Udostępnij za pośrednictwem


How to isolate a service in its own scvhost.exe

This is a very good public link to read about service control manager internals and how to manage services.

download.microsoft.com/download/f/3/9/f3900e1e-a45c-45a4-b716-740e553e1f62/SPTCF_SYS.doc

Description of svchost.exe https://support.microsoft.com/kb/314056

C:\Documents and Settings\ganand>tasklist /svc

As you see right now my bits service is running under svchost along with other services…

Image Name PID Services

========================= ======== ============================================

System Idle Process 0 N/A

System 4 N/A

smss.exe 312 N/A

csrss.exe 360 N/A

winlogon.exe 384 N/A

services.exe 432 Eventlog, PlugPlay

lsass.exe 444 HTTPFilter, Netlogon, PolicyAgent,

ProtectedStorage, SamSs

svchost.exe 632 DcomLaunch

svchost.exe 704 RpcSs

svchost.exe 780 Dhcp, Dnscache

svchost.exe 828 Alerter, LmHosts, W32Time,

WinHttpAutoProxySvc

svchost.exe 848 AeLookupSvc, AudioSrv, BITS, CryptSvc,

dmserver, EventSystem, helpsvc,

lanmanserver, lanmanworkstation, Netman,

Nla, RasMan, Schedule, seclogon, SENS,

ShellHWDetection, TrkWks, winmgmt,

wuauserv, WZCSVC

spoolsv.exe 1024 Spooler

msdtc.exe 1052 MSDTC

svchost.exe 1172 ERSvc

FwcAgent.exe 1216 FwcAgent

inetinfo.exe 1280 IISADMIN

InoRpc.exe 1332 InoRPC

InoRT.exe 1384 InoRT

InoTask.exe 1420 InoTask

svchost.exe 1528 Pml Driver HPZ12

svchost.exe 1552 RemoteRegistry

SMAgent.exe 1584 SoundMAX Agent Service (default)

svchost.exe 1652 TermService

vmh.exe 1824 vmh

searchindexer.exe 1912 WSearch

CcmExec.exe 2052 CcmExec

vssrvc.exe 2160 Virtual Server

svchost.exe 2180 W3SVC

wmiprvse.exe 2636 N/A

wmiprvse.exe 2716 N/A

explorer.exe 3276 N/A

GrooveMonitor.exe 3560 N/A

igfxtray.exe 3568 N/A

hkcmd.exe 3580 N/A

SMTray.exe 3588 N/A

VM_STI.EXE 3596 N/A

svchost.exe 3780 TapiSrv

ctfmon.exe 3768 N/A

communicator.exe 3856 N/A

Skype.exe 4076 N/A

FwcMgmt.exe 2644 N/A

WindowsSearch.exe 2672 N/A

ONENOTEM.EXE 2864 N/A

wmiprvse.exe 3260 N/A

VisualKB.exe 3720 N/A

dexplore.exe 1660 N/A

hh.exe 3020 N/A

hh.exe 3864 N/A

iexplore.exe 1316 N/A

dllhost.exe 3204 COMSysApp

OUTLOOK.EXE 3904 N/A

AcroRd32.exe 792 N/A

iexplore.exe 4072 N/A

iexplore.exe 3944 N/A

iexplore.exe 2944 N/A

cmd.exe 2084 N/A

regedit.exe 3916 N/A

wmiprvse.exe 816 N/A

tasklist.exe 3492 N/A

for troubleshooting purposes if we want to isolate any one service running under svchost---we can do that using sc config bits type= own

now as you see bits is running under its own scvhost process.

C:\Documents and Settings\ganand>tasklist /svc

Image Name PID Services

========================= ======== ============================================

System Idle Process 0 N/A

System 4 N/A

smss.exe 312 N/A

csrss.exe 360 N/A

winlogon.exe 384 N/A

services.exe 432 Eventlog, PlugPlay

lsass.exe 444 HTTPFilter, Netlogon, PolicyAgent,

ProtectedStorage, SamSs

svchost.exe 632 DcomLaunch

svchost.exe 704 RpcSs

svchost.exe 780 Dhcp, Dnscache

svchost.exe 828 Alerter, LmHosts, W32Time

svchost.exe 848 AeLookupSvc, AudioSrv, CryptSvc, dmserver,

EventSystem, helpsvc, lanmanserver,

lanmanworkstation, Netman, Nla, RasMan,

Schedule, seclogon, SENS, ShellHWDetection,

TrkWks, winmgmt, wuauserv, WZCSVC

spoolsv.exe 1024 Spooler

msdtc.exe 1052 MSDTC

svchost.exe 1172 ERSvc

FwcAgent.exe 1216 FwcAgent

inetinfo.exe 1280 IISADMIN

InoRpc.exe 1332 InoRPC

InoRT.exe 1384 InoRT

InoTask.exe 1420 InoTask

svchost.exe 1528 Pml Driver HPZ12

svchost.exe 1552 RemoteRegistry

SMAgent.exe 1584 SoundMAX Agent Service (default)

svchost.exe 1652 TermService

vmh.exe 1824 vmh

searchindexer.exe 1912 WSearch

CcmExec.exe 2052 CcmExec

vssrvc.exe 2160 Virtual Server

svchost.exe 2180 W3SVC

wmiprvse.exe 2636 N/A

wmiprvse.exe 2716 N/A

explorer.exe 3276 N/A

GrooveMonitor.exe 3560 N/A

igfxtray.exe 3568 N/A

hkcmd.exe 3580 N/A

SMTray.exe 3588 N/A

VM_STI.EXE 3596 N/A

svchost.exe 3780 TapiSrv

ctfmon.exe 3768 N/A

communicator.exe 3856 N/A

Skype.exe 4076 N/A

FwcMgmt.exe 2644 N/A

WindowsSearch.exe 2672 N/A

ONENOTEM.EXE 2864 N/A

wmiprvse.exe 3260 N/A

VisualKB.exe 3720 N/A

dexplore.exe 1660 N/A

hh.exe 3020 N/A

hh.exe 3864 N/A

iexplore.exe 1316 N/A

dllhost.exe 3204 COMSysApp

OUTLOOK.EXE 3904 N/A

AcroRd32.exe 792 N/A

iexplore.exe 4072 N/A

iexplore.exe 3944 N/A

iexplore.exe 2944 N/A

cmd.exe 2084 N/A

regedit.exe 3916 N/A

wmiprvse.exe 816 N/A

svchost.exe 1780 BITS

tasklist.exe 608 N/A

Gaurav Anand

This posting is provided "AS IS" with no warranties, and confers no rights.

Comments

  • Anonymous
    January 01, 2003
    Neste outro artigo, Gaurav Anand mostra de maneira muito simples como isolar serviços que atuam como

  • Anonymous
    January 01, 2003
    PingBack from http://geeklectures.info/2007/12/23/how-to-isolate-a-service-in-its-own-scvhostexe/

  • Anonymous
    September 28, 2011
    did this, seen it on several sites, did not work, says "SUCCESS" but after repopulating the table, it shows them all in the same group still. HELP

  • Anonymous
    February 17, 2012
    You need to reboot the boix for getting it populated

  • Anonymous
    June 24, 2014
    Doing this for RDP and the dreaded event 7011 umrdpservice

  • Anonymous
    March 04, 2016
    @Mike, I haven't got it. umrdpservice doesn't start in own mode type.
    Did you got it?