If you use a Windows-based system, you may have opened your task manager to see a swarm of processes called “svchost” taking up a lot of room. It can be worrying to see so many copies of this process working away silently as you use your computer. What is this odd process, and should you try to prune them down to size yourself?
The short answer to this is a definite, strong “no!” Do not force any svchost process to stop! They’re vital for Windows to do its job properly. In order to understand why they’re so important, however, we need to break down what exactly svchost.exe does.
What Is svchost.exe?
Things make a little more sense when we break down what “svchost” means. It means “service host,” and it does exactly that – hosts Windows services. When Windows wants to run a service, it uses svchost to do so. To be more technical, any Windows process from a dynamic link library gets the honor of being called service host or svchost.
When you see multiple svchost.exe processes running at the same time, this simply means Windows is running multiple processes at once. There’s a lot going on within Windows, so it needs all those processes to keep itself running! While it’d be nice if every svchost had a different name, Windows keeps things simple with a single name.
Why Not Just One Process?
Having all these different processes can look untidy. Why doesn’t Windows just bundle all their processes under one svchost and call it a day?
The reason behind this decision is to prevent a crash from bringing all the services down. If you were running a factory, and you had the decision to put a human worker on each task or a central AI robot that handles every task, the humans would be more reliable.
The AI may be able to take on all the tasks at once, but if it breaks down, it takes out every job in the factory with it. If a single human worker is injured or ill, the other areas of the factory can still run as normal.
Windows uses the same idea with svchost. If Windows packed all of its services into one svchost process, the entire collection of services would collapse should a single one trip up. Windows has many services going on at once, so this would be catastrophic! You’d have far more crashes and likely BSoDs (blue screen of death). By having a separate process for each service, it protects the others from being disrupted should one fail.
One thing you will notice when viewing the svchost services is that they’re grouped by type. Each main service may run multiple sub-processes. When you expand one of the main instances, you’ll see any sub-processes listed as well.
What Processes Are Being Run?
If you’d like to take a look for yourself which processes run under svchost, you can do this by holding down Ctrl + Shift + ESC. Make sure you’re looking at the Advanced view by clicking “more details” at the bottom, if it’s there. Open the Processes tab (usually open by default). Then, sort the processes by name and scroll down to “Windows processes.” You’ll see all the processes called “Service Host” and what they’re all doing.
Select any of these to expand it to view everything that’s going on under that individual instance.
If you notice any of the svchost services freezing or using an unusually high amount of resources, don’t just immediately stop them. This can actually cause your computer to crash. Instead, try to troubleshoot first. Right-click on any service and select “Search online” to learn more about them first.
This is also good to do if you’re not sure if an instance is legitimate or malicious, which can happen (more on that in the next section). If you can’t find any helpful details, the best thing to do is to save your work, close everything, and restart your computer. Sometimes, things hang up and needs a reboot to reset and work correctly.
When Svchost Goes Bad
Unfortunately, svchost isn’t always as innocent as it first seems. Due to its importance to the Windows operating system, some virus developers aim to mimic svchost to disguise their programs as something you shouldn’t touch. Others may infect svchost to bury their processes within system-critical ones, so you can’t simply nuke the process.
First, if you notice your computer acting strangely, run an anti-malware or anti-virus scan immediately. Windows comes with Windows Defender if you don’t have anything else on hand. You can also manually check each process using the search online option to see if it’s a virus. This will hopefully find the problem and clean it up for you. Don’t try to manually “snipe” the malware yourself – this could cause a lot of problems!
Another way to check is to right-click a main instance of svchost or service host in Task Manager. Choose “Properties.” Select the “Details” tab. The copyright should say “Microsoft Corporation.” While this can be mimicked, many viruses don’t bother since users usually don’t check.
The Host with the Most
Svchost has a tendency to swarm your task manager. It can be worrying to see so many instances working away on your PC. It’s important that you let them do their job while running a good antivirus to protect them from being infected by malware. Also, if you’re using Windows Defender, learn how to make it better by enabling ransomware protection.
Are you intimidated by the amount of service hosts appearing in task manager? Do you think Microsoft could do a better job explaining what they are? Let us know below.