Monday, June 8, 2015

What is Host Process Windows Service (SvcHost.exe)

The Host Process feature is used a lot in Windows, especially apparent when using Task Manager to view running processes. Here we unravel the mystery of this elusive program. Many Windows users will have come across the Host Process in their time with the system. It appears many times in Task Manager and any attempt to find out more about it from within Windows draws a blank.

Norton will certainly block the SVCHOST.exe nasty. To make sure(For your Satisfaction) you can do some background check on the svchost.exe processes that are running in your computer. To do that you can goto the Task Manager --> goto processes (tab) --> click on show process from all users --> Now you can see the svchost.exe processes --> right click one by one and then select goto service(s) --> This will provide you the insight about that svchost.exe process --> You can see what services are running under the hood (check the Description) --> So by doing this you can make sure nothing malicious is running under the name of svchost.exe. Otherwise you can use the command tasklist /SVC in the command prompt to get the background info.

What is Host Process Windows Service?

The first logical step in finding out about a Windows service is Microsoft. All they could say about it was "svchost.exe is a generic host process name for services that run from dynamic-link libraries."

Not the most informative description you will ever read, but a first step in the investigation. During the Windows XP days Microsoft decided to move away from using executable files (.exe) for everything in favor of Dynamic Link Library files (.dll). These files were centrally located resources that any application could use if they needed to. The idea was to have a pool of resources for everything to share rather than make each application have its own. This would save space, disk access, and improve security, as .dll’s could not be run on their own like executable files can be.

Basically, Svchost.exe is a process on your computer that hosts, or contains, other individual services that Windows uses to perform various functions. For example, Windows Defender uses a service that is hosted by a svchost.exe process.

There can be multiple instances of svchost.exe running on your computer, with each instance containing different services. One instance of svchost.exe might host a single service for a program, and another instance might host several services related to Windows. You can use Task Manager to view which services are running under each instance of svchost.exe.

High CPU Usages Problem with SvcHost.exe

For me this probably started about a couple weeks ago, though I cannot be sure.  I only noticed it because I run CPU temp software and noticed my CPU was getting pretty hot during just idle time.  Checking task manager, I come to find that svchost.exe is consistently using 30 to 50% CPU time, ALL THE TIME.  The Process ID is 1000.  Underneath this I find, among a lot of services, the Windows Update Service.  I stopped this service and suddenly everything is back to normal.  No more high CPU time.

I rebooted, and after everything loaded up, CPU usage is high again.  Once again, svchost.exe PID 1000, with Windows Update Service as the potential culprit.  I tried changing my settings for Windows Update to Never Check (which I know is not recommended), but it didn't make a difference.  Only when I disabled the Windows Update Service, did my computer finally stop trying to monopolize my CPU time through svchost.exe.

How to fix SvcHost.exe High CPU Usage Problem?

Not sure if this one will work for you as well. But I’m just sharing the information with you all here; hope this helps in your desperate times! 

Observations & Steps taken:

  1. Issue is caused by windows update service wuauserv. Found that out by giving it its own svchost process using sc config.
  2. CPU time is hogged (~10% almost constantly in my case) by wuauser thread addressing wuaueng.dll.
  3. Tried removing intel proset - same.
  4. Tried stopping wuauserv, deleting c:\windows\softwaredistribution folder, restarting the service - cpu usage goes to normal, but after some time the issue reoccurs.
  5. sfc /scannow doesn't find any issues with system files.
  6. System was scanned by several antivirus and antimalware products - clean.
  7. After hiding one optional update (nvidia display driver) and rechecking for update the CPU usage by this process went down to 0. Surprisingly, this solved the problem!

No comments:

Post a Comment