I’m in this picture and I don’t like it.
I was trying to diagnose a prod server crashing this very Wednesday and seeing the lines of svchost.exe is so fucking maddening… I’m glad ProcessExplorer was there to give some useful fucking info, at least.
Well, it could be an executable disguising itself as svchost. Pretty common for malware or video game cheats to name their executables svchost.exe to hide from anti-virus/anticheat
In case anyone is interested, there’s a powertoy called file locksmith that will show what’s using it and let you kill it: https://learn.microsoft.com/en-us/windows/powertoys/file-locksmith
Sysinternals handle is lightweight unitasker for this too, better option for servers.
“Time to see who’s stopping me from deleting this file… svchost??? Goddamn it!”
I’m in this picture and I don’t like it. I was trying to diagnose a prod server crashing this very Wednesday and seeing the lines of svchost.exe is so fucking maddening… I’m glad ProcessExplorer was there to give some useful fucking info, at least.
Well, it could be an executable disguising itself as svchost. Pretty common for malware or video game cheats to name their executables svchost.exe to hide from anti-virus/anticheat
Probably the indexing service, it’s always the indexing service.
just kill it
You can use the built-in tool resmon.exe to do the same