Demystifying the “SVCHOST.EXE” Process and Its Command Line Options
<p>The Service Host process or <em>“svchost.exe”</em> is one the most notorious processes out there. It got a bad reputation for being “malicious” due to mostly two factors, one is malware impersonating it and the other is good old “Task Manager”.</p>
<p>Because of the way task manager was designed in the old days (and to some extent today), it never gave much details into processes on the system and especially “special” processes like <em>“svchost.exe”</em>. So by using the task manager to see what processes are opened, you’ll get a bunch of <em>“svchost.exe”</em> processes with the description “Host Process for Windows Services”. Without any information about the services that are hosted in it. So it only took malware two additional steps to make itself look legitimate.</p>
<p>First, name the malware <em>“svchost.exe”</em> and second, give it the description <em>“Host Process for Windows Services”</em> and you’ll be indistinguishable from the legitimate <em>“svchost.exe”</em> process as far as the old task manager is concerned.</p>
<p><a href="https://nasbench.medium.com/demystifying-the-svchost-exe-process-and-its-command-line-options-508e9114e747"><strong>Visit Now</strong></a></p>