Minimizing WmiPrvSE.exe and svchost.exe under Win7

BingBangBop

Storage is cool
Joined
Nov 15, 2009
Messages
667
I have several Win7 and WS2008 server machines and have noticed that frequently WmiPrvSE.exe and svchost.exe tends to use up a lot of CPU time. When I mean a lot, I'm talking 25%-35% total CPU usage (observed using task manager) using quad-core processors (q9450, q6600, etc.). Sometimes, they hardly use anything. They seem to be connected though in that when one is high the other is high too. I don't see any connection to any particular applications running at the time.

So what I'd like to know is why? What do these processes do inside Windows that take so much time? What can I do to minimize this usage? What I'd like to actually do is kill them but I'm sure that is not prudent, but that is my urge.

I've done some Googling, but really the answers I got were not very understandable to me. So could someone that understands this better help?
 

BingBangBop

Storage is cool
Joined
Nov 15, 2009
Messages
667
OK, when I saw the problem occurring on a machine, I dutifully started the event magager and looked at the log. The Cause of the wmi process is svchost which does not really surprise me much since I can see that svchost.exe is also using up lots of CPU time (the wmi and svchost correlate with each other).

So I clicked on the services tab of the task manager and see the same pid # being used as the svchost. It is being shared by the following:wscsvc (the security center), lmhosts, the event log, DHCP, AudioSvc (Windows audio).

The event log - OK I can see that since I'm tracing it.
DHCP - Now there's something that does not typically use much processing power.
AudioSvc - Not currently making much noise but who knows what it does in its off time.
wscsvc - Windows Security Essentials is installed!

How much you want to bet the Windows Security Essentials is the root cause. It's busy scanning stuff.
 

BingBangBop

Storage is cool
Joined
Nov 15, 2009
Messages
667
Another very useful tip for determining what called svchost.exe:

Start a command prompt and enter:

tasklist /svc /FI "IMAGENAME eq svchost.exe"

You'll get a list like this showing what was the source of all the svchost.exe's that currently are running in your command box:

Microsoft Windows [Version 6.1.7600]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.


C:\Users\Administrator>tasklist /svc /FI "IMAGENAME eq svchost.exe"


Image Name PID Services
========================= ======== ============================================
svchost.exe 624 DcomLaunch, PlugPlay, Power
svchost.exe 1044 RpcEptMapper, RpcSs
svchost.exe 1240 AudioSrv, Dhcp, eventlog, lmhosts, wscsvc
svchost.exe 1296 AudioEndpointBuilder, CscService, Netman,
PcaSvc, SysMain, TrkWks, UmRdpService,
UxSms, Wlansvc, WPDBusEnum, wudfsvc
svchost.exe 1324 AeLookupSvc, Appinfo, BITS, Browser,
CertPropSvc, EapHost, gpsvc, IKEEXT,
iphlpsvc, LanmanServer, MMCSS, ProfSvc,
Schedule, seclogon, SENS, SessionEnv,
ShellHWDetection, Themes, Winmgmt, wuauserv
svchost.exe 1452 EventSystem, fdPHost, netprofm, nsi,
W32Time, WdiServiceHost, WinHttpAutoProxySv
svchost.exe 1604 CryptSvc, Dnscache, LanmanWorkstation,
NlaSvc, TermService
svchost.exe 1652 BFE, DPS, MpsSvc
svchost.exe 2404 FDResPub, FontCache, SSDPSRV, upnphost,
wcncsvc
svchost.exe 3916 PolicyAgent
svchost.exe 11792 SDRSVC
svchost.exe 3532 swprv


C:\Users\Administrator>tasklist /svc /FI "IMAGENAME eq svchost.exe"

I then matched up the PID # off the task manager and now I know that what is using up all my CPU cycles. Today it happened that it was PID 11792 SDRSVC. Well, I did a Google search on SDRSVC and found it to be Microsoft's backup program. So nothing to worry about today. Now if Microsoft would just tell stuff like this in the taskmanager directly rather than needing to research stuff like this it would be ever so helpful

:-D

 
Top