What is svchost.exe?


One of the most common questions about system processes is what is svchost.exe and why are there so many processes running? First appearing in Windows XP, svchost.exe hosts multiple services within one process.  This allows the operating system to save memory by reducing process overhead by cutting down on the number of processes that need to be running.
Every system service such as Windows Update, Event Log, Terminal Services, Audio Service, etc. runs within svchost.exe.  Depending on the access the services need, they are grouped together and are run in a number of processes which explains why you see so many in Task Manager running under different accounts such as System, Local Service and Network Service.
Identifying what services are running is different depending on the version of Windows you have.
Windows XP
In Windows XP at a command prompt run:
tasklist /svc
The tasklist utility will show you what processes are running under each svchost.exe process.
 
Windows Vista and Windows 7
Task manager in Windows Vista and Windows 7 has been enhanced so you can easily see what services are running inside a host process such as svchost.exe.
Click on the Start Button, type in taskmgr and hit Enter. When task manager loads, click on the Processes tab and click Show processes from all users to see all of the svchost.exe processes. Then, right click on a svchost.exe process and select Go to Service(s). You will be taken to the Services tab with all services running in that process highlighted.
All Versions of Windows
Microsoft Sysinternals has a great free utility called Process Explorer that is like a task manager on steroids.  It works on all versions of Windows and allows you to easily see services running inside of svchost.exe.  Download Process Explorer here.  Once you have it running right click on any process and select Properties. Then click on the Services tab and you will see all processes running inside the host process.

No comments:

Post a Comment