SVCHOST.EXE is one of those mysterious processes that constantly runs in Windows and is utterly essential, yet you never know exactly what it is doing. So what is SVCHOST.EXE? Identifying the actual services and programs that are running inside each SVCHOST.EXE process is a task well worth knowing, especially when the process eats up 99 or 100 percent of your CPU!
So before we dive into solutions, let’s get a deeper understanding of what this process actually does and how you can go about fixing some of the problems that might occur. Firstly, svchost stands for “Service Host” and it does exactly what as the name suggest: helps to “host” services. A service in Windows is simply a program in the operating system that does a particular job and runs in the background at all times when your computer is on, even if you are not logged in.
Most programs that you are familiar with run as a stand-alone executable, such .EXE. However, most services are implemented in the form of DLLs, which cannot run on their own. Hence, svchost loads those DLLs and runs them itself. That’s why when you open the Windows Task Manager, you’ll see a bunch of svchost.exe processes running. If you want more info on the Task Manger, check out my articles on understanding the Task Manager.
You’ll notice that there are currently eight svchost processes running on my computer, all using up various amounts of memory and running under different user names. So let’s say one of them is running at an excessively high CPU usage of 100 percent, how can we identify the actual application running?
There are actually two ways to go about this: doing it all manually using the command prompt and Services tool or by using a third party application. I’m going to mention both here in case one does not work for you.
Identify svchost.exe Processes via Command Prompt (hard way)
1. First, go ahead and click on Start and then Run and type in CMD and click OK. In Windows 8.1, go ahead and right-click on the Start button and choose Run.
2. Type in the following into the command window and press Enter
tasklist /svc /fi “imagename eq svchost.exe
You should get an output as shown below with the name, PID, and service description
You’ll now see each svchost process along with it’s unique ID number and the services it is responsible for running. However, these names are still very cryptic and are all short-hand names. In order to get some more useful information about the process, we can use the Services browser in Windows.
3. Right-click on My Computer, choose Manage. On the resulting screen, choose Computer Management and then choose Services and Applications. Finally, choose Services.
4. Now try to match the cryptic Windows service name with the easily readable names in the Services tab. This is a little and can take some time because if you take the process with ID 1436 and it’s name WudfSvc, you have to try to find it in the list. If you double-click on one the service names, you’ll see their cryptic name also, so that’s how you can match them up. In my case, I guessed that the W means the process starts with “Windows” and opened them until I saw a match.
As you can see, the Windows Driver Foundation service is actually called wudfsvc for short!
Identify svchost.exe Processes via Process Explorer (easy way)
If you found to be too difficult, there is a much easier way! Check out the Process Explorer tool from Microsoft (originally from SysInternals). The tool is completely free and gives you detailed information for each process currently running.
Once you download it, just run the exe file as it does not have to be installed. Hover your mouse over the svchost process and you’ll get a popup showing you which services are running under that process. The nice thing about process explorer is that it gets you the friendly name for each process instead of the short name.