Whenever you come across the famous Task Manager in your Windows, you usually wonder why there are so many processes running that you never started neither can you delete them like a process like svchost.exe. They are not random but totally explainable.
The identity question
If you look it up on Microsoft, you will find the explanation: “svchost.exe is a generic host process name for services that run from dynamic-link libraries”. That is totally alien language to most of us, normal users.
For programmers it will be easier to understand that when Microsoft started transferred functionality into .dll files rather than .exe files the scope of reusability was assisted. It was to move the files from internal windows services. But .dll files cannot be directly started from Windows hence running .exe is still needed to load .dll up from. Svchost.exe process plays this function.
One wasn’t enough
Windows need a lot of services for proper functioning; you can check it in Control Panel in the Services section. Running all these under only one svchost.exe will cause the entire Windows to crash if any fatal error occurred in one of the services. That is why you see more than one of svchost.exe processes. One was definitely not enough!
Your Task Manager is not swarming with svchost.exe processes for each of the multitudes of services because they are sorted into groups of related services and then one process serves each group. For instance, one svchost.exe serves all related services of user interface etc.
What can you do?
It is possible to cut the services that are not needed by stopping them. Or you can restart the services that show higher CPU usage on any svchost.exe process.
To target such services, you first need the information: what services are being served by a particular.exe process. It’s simple. Open the Task Manager and check “Show processes from all users” box:
Checking From the Command Line (For Windows Vista or XP Pro)
Command Prompt lets you know what services come under a specific svchost.exe process. Use the tasklist command to see the list:
You will see the list but the problem arises when we don’t understand what the code-like names given, mean.
Checking in Task Manager in Vista
It is plainly simple. Just right-click on the svchost.exe process you wish to check and select “Go to Service”.
This will lead you to the tab labeled ‘Services’, the highlighted or selected ones are those running under that svchost.exe process:
The advantage of checking it this way is you will also find out the exact name of those services in the Description column so. Now that you know them, you can end them if you wish.
Using Process Explorer in Vista or XP
A much shorter way is to use Process Explorer from Microsoft/Sysinternals. Just bring the cursor over any particular svchost.exe process and small pop up window will show you the list of related services:
Alternatively, you can directly stop any services by double-clicking on a svchost.exe process, going to the Services tab and selecting those services to stop.
To end services directly, go to Services from Control Panel under the Administrative tools or simply go to Start menu and type services.msc into the search area.
In the list given, double-click on the service or right-click to select Properties.
First disable the Startup Type followed by clicking the Stop button and it will stop immediately.
You can also disable any service from command prompt. For the above image, the part “trkwks” in the command is the Service name which is also found in the tasklist command.
sc config trkwks start= disabled
Processes Running in Windows 7