How to isolate a service in its own scvhost.exe

How to isolate a service in its own scvhost.exe

  • Comments 5
  • Likes

This is a very good public link to read about service control manager internals and how to manage services.

download.microsoft.com/download/f/3/9/f3900e1e-a45c-45a4-b716-740e553e1f62/SPTCF_SYS.doc

Description of svchost.exe http://support.microsoft.com/kb/314056

C:\Documents and Settings\ganand>tasklist /svc

 

As you see right now my bits service is running under svchost along with other services…

 

Image Name                     PID Services

========================= ======== ============================================

System Idle Process              0 N/A

System                           4 N/A

smss.exe                       312 N/A

csrss.exe                      360 N/A

winlogon.exe                   384 N/A

services.exe                   432 Eventlog, PlugPlay

lsass.exe                      444 HTTPFilter, Netlogon, PolicyAgent,

                                   ProtectedStorage, SamSs

svchost.exe                    632 DcomLaunch

svchost.exe                    704 RpcSs

svchost.exe                    780 Dhcp, Dnscache

svchost.exe                    828 Alerter, LmHosts, W32Time,

                                   WinHttpAutoProxySvc

svchost.exe                    848 AeLookupSvc, AudioSrv, BITS, CryptSvc,

                                   dmserver, EventSystem, helpsvc,

                                   lanmanserver, lanmanworkstation, Netman,

                                   Nla, RasMan, Schedule, seclogon, SENS,

                                   ShellHWDetection, TrkWks, winmgmt,

                                   wuauserv, WZCSVC

spoolsv.exe                   1024 Spooler

msdtc.exe                     1052 MSDTC

svchost.exe                   1172 ERSvc

FwcAgent.exe                  1216 FwcAgent

inetinfo.exe                  1280 IISADMIN

InoRpc.exe                    1332 InoRPC

InoRT.exe                     1384 InoRT

InoTask.exe                   1420 InoTask

svchost.exe                   1528 Pml Driver HPZ12

svchost.exe                   1552 RemoteRegistry

SMAgent.exe                   1584 SoundMAX Agent Service (default)

svchost.exe                   1652 TermService

vmh.exe                       1824 vmh

searchindexer.exe             1912 WSearch

CcmExec.exe                   2052 CcmExec

vssrvc.exe                    2160 Virtual Server

svchost.exe                   2180 W3SVC

wmiprvse.exe                  2636 N/A

wmiprvse.exe                  2716 N/A

explorer.exe                  3276 N/A

GrooveMonitor.exe             3560 N/A

igfxtray.exe                  3568 N/A

hkcmd.exe                     3580 N/A

SMTray.exe                    3588 N/A

VM_STI.EXE                    3596 N/A

svchost.exe                   3780 TapiSrv

ctfmon.exe                    3768 N/A

communicator.exe              3856 N/A

Skype.exe                     4076 N/A

FwcMgmt.exe                   2644 N/A

WindowsSearch.exe             2672 N/A

ONENOTEM.EXE                  2864 N/A

wmiprvse.exe                  3260 N/A

VisualKB.exe                  3720 N/A

dexplore.exe                  1660 N/A

hh.exe                        3020 N/A

hh.exe                        3864 N/A

iexplore.exe                  1316 N/A

dllhost.exe                   3204 COMSysApp

OUTLOOK.EXE                   3904 N/A

AcroRd32.exe                   792 N/A

iexplore.exe                  4072 N/A

iexplore.exe                  3944 N/A

iexplore.exe                  2944 N/A

cmd.exe                       2084 N/A

regedit.exe                   3916 N/A

wmiprvse.exe                   816 N/A

tasklist.exe                  3492 N/A

 

 

for troubleshooting purposes if we want to isolate any one service running under svchost---we can do that using sc config  bits type= own

 

now as you see bits is running under its own scvhost  process.

 

C:\Documents and Settings\ganand>tasklist /svc

 

Image Name                     PID Services

========================= ======== ============================================

System Idle Process              0 N/A

System                           4 N/A

smss.exe                       312 N/A

csrss.exe                      360 N/A

winlogon.exe                   384 N/A

services.exe                   432 Eventlog, PlugPlay

lsass.exe                      444 HTTPFilter, Netlogon, PolicyAgent,

                                   ProtectedStorage, SamSs

svchost.exe                    632 DcomLaunch

svchost.exe                    704 RpcSs

svchost.exe                    780 Dhcp, Dnscache

svchost.exe                    828 Alerter, LmHosts, W32Time

svchost.exe                    848 AeLookupSvc, AudioSrv, CryptSvc, dmserver,

                                   EventSystem, helpsvc, lanmanserver,

                                   lanmanworkstation, Netman, Nla, RasMan,

                                   Schedule, seclogon, SENS, ShellHWDetection,

                                   TrkWks, winmgmt, wuauserv, WZCSVC

spoolsv.exe                   1024 Spooler

msdtc.exe                     1052 MSDTC

svchost.exe                   1172 ERSvc

FwcAgent.exe                  1216 FwcAgent

inetinfo.exe                  1280 IISADMIN

InoRpc.exe                    1332 InoRPC

InoRT.exe                     1384 InoRT

InoTask.exe                   1420 InoTask

svchost.exe                   1528 Pml Driver HPZ12

svchost.exe                   1552 RemoteRegistry

SMAgent.exe                   1584 SoundMAX Agent Service (default)

svchost.exe                   1652 TermService

vmh.exe                       1824 vmh

searchindexer.exe             1912 WSearch

CcmExec.exe                   2052 CcmExec

vssrvc.exe                    2160 Virtual Server

svchost.exe                   2180 W3SVC

wmiprvse.exe                  2636 N/A

wmiprvse.exe                  2716 N/A

explorer.exe                  3276 N/A

GrooveMonitor.exe             3560 N/A

igfxtray.exe                  3568 N/A

hkcmd.exe                     3580 N/A

SMTray.exe                    3588 N/A

VM_STI.EXE                    3596 N/A

svchost.exe                   3780 TapiSrv

ctfmon.exe                    3768 N/A

communicator.exe              3856 N/A

Skype.exe                     4076 N/A

FwcMgmt.exe                   2644 N/A

WindowsSearch.exe             2672 N/A

ONENOTEM.EXE                  2864 N/A

wmiprvse.exe                  3260 N/A

VisualKB.exe                  3720 N/A

dexplore.exe                  1660 N/A

hh.exe                        3020 N/A

hh.exe                        3864 N/A

iexplore.exe                  1316 N/A

dllhost.exe                   3204 COMSysApp

OUTLOOK.EXE                   3904 N/A

AcroRd32.exe                   792 N/A

iexplore.exe                  4072 N/A

iexplore.exe                  3944 N/A

iexplore.exe                  2944 N/A

cmd.exe                       2084 N/A

regedit.exe                   3916 N/A

wmiprvse.exe                   816 N/A

svchost.exe                   1780 BITS

tasklist.exe                   608 N/A

 

Gaurav Anand

This posting is provided "AS IS" with no warranties, and confers no rights.

Comments
  • PingBack from http://geeklectures.info/2007/12/23/how-to-isolate-a-service-in-its-own-scvhostexe/

  • Neste outro artigo, Gaurav Anand mostra de maneira muito simples como isolar serviços que atuam como

  • did this, seen it on several sites, did not work, says "SUCCESS" but after repopulating the table, it shows them all in the same group still. HELP

  • You need to reboot the boix for getting it populated

  • Doing this for RDP and the dreaded event 7011 umrdpservice

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment