When using Windows operating systems it is normal that we see various types of services that are being executed in the background in the system and although the purpose of the services is to allow the operating system applications and parameters to work in the best way there are some services that consume resources and are not necessary ..
One of the services that we listen to or visualize frequently is the svchost service and many times we can think that it is a virus or something but really its role is essential in the tasks of Windows.
Today TechnoWikis will teach some methods to visualize the list of services covered by svchost and thus understand a little better the impact of this on the system..
What is svchost.exe
The svchost.exe service (Host of the service) is a process that is responsible for executing multiple DLLs (Libraries) within the Windows operating system, and in itself, the service does not have the ability to perform actions individually so which requires an executable to fulfill its function.
It is normal for the svchost process to have multiple processes running such as:
- Service host: DHCP client.
- Service host: Local service (without impersonation).
- Service host: Windows backups.
- Service host: Unistack Service Group.
- Service host: IIS application host auxiliary application service.
- Service host: SSDP detection.
- Service host: Local service (without network).
- Service host: Remote procedure call.
- Service host: Shell hardware detection.
- Service host: DCOM server process initiator.
At this point a question arises and it is, Why so many svchost processes? The reason is simple but fundamental, since they are elements that allow the correct operation of the operating system, if svchost were only a process and the whole system failed It would collapse with execution errors, sudden shutdowns, unscheduled restarts, and all this would affect the operation of both the system and our daily tasks.
Now, we must pay close attention since there is a virus called Scvhost.exe which at first glance gives us the impression of being the Windows Service Host, but note that the real process is svchots.exe but not scvhost.exe..
1. View the svchost processes from the Windows 10 Task Manager
Step 1
The first method to use to access this list is from the task manager that we can access in various ways such as:
Task Manager
Step 3
In the displayed window we go to the "Processes" tab and there we go to the "Windows Processes" section and there we will see the complete list of the svchost or Host processes of the service:
Step 2
There we can see details of each process, as well as the resources, which are minimal, which makes the hardware of the equipment. If we need to obtain detailed information of a particular service, we can right click on the service and select the “Go to details†option:
Step 3
The following window will be displayed. We can see a summary of each service, as well as its PID, state, name, consumption and general description.
By default, when we right-click on a service to see its details, it will be selected in the Details window, for example, we have right-clicked on the service called “Service host: Local service (restricted network)†and this has Selected the service with the PID 2724, this is ideal for administrative and support purposes.
2. Get the list of svchost.exe processes in Windows 10
For some reason of control we can have these services in an editable way, this is achieved thanks to the symbol of the Windows system which we find in any edition.
Step 1
For this, we will access the command prompt using the following keys and executing the
cmd command and in the console we will use the following line:
+ R
tasklist / svc | find "svchost.exe"
Step 2
The result will be as follows:
Step 3
There we will see the complete list with PID and name of each process. This result can be generated in a text file by running the following line:
tasklist / svc | find "svchost.exe"> c: \ svchost.txt
Step 4
This will generate the txt file with the respective svchost.exe services active in the system:
3. Get svchost.exe services using the Process Explorer in Windows 10
The Process Explorer is a utility developed by Microsoft to fully access all active or background processes of the operating system.
In the upper window of the utility a list of currently active processes will be displayed, including the names of the proprietary accounts, while the information displayed in the lower window depends on the way in which Process Explorer is configured: if it is In control mode we will see the summary of the process selected in the upper window and if Process Explorer is in DLL mode, we will see the DLLs and the mapped files as the process has been loaded.
We can download it for free at the following link:
Process explorer
With these methods we will obtain this detailed and complete information knowing that svchost.exe is a Windows process.