Details of the computer process 01/15 Update SLTechnology News&Howtos

Details of the computer process

2025-01-15 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >

Shulou(Shulou.com)06/01 Report--

The most basic system processes (that is, these processes are the basic conditions for the system to run, and with these processes, the system can function properly):

Smss.exe Session Manager

Csrss.exe subsystem server process

Winlogon.exe administrative user login

Services.exe contains a lot of system services

Lsass.exe manages IP security policies and launches ISAKMP/Oakley (IKE) and IP security drivers. (system Services)

Generates a session key and grants service credentials (ticket) for interactive client / server authentication. (system Services)

Svchost.exe contains a lot of system services

SPOOLSV.EXE loads the file into memory for later printing. (system Services)

Explorer.exe Explorer

Pinyin icon in the internat.exe tray area

Additional system processes (these processes are not necessary, you can add or decrease them through the service manager as needed):

Mstask.exe allows the program to run at a specified time. (system Services)

Regsvc.exe allows remote registry operations. (system Services)

Winmgmt.exe provides system management information (system services).

Inetinfo.exe provides FTP connectivity and management through the snap-in of Internet Information Services. (system Services)

Tlntsvr.exe allows remote users to log in to the system and run console programs using the command line. (system Services)

Allows Internet and FTP services to be managed through the snap-in of Web information services. (system Services)

Tftpd.exe implements the TFTP Internet standard. The standard does not require a user name and password. Part of the remote installation service. (system Services

Termsrv.exe provides a multi-session environment that allows client devices to access virtual Windows 2000 Professional desktop sessions and operations

A Windows-based program that runs on a server. (system Services)

Dns.exe responds to queries and update requests for Domain name system (DNS) names. (system Services)

The following services are rarely used. The above services are harmful to security and should be turned off if not necessary.

Tcpsvcs.exe provides the ability to remotely install Windows 2000 Professional on PXE remotely bootable client computers. (Department Services)

The following TCP/IP services are supported: Character Generator, Daytime, Discard, Echo, and Quote of the Day. (system Services)

Ismserv.exe allows messages to be sent and received between Windows Advanced Server sites. (system Services)

Ups.exe manages the uninterruptible power supply (UPS) connected to the computer. (system Services)

Wins.exe provides NetBIOS name services for TCP/IP customers who register and resolve NetBIOS-type names. (system Services)

Ll***v.exe License Logging Service (system service)

Ntfrs.exe maintains file synchronization of file directory contents across multiple servers. (system Services)

RsSub.exe controls the media used to store data remotely. (system Services)

Locator.exe manages the RPC name service database. (system Services)

Lserver.exe registers the client license. (system Services)

Dfssvc.exe manages logical volumes distributed over a local area network or wide area network. (system Services)

Clipsrv.exe supports the clipbook Viewer so that the clipping page can be viewed from the remote clipbook. (system Services)

Msdtc.exe juxtaposed transactions are distributed in more than two databases, message queues, file systems, or other transaction protection resource managers.

(system Services)

Faxsvc.exe helps you send and receive faxes. (system Services)

Cisvc.exe Indexing Service (system service)

System management service for dmadmin.exe disk management requests. (system Services)

Mnmsrvc.exe allows authorized users to remotely access Windows desktops using NetMeeting. (system Services)

Netdde.exe provides the network transmission and security features of dynamic data Exchange (DDE). (system Services)

Smlogsvc.exe configures performance logs and alerts. (system Services)

Rsvp.exe provides network signaling and local communication control installation functions for programs and control applications that rely on quality service (QoS). (system service

Business)

RsEng.exe coordinates services and management tools used to store infrequently used data. (system Services)

RsFsa.exe manages the operation of files stored remotely. (system Services)

Grovel.exe scans duplicate files on zero backup storage (SIS) volumes and points them to a data storage point to save disk space

Between. (system Services)

SCardSvr.exe manages and controls access to smart cards inserted into computer smart card readers. (system Services)

Snmp.exe includes agents that monitor the activity of network devices and report to network console workstations. (system Services)

Snmptrap.exe receives trap messages generated by local or remote SNMP agents and then delivers the messages to the computer running on this computer

Use the SNMP management program

. (system Services)

UtilMan.exe launches and configures accessibility tools from a window. (system Services)

Msiexec.exe installs, repairs, and removes software according to the commands contained in the .MSI file. (system Services)

Details:

Win2k running process

Svchost.exe

The Svchost.exe file is a common host process name for services running from the dynamic link library. Svhost.exe file location

Under the% systemroot%\ system32 folder of the system. At startup, Svchost.exe checks the location in the registry to build the need

List of loaded services. This causes multiple Svchost.exe to run at the same time. Each Svchost.exe contains a set of servers during the reply period.

Business

So much so that individual services have to rely on how and where Svchost.exe starts. This makes it easier to control and find errors.

The Svchost.exe group is identified by the following registry values.

HKEY_LOCAL_MACHINE\ Software\ Microsoft\ Windows NT\ CurrentVersion\ Svchost

Each value under this key represents a separate Svchost group, and when you are looking at the active process, it appears as a separate

Examples. Each key value is a value of type REG_MULTI_SZ and includes services running in the Svchost group. Each Svchost group contains a

Or multiple service names selected from the registry value, whose parameter value contains a ServiceDLL value.

HKEY_LOCAL_MACHINE\ System\ CurrentControlSet\ Services\ Service

Explorer.exe

This is a user's shell (I really don't know how to translate shell), which looks like a taskbar, desktop, etc. To us. This

The process is not running in windows as an important process as you might think, you can stop it from the task manager, or

Restart.

It usually doesn't have any negative impact on the system.

Internat.exe

This process can be turned off from the task manager.

Internat.exe starts running when it starts. It loads different input points specified by the user. The input point is from this location in the registry

HKEY_USERS\ .default\ Keyboard Layout\ Preload loads the content.

Internat.exe loads the "EN" icon into the icon area of the system, allowing users to easily switch between different input points.

When the process stops, the icon disappears, but the input point can still be changed through the control panel.

Lsass.exe