What is svchost.exe and Why is it Running?
When you open Task Manager, you might be wondering what svchost.exe is and why it’s running. Here’s what you need to know.
If you’re like me, you enjoy opening up Task Manager to review what applications are running and inspect other important details about your system. Here, you have likely noticed several instances of svchost.exe running. Like me, you may wonder what its function is or if it’s a virus, malware, or an application gone wrong.
The good news is, svchost.exe isn’t a virus or artificial intelligence taking over your computer. The bad news is, it’s mysterious and good at hiding exactly what it’s done — by design. That said, with a bit of digging, we can learn quite a bit about what exactly svchost.exe is doing on your computer.
First, let’s open up Windows Task Manager using the CTRL + ALT+ DEL menu or by pressing the shortcut CTRL + SHIFT + ESC. Either way, once your Task Manager is open, you will see several processes of svchost.exe running.
What is svchost.exe?
The Microsoft Support site defines it as “a generic host process name for services that run from dynamic-link libraries.” Right. So that’s pretty straightforward; anyone could understand that, okay, let’s translate.
A “dynamic-link library” also known as a .dll file, is just a big block of programming code. There are many neat tricks that developers can do with these files to make things run faster and take up less space. The problem is that a .dll file can’t run standalone. You need a .exe or “executable” file to load the .dll and its code.
Now that we know what a DLL file is, it should be easier to understand why svchost is called a “generic host.” All it does is load DLL files so they can run and execute system applications. So it’s nothing to worry about, right? Well, there is the possibility that you could download a virus that could make your innocent svchost load up some DLLs from the dark side. Keeping your computer updated with all of the Microsoft Security Updates and running an anti-virus app should minimize the chance of this.
Okay, great, so it’s just a host for even more processes! Now I’m even more curious and want to know what is being run by svchost.exe., so how do I check this? There are two easy ways to keep tabs on svchost.exe. The first is the command line.
How to find out what processes are running on your computer using the command line
1. Click the Start Menu and then click Run. In the Run window that displays, type in cmd and press OK.
2. In the Command Window, type tasklist /SVC, and then press ENTER. Now you’ll be able to see all of the listed dynamic libraries that svchost.exe is running.
How to find which processes are running under svchost.exe using Process Explorer
The problem with the command line is it just brings up even more weird-looking processes that appear as mysterious as svchost itself. So here is where we need to download a program from Microsoft called Process Explorer.
Process Explorer is a fantastic application written by Microsoft to help you understand the nuts and bolts of Microsoft Windows. Once you have it running, you can highlight individual processes and see what each process is doing. The tool has been around since Windows XP and continues to be supported and updated for Windows 10.
Launch Process Explorer and take a look at the svchost.exe on my system.
Once opened, hover over a process like svchost.exe for details about it.
If you want even more details, right-click svchost.exe and click Properties, then select the Services tab.
Alright, everything is looking good; now we know what svchost.exe is and how to decipher all of the services that it’s running. After playing around with this, you’ll notice that some of the svchost processes aren’t running as many services as others. And wait, why are there so many svchost.exe processes running simultaneously?
Each svchost.exe process runs services based on logical service groups. For example, one may be running network services while another might be handling device drivers. Having these services run on separate hosts is a neat feature because if one dies, it won’t take down your entire system all at once.
14 Comments
Leave a Reply
Leave a Reply
Moyej
January 22, 2010 at 9:14 am
Hai..
This is a great article. It’s helpful for me … At the first time i thought it’s a virus .. Now i understand what is it….
Thanks
Melissa
January 22, 2012 at 4:31 pm
Actually there is a virus or malware that will take the name of this program and name itself that
aashika
September 13, 2010 at 3:30 am
That was a total information!I kept wondering if svchost.exe that run as multiple processes were viruses.At one point,I even formatted my PC to check if those ‘viruses’ were cleaned.Funny,I now get it.
MrGroove
September 13, 2010 at 9:43 am
Good and bad news ehh? :)
Glad the article helped you out and welcome to groovyPost! Hope to see you around in the comments!
JennyN
September 19, 2010 at 7:53 am
I have only recently started receiving your emails and I have to thank you for such helpful tips and information, including the above.
Thanks again
MrGroove
September 19, 2010 at 8:21 am
Hi Jenny! Welcome to groovyPost and thank you for the feedback. I work hard to keep the site regularly updated with tips and tricks. I appreciate the feedback.
See you around in the comments!
Valerie L Long
October 6, 2010 at 6:47 am
THANK YOU SO MUCH for the article. Downloaded process explorer and finally have a handle on what is there. Now if I could just figure out why some of them eat up my processor :)
Jay
May 16, 2011 at 4:00 pm
i looked at this and looks great except i have no services tab when i look at the properties and have no way of looking at what programs it is running, i dont know what is wrong
MrGroove
May 16, 2011 at 9:41 pm
Hi Jay – What version of Windows are you running?
Quintus
February 13, 2012 at 4:50 am
Your tabs are hidden. To make the visible again double click on the white bar in your taskmanager.
I had this problem for half a year and it was so annoying, yet the solution was so simple.
Terry
September 5, 2011 at 5:37 am
Excellent, Excellent, Excellent!!!
Thanks for the info. I am finding things that I wondered how they could contine to load and hog the CPU an dmemory
njb
December 19, 2012 at 7:30 pm
Thanks Alot..! Realy Such a nice article..!!
Tristan O
September 23, 2013 at 9:11 pm
Seriously informative and easy to follow article but…. Any helpful tips as to how I could recognize an invasive svchost.exe and it’s little dll(s)?
‘Knowing is half the prattle.’
Dnaner
October 22, 2016 at 4:02 pm
I too really appreciate your lesson. Could you tell me what a Com Surrogate is? and why so many search indexers run at the same time in task mgr? Is it safe to assume secondary logon is other people logging on or what woukd that be?
Thank You for Your Time and Considerations. Sincerely, ds