eva Là Gì

Potential Security Risk with lsass.exe

Some Windows users find that the Lsass executable consumes a lot of system resources and suspect lsass.exe of being a vi khuẩn or another type of malware. While this certainly possible, the chances are of this happening are slyên ổn.

However, there is a known copy-cát virut that has been known khổng lồ infect systems by camouflaging into lớn the Lsass executable. The process is similar, but not identical lớn the genuine Local Security Authority Subsystem Service. The malitious process is named isass.exe, as opposed khổng lồ the legitimate process that is named lsass.exe. If you find that the process starts with a capital I instead of a lower case L, your system is probably infected.

You can confirm this theory by checking the location of lsass.exe cộ. Generally, if the Lsass executable is located in C: Windows System 32, you can safely assume that it’s the legitimate Local Security Authority Subsystem Service. To vị this open Task Manager (Ctrl + Shift + Esc) and scroll down in the Processes list to lớn Local Security Authority Process. Right-click on it and choose Open tệp tin location. If the process is not located in System 32, you can be sure that you’re dealing with a malware infection.


The “Isass.exe” is a trojan virut with keylogging properties known the Sasser worm family. Its main purpose is khổng lồ quietly harvest data from your system. By registering every keystroke you type, the virus is configured lớn go after trương mục usernames, passwords, credit thẻ numbers and any other sensitive data that is ultimately used for an illegitimate financial gain.

The vi khuẩn has been around for several years & Microsoft has already taken measures against it. If you find that you’re infected, you can use the Microsoft Malware Removal tool to lớn remove any traces of the Sasser worm. After months of infecting countless Windows 7 and XPhường users, Microsoft has patched the vulnerability that allowed the vi khuẩn to lớn infect Windows machines. As of now, it’s no longer possible to lớn get infected with the Sasser worm if you have sầu the lachạy thử Windows security updates.

Should I disable the CNG key isolation service?

No. The CNG key isolation service is a critical system process needed lớn store cryptographic information securely. Under no circumstances should the legitimate CNG Key Isolation (KeyISO) Service should be permanently disabled.

Ending the lsass.exe process in Task Manager will also stop the CNG key isolation service. But keep in mind that this might cause your system lớn shut down forcibly. Since it controls the most important part of the log on security, the CNG key isolation is an essential function of Windows.

However, if you suspect that the CNG key isolation service is not functioning properly or is causing problems with your system, you can try to restart the service. To vì this, open a Run window (Windows key + R) và type services.msc. Then, hit Enter lớn open the Services window.


In the Services window, scroll down to the CNG Key Isolation service. Right-cliông xã on the service and then choose Restart lớn force a reinitiation.

Xem thêm: Mangago - Manga Clash Codes (March 2021)


Note: Keep in mind that depending if the CNG Key Isolation service is currently in use, you might encounter an unexpected system reboot. Do not restart this service unless you have legitimate reasons for doing so.

Chuyên mục: Công Nghệ