Ever scanned through Windows Task Manager and wondered why there are so many processes running? Unfortunately, Windows isn’t really of any help: It doesn’t explain what entries, like “svchost.exe”, “rundll32.exe”, and “taskhost.exe”, mean and what’s causing them.
Well, the TuneUp Blog about Windows is here to clear up the confusion. In a three-part series, I’m going to touch on the most common processes found in Windows XP, Windows Vista, and Windows 7, and explain what they’re for, if they’re absolutely critical, and which ones you should disable to reduce background operations and prevent potential attack surfaces.
How and why should I manage these processes?
It’s always good to see what’s running on your PC. It gives you more control over performance, un-responsive programs, and security.
- Performance: Every process consumes just a bit of your overall CPU, RAM, and hard disk. The more processes you have running on your system, the slower it will be. Regular Windows processes don’t slow things down much, but it’s worth keeping an eye on them. Go to Windows Task Manager (right-click on your taskbar and select it, or use the CTRL+SHIFT+ESC keyboard shortcut), and browse through the list of processes. Click on the “CPU” and “Memory” columns to see which processes consume the most memory.
Watch out for those that regularly consume more than 100–200 MB and 10% CPU usage. Take a look at the processes’ description to help identify them, or try to Google the exact process name to find out what’s behind it and end it.
- Un-responsive programs: Ever had an application just freeze on you? Easy to fix! Open Windows Task Manager, go to the “Applications” tab and select the hanging program. If that didn’t help, right-click on its entry and select “Go to Process”. Now kill it using the “End Process Tree” command—and that should do it!
- Security: Usually, your anti-virus software should have its real-time protection watch out for all sorts of threats. However, if you find some very odd entries in your process list that do not belong to any of your known processes and for which a Google search comes up filled with malware-related articles, it’s time to kill the process (if possible) and use a different anti-virus solution!
For all of you out there who really want to get a grip on your processes, there’s nothing better than Mark Russinovich’s “Process Explorer” which is basically a (much more) advanced version of the built-in Windows Task Manager. It allows you to see the exact process hierarchy, pause processes, and even check them for their integrity.
Seven quintessential Windows processes
Curious as to what’s going on in your system? These are the seven most common Windows processes running on all PCs; They are critical for basic operations and should never ever be disabled or touched.
Explorer.exe – your desktop
This process is responsible for the entire Windows user interface, including the taskbar, the desktop, and its icons. It also includes Windows Explorer which you use for file management. If Explorer.exe crashes for some reason or needs to be disabled when installing a program, it should automatically restart.
Svchost.exe – all your services
This process is a key part of the Windows system: It coordinates processes and libraries and is responsible for launching services, such as Windows Updates, Windows Media Player, Windows Search, and the Aero interface. Don’t be concerned if your system has several instances of svchost.exe running: This is completely normal.
But, you’ll want to keep a close eye on them. They are usually launched by the system user accounts: “SYSTEM”, “LOCAL SERVICE”, or “NETWORK SERVICE”. If you see one svchost.exe launched by your user account (for example, “Sandro Villinger”), it’s likely that some form of malware is behind this. In that case, find out where this svchost.exe is actually located by right-clicking on it and selecting “Open file location”.
If you see this file located in any other directory besides the System32 folder (e.g. in your user, download or another program folder), you should immediately run a virus scan and try to get rid of it.
Lsass – managing your rights
Another file stored in the System32 directory, Lsass (Local Security Authority Subsystem Service) verifies the validity of user logons on the current machine and on remote machines (e.g. network servers). It’s also responsible for enforcing security policies on the local machine.
Csrss.exe – a vital part for your system
Csrss.exe, or Client/Server Runtime Subsystem, handles graphical instruction sets (what you see on your screen), command console commands, window management, and thread management. Obviously, that’s not just important; It’s an integral part of your Windows system. Disabling it results in an immediate Windows STOP error, also known as “The Blue Screen of Death”.
System Idle Process: a whole load of nothing
This is not really a process, but still one of the key reasons why users get confused when looking at Windows Task Manager.
System Idle Process just sits there and consumes 90–99% of your CPU. So, you are probably thinking that you should just kill it immediately, right? Well, actually no. This entry actually shows how much CPU time is NOT being used by processes. The Idle Task consists of a loop which repeatedly tells the processor to do nothing, so it can save power.
This is the sub-process for handling user sessions, system threads and other core Windows tasks. It launches winlogon.exe (which we’ll discuss in Part 2) and csrss.exe.
This process runs automatically after logon and initializes the Windows user interface and network connections. It manages start-up sequences and which programs should run; it also runs log-on scripts upon startup. After its work is done, Userinit closes automatically.
That concludes Part 1! In Part 2, I’ll dive deeper into the jungle of Windows processes and tell you all about those that aren’t as critical to core system functionality (but still important nonetheless). I’ll even identify some processes you don’t need on a daily basis and can be disabled.
11 Responses to “Shining a Light on the Windows Process Jungle (Part 1)”
- Shining a Light on the Windows Process Jungle (Part 2) » TuneUp Blog about Windows
- Shining a Light on the Windows Process Jungle (Parts 1-3) | TuneUp Blog about Windows » WinCom7 NewsLinks
- TuneUp ayuda a comprender los procesos de Windows
- Shining a Light on the Windows Process Jungle (Parts 1-3) | TuneUp Blog about Windows » WinCom7
- What’s Blocking Your External USB Hard Disk or Thumb Drive? » TuneUp Blog about Windows
- Olivenöl bestellen