If you enjoy opening up Task Manager to review what applications are running and inspect other important details about your system. Here, you might have likely noticed several instances of svchost.exe running. You may wonder what its function is or if it’s a virus, malware, or an application gone wrong. This guide explains what Svchost.exe means, if it’s safe and if it is a virus.
The Microsoft Support site defines it as “a generic host process name for services that run from dynamic-link libraries.” A “dynamic-link library,” also known as a DLL file, is just a big block of programming code. There are lots of neat tricks that developers can do with these files to make things run faster and take up less space. The problem is that a DLL file can’t run standalone. Instead, you need a .exe or “executable” file to load the DLL and code.
Now that we know what a DLL file is, it should be easier to understand why svchost is called a “generic host.” All it does is load DLL files so they can run and execute system applications. So it’s nothing to worry about.
Now, you may ask, what exactly is being run by svchost.exe. So how do I check this? There are two easy ways to keep tabs on svchost.exe. The first is the command line.
- Click the Start Menu and then click Run. In the Run window that displays, type in ‘cmd’ and press OK.
- Type tasklist /SVC in the Command Window, and then press ENTER. Now you’ll see all of the listed dynamic libraries that svchost.exe is running.
Process Explorer is a great application written by Microsoft to help you understand the nuts and bolts of Microsoft Windows. Once you have it running, you can highlight individual processes and see what each process is doing. The tool has been around since Windows XP and continues to be supported and updated for Windows 10.
The problem with the command line is that it just brings up even more weird-looking processes that appear as mysterious as svchost itself. So here is where we need to download a program from Microsoft called Process Explorer.
- Launch Process Explorer and look at the svchost.exe on “my system.”
- Once opened, hover over a process like svchost.exe for details about it.
If you want even more details, Right-Click svchost.exe and Click Properties, then select the Services tab. After playing around with this, you’ll notice that some of the svchost processes aren’t running as many services as others. And wait, why are there so many svchost.exe processes running simultaneously?
Each svchost.exe process runs services based on logical service groups. For example, one may be running network services while another may handle device drivers. Having these services run on separate hosts is a neat feature because this way if one dies, it won’t take down your entire system all at once.
The process itself is an official Windows component. While a virus may have replaced the real Service Host with an executable, it’s very unlikely. If you’d like to be sure, you can check out the underlying file location of the process. In Task Manager, right-click any Service Host process and choose the “Open File Location” option. If the file is stored in your Windows\System32 folder, you can be fairly certain you are not dealing with a virus.
If you still want a little more peace of mind, you can always scan for viruses using your preferred virus scanner. Or, you can choose to disable the service if you don’t want it running or troubleshoot why it’s giving you problems.