What is svchost.exe which is it Safe or possibly it a Virus?


The Service Host process serves as a shell for loading services from DLL files. Services are organized into related groups and each group is run in the different type of the Service Host Process. That way, a difficulty in svchost and one instance doesn’t affect other instances. This process is a vital a part of Windows that you simply cannot prevent from running.


If you’ve ever browsed through Task Manager, you might have wondered why there are many Service Host processes running. You can’t kill them, so you sure didn’t start them. So, what exactly are they?

So What Is the Service Host Process?
Here’s the result, based on Microsoft:

Svchost.exe is often a generic host process reputation for services that run from dynamic-link libraries.

But that doesn’t really help us much. Some time ago, Microsoft started changing high of the Windows functionality from depending on internal Windows services (which ran from EXE files) to using DLL files instead. From a programming perspective, this makes code more reusable and arguably simpler to maintain thus far. The problem is that you just can’t launch a DLL file directly from Windows the same way you are able to an executable file. Instead, a shell that is loaded coming from a executable file is used to host these DLL services. And so the Service Host process (svchost.exe) was created.

Why Are There So Many Service Host Processes Running?

If you’ve ever located the Services section in Control Panel, you’ve probably pointed out that Windows takes a lots of services. If each and every service ran with a one Service Host process, a failure in a service could decrease all of Windows. Instead, they’re separated out.

Services are organized into logical groups which can be all somewhat related, after which an individual Service Host instance is done to host each group. For example, one Service Host process runs a few services in connection with the firewall. Another Service Host process might run each of the services related to an individual interface, and the like. In the image below, as an example, it is possible to see that one Service Host process runs several related network services, while another runs services linked to remote procedure calls.

Is There Anything For Me To Do With All This Information?

Honestly, not only a lot. In the days of Windows XP (and previous versions), when PCs had considerably more limited resources and systems weren’t quite as fine-tuned, stopping Windows from running unnecessary services was often recommended. These days, we don’t recommend disabling services anymore. Modern PCs usually are full of memory and high-powered processors. Add that to the fact that just how Windows services are handled in modern versions (and what services run) continues to be streamlined, and eliminating services you think you don’t need really doesn’t have much of an impact any longer.

That said, if you see a particular demonstration of Service Host—or a connected service—is causing trouble, like continual excessive CPU or RAM usage, you might check into the specific services that are involved. That might at least provide you with a solid idea of the place to start troubleshooting. There are a few methods to begin seeing just what services are being hosted by a particular type of Service Host. You can check high on things within Task Manager or by using a great third-party app named Process Explorer.

Check Related Services in Task Manager
If you’re using Windows 8 or 10, processes are shown for the “Processes” tab of Task Manager by their full names. If a process serves as a host for multiple services, you can see those services by just expanding the procedure. This makes it super easy to distinguish which services fit in with each type of the Service Host process.

You can right-click anyone want to stop the service, visualize it in the “Services” Control Panel app, as well as search online for information about the service.

If you’re using Windows 7, situations are a little different. The Windows 7 Task Manager didn’t group processes exactly the same way, nor made it happen show regular process names—it only showed all of the cases of “svchost.exe” running. You had to discover somewhat to determine the services in connection with any particular instance of “svchost.exe.”

On the “Processes” tab of Task Manager in Windows 7, right-click on the particular “svchost.exe” process, after which choose the “Go to Service” option.

This will flip you over to the “Services” tab, the location where the services running under that “svchost.exe” process are selected.

You may then see the complete name of each and every service in the “Description” column, so you can tend to disable the service should you don’t need it running or troubleshoot why it’s providing you problems.

Check Related Services Using Process Explorer
Microsoft also offers an excellent advanced tool for working together with processes as a part of its Sysinternals lineup. Just download Process Explorer and run it—it’s a transportable app, so you should not install it. Process Explorer provides a myriad of advanced features—and we highly recommend reading our self-help guide to understanding Process Explorer to find out more.

For our purposes here, though, Process Explorer groups related services under each demonstration of “svchost.exe.” They’re listed by their file names, however their full names will also be shown inside the “Description” column. You can also hover your mouse pointer over any of the “svchost.exe” processes to visit a popup with every one of the services in connection with that process—even the ones that aren’t currently running.

Could this Process Be a Virus?
The process itself is the official Windows component. While it’s possible a virus has replaced the genuine Service Host having an executable of its own, it’s impossible. If you’d want to be sure, it is possible to check out the underlying file location of the process. In Task Manager, right-click any Service Host process and pick the “Open File Location” option.


Leave a Reply

Your email address will not be published. Required fields are marked *