Windows – SVCHOST.exe List Process details

From time to time you get events in the Event Viewer relating to a SVCHOST process, and that’s it ?

Like this one

image

So to get a bit more info on that PID 892, you can run this command. To filter the PID 892 and list the details.

tasklist /SVC /FI “PID eq 892”

image

This will list the services hosted by the PID 892

In case of a red alert you can use the Process Explorer to do a more in depth investigation.

image

This gives you more information to judge the impact of the Event ID.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: