What is SVCHOST?

You will notice that most ports are held by one of the many instances of svchost.exe. Most Windows services are not full executables, merely DLLs. These DLLs must be loaded by a host executable like SVCHOST. This saves system resources at the expense of security. To determine which services are running under a specific instance of SVCHOST, open a command prompt and enter:

tasklist /svc

Svchost usually runs as one of three special users: SYSTEM, LOCAL SERVICE, or NETWORK SERVICE. Unfortunately, even the system administrator does not have sufficient rights to kill SVCHOST when it runs as one of these three users.

Advertisements

Posted on October 25, 2013, in General, Uncategorized. Bookmark the permalink. Leave a comment.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: