Svchost.exe: Friend or Foe?

If you take a look at the list of processes running in your computer you may come across something called svchost.exe. Finding a large number of these processes is likely to cause concern as you would have no recollection of installing any program that could be associated to svchost.exe. Your first thought may be that your PC is affected by a virus and seeing so many of these processes would only increase your worries.

Things get worse when you try to get rid of them as they continue appearing and seem to be undefeatable. It is like they have the capacity to survive any attack and even when it looks like they are gone, they eventually find a way to come back to haunt you. Before you panic, let us reassure you that svchost.exe is not necessarily the nightmare that it appears to be. We will reveal what is behind these processes, so you can understand better what you are dealing with.

What is svchost?

Svchost stands for Service Host, which is a crucial Windows component. Svchost.exe contains groups of Windows services that are in charge of specific tasks. The Windows services within the same svchost.exe are related and the idea behind putting them together is to reduce the risk of one single service affecting the entire system in case it freezes.

While some viruses could be disguised as a svchost process, you can recognize them easily. An authentic Service Host process would be located in C:\Windows\System32. These processes are harmless and moreover, they are crucial to ensure that your computer works without issues. On the other hand, if the svchost.exe file is located in any other folder, it is malware. Here is how you can check the location of processes.

1. Windows 8 and 8.1 users can open the Task Manager and click the Details tab, then select the Name column to see the processes sorted by name.
2. Right click on each svchost.exe process and select Open File Location.
3. Scan your computer for viruses if you find any process that is located outside C:\Windows\System32 and remove it.

The good side of svchost.exe

In order to understand and appreciate the job that Windows processes do, it is important to find out what each svchot.exe refers to. You can also see which svchost.exe process is using up more CPU cycles, which will help you to decide if it should be removed or disabled.  This is what you can do:

1. Right click the Taskbar at the bottom of the screen or press Ctrl + Shift + Esc to open Windows Task Manager.
2. Click the Details tab and scroll down to the svchost.exe processes. Right click on one of them and select Go to service(s).

A list of relevant services contained in the svchost.exe will be displayed and while you can see more details about each service in the Description tab, some of the names may not be easy to understand. For example DComLaunch and System Events Broker are not exactly self-explanatory, but you can right click the service that you are unsure about and select Search online. This will help you to find the information needed to determine which service can be stopped safely.

Windows Command

Using Windows Command line lets you see all the services assigned to a particular svchost.exe process. Although it is not a requirement to manage svchosts, this command is a practical option and you can access it easily following the below steps:

1. Press the Windows logo key + x + a, this will open a command prompt with Administrator privileges.
2. Then you will need to enter this command:

tasklist/SVC/FO TABLE/FI "IMAGENAME eg svchost.exe

3. This command will display all the services related to each svchost.exe process. The column in the middle will show the PID (Process Identifier), which is the identification assigned to each svchost.exe process. You can recognize and organize all services in the Task Manager using their PID number.

Another useful command that you can use to disable services launched by svchost.exe is net stop. You can simply add net stop, followed by the name of the service you want to disable. Let’s say that you want to stop Fax, then the command would look like this: C:\Users\your user name> net stop Fax. You can undo this by using net start instead, but before disabling any service, make sure that it is not essential for the optimal performance of your system.

Now that you know that as long as svchost.exe is not located outside C:\Windows\System32, it is not a virus and that it is actually an important part of your system, you can relax and carry on with your work while the Windows processes complete their tasks in the background.

Leave a Reply