Re: What Can a Service Do on Windows

-1

On Windows 7, I have to check a box, at the bottom of the Processes tab in Windows Task Manager and I find a list of 14 svchost.exe Windows Services running. It says Host Process for Windows Service. Does that mean it is okay or could it be anything?

I am not a Geek or Super user so this tells me nothing. So I right click on one of them and choose, Go to Services. It flips me over to the Services tab and 5 Services are running. They are all local services and all running. (WidiServiceHost, fpdHost, khmsvc, netprofm and nsi) Daugh. I think it is really Windows but still don't know for sure. How do I know what's what?

So I go back to the Service, right click and choose, Create Dump file. Go to Windows Explorer, MyUserName/App Data/Temp and find the file svchost.DMP file, 53,128 KB, but windows cannot open it. Try Open Office. No Joy. Go to the web Find instructions. http://www.open-file.com/file-extension-dmp.html?utm_source=bing&utm_medium=cpc&utm_term=&utm_content=Open%20file%20DMP&utm_campaign=filextuscontent&t_acct=msn2&t_kwd=19084526350&t_mtch=c Tired out. Giving up. Can you make it easier? How do I know when a service is good, bad or ugly?

Teal

Posted 2014-05-23T17:16:49.143

Reputation: 11

Answers

A service can literally be anything it wants to be.

Services are generally system-level processes that aren't tied to a specific user. When you open Microsoft Word, that is your copy of Word, running under your user account. But who owns the Windows Audio process, responsible for managing sound from multiple programs from multiple users? Services fill this gap.

Some services run as their own executable, while others are "hosted" inside of a svchost.exe process, each of which can actually host multiple services. (There are multiple svchost.exe processes because some hosted services need to be run with different permissions than others, and each copy of svchost.exe is running with different permissions).

From a general standpoint, there's no way to tell if a service is good or bad, or is secure so that it can't be hacked and made to do bad things, or even what it does. You just have to google information about a particular service and learn what it does. Most services are provided by windows (There's a Disk Management service, which manages the harddrives, Windows Audio, Bluetooth, DNS, DHCP, Fax support, Network File sharing, among many, many others), but you'll find other services added by applications: Nvidia and AMD both install services for their graphics drivers, many Antivirus products run as a service, Google and Skype's update managers run as a service, the list goes on and on.

Darth Android

Posted 2014-05-23T17:16:49.143

Reputation: 35 133

You are right Microsoft does not offer a handy way for pinpointing if those "hosted" processes are known buddies or just running viruses. You get a name and a location, after that is up to you trying to google on that info. Not a simple thing as the name can be fake or a genuine process can also be infected.

I used to use Russinovich's Process Explorer which (among other things) includes some help for directly googling on hosted processes' info just with a right click of your mouse.

Pat

Posted 2014-05-23T17:16:49.143

Reputation: 2 593