Svchost.exe is NOT a malware
That’s usually the first worry when you can’t decipher what it’s all about. But it is definitely not a virus, though sometimes malware try to cloak themselves as one and attack a machine. Svchost.exe is a Microsoft Service Host Process. Microsoft says it is a generic host process name for services that run from dynamic-link libraries. In simpler words, svchost.exe is a system file that enables Windows to launch other programs. Many of Windows processes are run via DLL (Dynamic Linked Library) files. But DLLs cannot start and run on their own. The Windows operating system needs an executable program that can act as a bridge to launch these DLLs. The svchost.exe file is that ‘bridge’ To handle all the different DLL run processes svchost.exe creates multiple instances of itself. Thus, Windows resources are better utilized as a number of DLL services run as a group under a single svchost file.
But Why Do We See So Many of Them?
It is quite logical actually considering that svchost.exe is such a critical component of Windows. If every process ran under one svchost.exe, a failure might lead to a system wide crash. So, every service is separated out with a logical instance of svchost.exe running it. Each instance of svchost.exe is a ‘host’ for the DLLs that are running the different services on Windows. For e.g. one svchost.exe process might be running network services, another could be handling your desktop themes.
Identifying the Processes
Which services are running under which particular svchost.exe process is useful if you are looking for some peace of mind and also to optimize your system resources by disabling the ones that aren’t needed. There are two easy ways to identify svchost processes.
- Use the command line: Open the Run box from Start and type in CMD to bring up the command terminal. Type in tasklist /SVC at the prompt. You can see all the dynamic libraries that svchost.exe is running. The problem with this method is that the processes still aren’t in plain, easily understandable English. For that let’s turn to the second method.
- Using Process Explorer: Process Explorer is a nice little utility that you can run straight from the ZIP file. Run the standalone program and then you can highlight individual processes and see exactly what each process is doing. You can mouse-over each process to look into the details. We hope this article has managed to demystify the svchost.exe process and helped you have a better grasp of it. If you want to add information and share things you know about svchost.exe process in Windows, you are welcome to jump in with your ideas in the comments.