<

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x

SVCHOST.EXE CONSUMING HIGH CPU / MEMORY

Published on
29,489 Points
21,789 Views
12 Endorsements
Last Modified:
Approved
Whenever there is a consistent high utilization of CPU or MEMORY, we check Task Manager to verify which process is consuming high resources. And if we find the culprit as SVCHOST.EXE we simply say its SVCHOST process and try to kill the process without thinking much on it.

Killing the process may sometime resolve the issue or may crash the system. However one should know SVCHOST is not a process, it’s a container in which various window’s services run. So if you kill svchost.exe, there is a chance that you are killing more than one window’s services.

So in order to understand what are those services which is running in this SVCHOST container, please follow the steps mentioned below :-

1.      Open command prompt with administrative privilege. [CMD -> run as administrator]

2.      Run without quote “tasklist /svc” ,below is the fragment of the output.
 tasklist command to check all the running process , with its process id i.e PIDYou can view one or more services running in a single container of SVCHOST.

3.      Since you are already aware of the SVCHOST consuming high resource, note the PID i.e process identity number of the SVCHOST.

4.      Now you are aware of the PID of SVCHOST which is consuming high resource. Note how many services are running in the SVCHOST container.

Next steps are to separate the services:-

1.      In order to separate a service from a container which is running along with multiple services in the same container we will be using SC command.

2.      Command should be used without quote “ sc config <Service_Name> type= own”

3.      For example you can see CryptSvc ,Dnscache, LanmanWorkstation, NlaSvc, TapiSrv ,these all services are running in a single container. We will be using above mentioned command on one of the services “CryptSvc” . So the command will be “ sc config CryptSvc type= own ” .

4.      Now restart the CryptSvc .
 Command  used to separate CryptSvc from its shared SVChost.exe container5.       Now we can see that the process ID 1120 doesn’t have CryptSvc service in SVCHOST container.
 verifying that the container does not run CryptSvc service in itself6.      However we can view that a new PID 440 is running with the service CryptSvc under SVCHOST container.
 Process running in a seperate container7.      You may experience different PID in your machine . If you have to separate multiple services, you can run “ sc config <Service_Name> type= own” with all service name first and in place of restarting the service restart the machine.

8.      Once all services are running in an individual SVCHOST container , it is easy for the user to understand which service is consuming high resource .

And based on the service consuming high resources, next part of troubleshooting starts.
seperate-container.png
12
Comment
3 Comments
LVL 18

Expert Comment

by:Frankco
Thank you Ratnesh for your article.

I just thought I would throw this in. To view just the svchost processes instead of all of the processes, you can type this command in a DOS window.

Type or paste as is, quotes and all, in to a DOS window to just see svchost processes

 tasklist /svc /fi "IMAGENAME eq svchost.exe"
0
LVL 3

Expert Comment

by:Matthew Borrusso
Another little tool that will help you identify the offending child process is process explorer.
This is a free tool that is part of the sysinternals suite. Microsoft distributes it for free.
It is very customizable so you can dig in to just about any aspect of a process.
Procexplorer.PNG
0
LVL 7

Expert Comment

by:Maidine Fouad
Thank you sir Ratnesh Mishra Great article, Its always been Consuming too much !!
0

Featured Post

PMI ACP® Project Management

Prepare for the PMI Agile Certified Practitioner (PMI-ACP)® exam, which formally recognizes your knowledge of agile principles and your skill with agile techniques.

Join & Write a Comment

The viewer will learn how to successfully create a multiboot device using the SARDU utility on Windows 7. Start the SARDU utility: Change the image directory to wherever you store your ISOs, this will prevent you from having 2 copies of an ISO wit…
If you’ve ever visited a web page and noticed a cool font that you really liked the look of, but couldn’t figure out which font it was so that you could use it for your own work, then this video is for you! In this Micro Tutorial, you'll learn yo…
Next Article:

Keep in touch with Experts Exchange

Tech news and trends delivered to your inbox every month