If you are using a Windows based system, you may have opened your task manager to see a swarm of processes called “svchost” taking up a lot of space. It can be worrying to see so many copies of this process running silently while you are using your computer. What is this weird process and should you try trimming them yourself?
The short answer to this question is a strong and emphatic “no”! Do not force any svchost process to stop! They are vital for Windows to do its job properly. However, to understand why they are so important, we need to explain what exactly svchost.exe does.
What is svchost.exe?
Things make a little more sense when we break down what “svchost” means. It means “service host,” and that’s exactly what it does – hosts Windows services. When Windows wants to run a service, it uses svchost to do so. To be more technical, any Windows process from a dynamic link library has the honor of being called a service host or svchost.
When you see multiple svchost.exe processes running at the same time, it just means that Windows is running multiple processes at the same time. There is a lot going on in Windows, so it needs all of these processes to keep running! While it would be nice if each svchost had a different name, Windows keeps it simple with just one name.
Why not just one process?
Having all of these different processes can seem messy. Why doesn’t Windows bundle all its processes under one svchost and call it per day?
The reason for this decision is to prevent a crash from causing all services to stop. If you were running a factory and had the decision to put a human worker on every task or a central AI robot that handles every task, humans would be more reliable.
The AI may be able to take on all the tasks at once, but if it goes down, it wipes out all the factory jobs with it. If only one human worker is injured or ill, other areas of the plant can still function normally.
Windows uses the same idea with svchost. If Windows were to bundle all of its services into one svchost process, the entire service collection would collapse if just one were to jump. Windows has many services at the same time, so that would be catastrophic! You would have a lot more crashes and probably BSoD (blue screen of death). By having a separate process for each service, it protects the others from disruption if one fails.
One thing you will notice when viewing svchost services is that they are grouped by type. Each main service can run multiple sub-processes. When you expand one of the primary instances, you’ll also see all of the sub-processes listed.
What processes are running?
If you want to see for yourself which processes are running under svchost, you can do so by holding Ctrl + Offset + ESC. Make sure you are looking at the advanced view by clicking “more details” at the bottom, if it’s there. Open the Processes tab (usually open by default). Then sort the processes by name and scroll down to “Windows Processes”. You will see all the processes called “Service Host” and what they all do.
Select one of these to expand it and see everything that is happening under that individual instance.
If you notice that any of the svchost services are crashing or using an unusually high amount of resources, do not stop them immediately. It may cause your computer to crash. Instead, try to resolve the problem first. Right click on any service and select “Search Online” to learn more about them.
It’s also a good thing to do if you’re not sure whether an instance is legitimate or malicious, which can happen (more on this in the next section). If you can’t find any useful details, the best thing to do is save your work, close everything, and restart your computer. Sometimes things get stuck and require a reboot to reset and work properly.
When Svchost is bad
Unfortunately, svchost is not always as innocent as it looks. Due to its importance to the Windows operating system, some virus developers aim to mimic svchost to disguise their programs as something you shouldn’t touch. Others can infect svchost to bury their processes in critical system processes, so you can’t just destroy the process.
First of all, if you notice that your computer is acting in a strange way, immediately run an anti-malware or virus scan. Windows comes with Windows Defender if you don’t have anything else on hand. You can also manually check each process using the online search option to see if it is a virus. We hope this will find the problem and fix it for you. Do not try to manually “snip” the malware yourself – this could cause a lot of problems!
Another way to check is to right click on a primary svchost or service host instance in Task Manager. Choose “Properties”. Select the “Details” tab. The copyright must read “Microsoft Corporation”. While it can be imitated, many viruses don’t bother because users usually don’t check.
The host with the most
Svchost tends to invade your task manager. It can be worrying to see so many instances running on your PC. It is important that you let them do their job while running a good antivirus to protect them from malware infection. Plus, if you’re using Windows Defender, find out how to improve it by enabling ransomware protection.
Are you intimidated by the number of Service Hosts appearing in Task Manager? Do you think Microsoft could do a better job explaining what they are? Let us know below.
Is this article useful?