How-To What is svchost.exe and is it Safe or is it a Virus? By

If you’re like me, you enjoy opening up Task Manager to review what applications are running as well as inspecting other important details about your system. Here, you have likely noticed several instances of svchost.exe running. Like me, you may wonder what it’s function is or, if it’s a virus, malware or an application gone wrong.

The good news is, svchost.exe isn’t a virus or artificial intelligence taking over your computer. The bad news is, it’s mysterious and good at hiding exactly what it’s done — by design. That said, with a bit of digging, we can learn quite a bit about what exactly svchost.exe is doing on your computer.

First, let’s open up Windows Task Manager using the CTRL + ALT+ DEL menu or by pressing the shortcut CTRL + SHIFT + ESC. Either way, once your Task Manager is open, you will see several processes of svchost.exe running.

What is svchost.exe?

The Microsoft Support site defines it as “a generic host process name for services that run from dynamic-link libraries.” Right. So that’s pretty straightforward, anyone could understand that.. err okay, let’s translate.

A “dynamic-link library” also known as a .dll file is just a big block of programming code. There are lots of neat tricks that developers can do with these files to make things run faster and take up less space. The problem is that a .dll file can’t run standalone. You need a .exe or “executable” file to load the .dll and its code.

Now that we know a DLL file is, it should be easier to understand why svchost is called a “generic host.” All it does is load DLL files so they can run and execute system applications. So it’s nothing to worry about right? Well, there is the possibility that you could download a virus that could make your innocent svchost load up some DLLs from the dark side. Keeping your computer updated with all of the Microsoft Security Updates and running an anti-virus app should minimize the chance of this.

Okay great, so it’s just a host for even more processes! Now I’m even more curious and want to know what exactly is being run by svchost.exe., so how do I check this? There are two easy ways to keep tabs on svchost.exe. The first is the command line.

How to find out what processes are running on your computer using the command line

1. Click the Start Menu and then click Run. In the Run window that displays Type in cmd and press OK.

2. In the Command Window Type tasklist /SVC, and then press ENTER. Now you’ll be able to see all of the listed dynamic libraries that svchost.exe is running.

How to find which processes are running under svchost.exe using Process Explorer

The problem with the command line is, it just brings up even more weird looking processes that appear as mysterious as svchost itself. So here is where we need to download a program from Microsoft called Process Explorer.

Process Explorer is a fantastic application written by Microsoft to help you understand the nuts and bolts about Microsoft Windows. Once you have it running, you can highlight individual processes and see what each process is doing. The tool has been around since Windows XP and continues to be supported and updated for Windows 10.

Launch Process Explorer and take a look at the svchost.exe on my system.

Once opened, Simply hover over a process like svchost.exe for details about it.

If you want even more details Right-Click svchost.exe and Click Properties then Select the Services tab.

Alright, everything is looking good, now we know what svchost.exe is, and how to decipher all of the services that it’s running. After playing around with this, you’ll notice that some of the svchost processes aren’t running as many services as others. And wait, why are there so many svchost.exe processes running simultaneously?

Each svchost.exe process runs services based on logical service groups, for example, one may be running network services while another might be handling device drivers. Having these services run on separate hosts is a neat feature because this way if one dies it won’t take down your entire system all at once.