Browse All Articles > SVCHOST.EXE CONSUMING HIGH CPU / MEMORY
Whenever there is a consistent high utilization of CPU or MEMORY, we check Task Manager to verify which process is consuming high resources. And if we find the culprit as SVCHOST.EXE we simply say its SVCHOST process and try to kill the process without thinking much on it.
Killing the process may sometime resolve the issue or may crash the system. However one should know SVCHOST is not a process, it’s a container in which various window’s services run. So if you kill svchost.exe, there is a chance that you are killing more than one window’s services.
So in order to understand what are those services which is running in this SVCHOST container, please follow the steps mentioned below :-
1. Open command prompt with administrative privilege. [CMD -> run as administrator]
2. Run without quote “tasklist /svc” ,below is the fragment of the output.
![tasklist command to check all the running process , with its process id i.e PID]()
You can view one or more services running in a single container of SVCHOST.
3. Since you are already aware of the SVCHOST consuming high resource, note the PID i.e process identity number of the SVCHOST.
4. Now you are aware of the PID of SVCHOST which is consuming high resource. Note how many services are running in the SVCHOST container.
Next steps are to separate the services:-
1. In order to separate a service from a container which is running along with multiple services in the same container we will be using SC command.
2. Command should be used without quote “ sc config <Service_Name> type= own”
3. For example you can see CryptSvc ,Dnscache, LanmanWorkstation, NlaSvc, TapiSrv ,these all services are running in a single container. We will be using above mentioned command on one of the services “CryptSvc” . So the command will be “ sc config CryptSvc type= own ” .
4. Now restart the CryptSvc .
![Command used to separate CryptSvc from its shared SVChost.exe container]()
5. Now we can see that the process ID 1120 doesn’t have CryptSvc service in SVCHOST container.
![verifying that the container does not run CryptSvc service in itself]()
6. However we can view that a new PID 440 is running with the service CryptSvc under SVCHOST container.
![Process running in a seperate container]()
7. You may experience different PID in your machine . If you have to separate multiple services, you can run “ sc config <Service_Name> type= own” with all service name first and in place of restarting the service restart the machine.
8. Once all services are running in an individual SVCHOST container , it is easy for the user to understand which service is consuming high resource .
And based on the service consuming high resources, next part of troubleshooting starts.
seperate-container.png
Killing the process may sometime resolve the issue or may crash the system. However one should know SVCHOST is not a process, it’s a container in which various window’s services run. So if you kill svchost.exe, there is a chance that you are killing more than one window’s services.
So in order to understand what are those services which is running in this SVCHOST container, please follow the steps mentioned below :-
1. Open command prompt with administrative privilege. [CMD -> run as administrator]
2. Run without quote “tasklist /svc” ,below is the fragment of the output.
You can view one or more services running in a single container of SVCHOST.
3. Since you are already aware of the SVCHOST consuming high resource, note the PID i.e process identity number of the SVCHOST.
4. Now you are aware of the PID of SVCHOST which is consuming high resource. Note how many services are running in the SVCHOST container.
Next steps are to separate the services:-
1. In order to separate a service from a container which is running along with multiple services in the same container we will be using SC command.
2. Command should be used without quote “ sc config <Service_Name> type= own”
3. For example you can see CryptSvc ,Dnscache, LanmanWorkstation, NlaSvc, TapiSrv ,these all services are running in a single container. We will be using above mentioned command on one of the services “CryptSvc” . So the command will be “ sc config CryptSvc type= own ” .
4. Now restart the CryptSvc .
5. Now we can see that the process ID 1120 doesn’t have CryptSvc service in SVCHOST container.
6. However we can view that a new PID 440 is running with the service CryptSvc under SVCHOST container.
7. You may experience different PID in your machine . If you have to separate multiple services, you can run “ sc config <Service_Name> type= own” with all service name first and in place of restarting the service restart the machine.
8. Once all services are running in an individual SVCHOST container , it is easy for the user to understand which service is consuming high resource .
And based on the service consuming high resources, next part of troubleshooting starts.
seperate-container.png
Have a question about something in this article? You can receive help directly from the article author. Sign up for a free trial to get started.
Comments (3)
Commented:
I just thought I would throw this in. To view just the svchost processes instead of all of the processes, you can type this command in a DOS window.
Type or paste as is, quotes and all, in to a DOS window to just see svchost processes
tasklist /svc /fi "IMAGENAME eq svchost.exe"
Commented:
This is a free tool that is part of the sysinternals suite. Microsoft distributes it for free.
It is very customizable so you can dig in to just about any aspect of a process.
Commented: