Q

How do I find out which programs are instigating which svchost instance?

I can use task list /svc to find out what each instance of svchost is running, as well as the PID for that instance. But how do I find out which programs are instigating which svchost instance? And if more than one program is using the same instance of svchost to do different things, how do I find out which things exactly each program is asking that svchost instance to do? "Process explorer" and "perfect process" can't do it. Is there any software that will do this for me?

Svchost is essential a process that can be used to run multiple services. You can find out the current arrangement for all svchost processes by viewing the registry key HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\Svchost

You can also, as you note, use the task list /svc command. This command provides the PID. (You can also find the PID if you add the PID column (from the View menu) to the task manager applet)

(For Windows 2000 the command is tlist /s, the tlist tool is available from the Windows installation CD-ROM support folder.)

More information on the processes within svchost can be found by setting process tracking auditing in the auditing section of group policy. Be aware, however, that many events may be generated. It typically is not a good idea to enable this type of auditing unless you are seeking specific information.

This was first published in July 2004

Dig deeper on Network intrusion detection and prevention and malware removal

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchVirtualDesktop

SearchWindowsServer

SearchExchange

Close