What is a service host process (svchost.exe) and why are there so many processes running?

What is a service host process (svchost.exe) and why are there so many processes running?

If you’ve ever looked at the task manager, you’ve probably wondered why so many service host processes are running. You can’t kill them, and you certainly didn’t start with them, so what are they?

The service host process acts as a shell to load services from DLL files. Services are organized into related groups, and each group runs in a different instance of the service host process. This way the problems in one case will not affect the others. This process is an integral part of Windows and cannot be prevented from running.

This article is part of an ongoing series explaining the various processes found in Task Manager, including dwm.exe, ctfmon.exe, mDNSResponder.exe, conhost.exe, rundll32.exe, and Adobe_Updater.exe. Don’t know what these services are? Better start reading!

What is the service host process?

According to Microsoft, the answer is:

Svchost.exe is a common host process name for services that are running from dynamic link libraries.

But it doesn’t help us much. Some time ago, Microsoft started changing a lot of Windows functionality from relying on internal Windows services (which run from EXE files) to using DLL files instead. From a programming perspective, this makes the code more reusable and arguably easier to keep up with the latest developments. The problem is that DLL files cannot be run directly from Windows in the same way as running executable files. Instead, use the shell loaded from the executable to host these DLL services. Thus the service host process (svchost.exe) was born.

Why are there so many service host processes running?

Related: What is this process and why is it running on my computer?

on the control panel[サービス]If you have seen the section, you have noticed that Windows needs a lot of services. If all services are running in a single service host process, a single service failure can cause all Windows operating systems to crash. Instead they are separated.

Services are organized into more or less related logical groups, and a single service host instance is created to host each group. For example, a single service host process runs three firewall related services. For example, a separate service host process might run all UI related services. For example, in the image below, you can see that one service host process runs many related network services, while another service host process runs services related to remote procedure calls.

Is there anything I can do about all this information?

Related: Should I disable Windows Services to speed up my PC?

Honestly, not much. In the days of Windows XP (and earlier versions), computers had limited resources and operating systems were not so finely tuned that turning off unnecessary services was often recommended. It is not recommended to disable the service these days. Modern computers tend to have high-performance memory and processors. Furthermore, the way Windows services are handled (and what runs) has been simplified in recent versions, so removing a service you think you don’t need doesn’t have much of an impact.

However, if you notice that a particular instance of a service host (or a related service) is constantly causing issues like using too much CPU or RAM, you can check the specific service in question. At least you know where to start troubleshooting. There are several ways to find out exactly which services a particular instance of a service host is hosting. You can check things inside Task Manager or with a great third-party app called Process Explorer.

Check related services in Task Manager

If you are using Windows 8 or 10, the process is in the Task Manager[プロセス]The full name appears on the tab. If the process hosts multiple services, just expand the process to see those services. This makes it easy to determine which services belong to each instance of the service host process.

You can also right-click an individual service to stop the service, view it in the Services Control Panel application, or search online for information about the service.

If you’re using Windows 7, things are a little different. Windows 7 Task Manager did not group processes in the same way and did not show the names of the regular processes. It was only showing all instances of ‘svchost.exe’ that were running. I had to do a little research to determine which service is associated with a specific instance of “svchost.exe”.

Windows 7 Task Manager[プロセス]tab, right click on the selected “svchost.exe” process,[サービスに移動]Make an option.

This will bring up the Services tab and select all the services running in the svchost.exe process.

Windows 7 Task Manager with all services running

Then the Description column displays the full name of each service, so you can either disable them if you don’t want them to run, or troubleshoot what’s causing them problems.

Check related services using Process Explorer

Microsoft also offers some great advanced process processing tools as part of their Sysinternals suite. Simply download and launch Process Explorer. This is a portable app, so no installation is required. Process Explorer offers all kinds of advanced features. For more information, I highly recommend reading the Process Explorer Understanding Guide.

Related: What is a “mobile” app and why is it important?

However, for our purposes, Process Explorer groups related services under each instance of “svchost.exe”. They are listed by file name, but the full name also appears in the Description column. Also, hovering over any of the ‘svchost.exe’ processes will show all services associated with that process, even those that are not currently running.

Is this process a virus?

The process itself is an official Windows component. It is possible that the virus has replaced the actual service host with its own executable file, but this is highly unlikely. If you want to be sure, you can check the base file location of the process. In Task Manager, right-click on any service host process and select[ファイルの場所を開く]Make an option.

If the file is saved in the Windows\System32 folder, it is almost certainly not infected with a virus.

Related: What is the best antivirus for Windows 10 and 11? (Is Microsoft Defender good enough?)

However, if you want more peace of mind, you can always scan for viruses with your favorite virus scanner. Cane before falling!

#service #host #process #svchost.exe #processes #running

Leave a Comment

Your email address will not be published.