subject: Windows Processes - What are They? [print this page] Windows Processes - What are They? Windows Processes - What are They?
For many windows users, their OS lives life of its own. Users are not interested what hidden windows processes are running. In the meantime, is there any sense in a background service or program if you don't even use it? I think that it's much better to check such process and find out if it's not a Trojan, malware or spyware? But how can we find out for sure what loads our system?
The simplest way to control running programs is Windows Task Manager. It's only at hand and we can easily start it with CTRL-ALT-DEL combination. But it provides us with minimum information. If you want to understand what is lsass.exe or spoolsv.exe then don't rely on Windows Task Manager because it doesn't provide such info. Even more complicated task is to distinguish lsass.exe system process Local Security Authority Subsystem Servicefrom hiding under the same name, but in a different folder, the virus Email-Worm.Win32.Mydoom.
Therefore, in order to get the maximum information about running programs and full control over them, you should find some third-party task managers.
The most advanced program that provides full control over windows processes is Fileinspect Task Manager. The program has an intuitive interface that makes finding and disabling unneeded processes really easy. It allows you to manage Windows services and locked files, displays which applications are consuming network traffic, identifies processes that are believed to be dangerous and what is mostly important - allows you to easily check any process on the Internet.
If you don't want to download anything then you can use specialized online databases like windows processes library. On this website you can easily find any windows process. For each process, you can find the following information: executable file name, the official name of the process, specific comments, recommendations, authors, etc. Information is really comprehensive especially considering that you may write to administration and ask for any additional info about any process.
Typical processes
So let's have a look at the most common processes which can be found almost on every computer with OS Windows.
Svchost.exe. This process manages 32-bit DLLs as well as other services. Microsoft runs a lot of software functionality from DLL (dynamic link library) interface. But DLLs can't launch themselves they need an executable program. On startup, svchost.exe checks the services in the Registry and makes a list of services it has to load.
Explorer.exe. This is a Windows GUI shell, that is usually called Windows Explorer. Its graphical user interface lets you see your hard drives, folders, and files.
Lsass.exe. It is a safe file from Microsoft and is responsible for security policy enforcement within the operating system, verifies users logging on to a Windows computer or server, handles password changes, and creates access tokens. It also writes to the Windows Security Log.
Iexplorer.exe. This file supports web pages as well as Windows OS features, such as Microsoft Update.
Spoolsv.exe. It is the main component of the printing interfaces. Spooling allows you to print in the background without your computer becoming tied up. Spoolsv.exe is responsible for how Windows handles print and fax tasks on your computer. The spoolsv.exe file is initialized on computer startup and it runs in the background.
Of course this is an incomplete list because there are thousands of various windows processes. But we hope that this article will help you to deal with windows processes much easier.
