As you use your Windows machine there may be many programs running – some of which you can see and some of which are running in the background. In Windows 95, 98 and Me, pressing CTRL-ALT-DEL will present you with a list of the programs running on your machine. On Windows NT, 2000, XP and 2003, running task manager (right click on the clock or any open space on the task bar and select Task Manager) and selecting the Processes tab will show you that list.
It’s probably a longer list than you expected.
So what are all those programs running on your machine?
Become a Patron of Ask Leo! and go ad-free!
Some will be fairly obvious based on their name. For example a program called “msnmsngr” is MSN Messenger, the MSN Instant messaging program. “CMD” is the “Command Prompt”. But CSRSS? LSASS? SVCHOST? For these and many of the others we don’t immediately recognize we need to look a little deeper.
One of the tools I use the most is Process Explorer (procexp) by the folks out at Sysinternals.com. Think of it as task manager on steroids.
Just running procexp will answer the question for a number of programs running on your machine. Procexp will list them much like task manager did except with much more available information including a description if there is one.
The columns available to be displayed in procexp are extensive – one that I’ve added to my default display is “Command Line”. Much like a previous article about What’s This DLL? simply knowing where the program was loaded from on disk will often tell us what application it is a part of. For example it didn’t dawn on me what “ypager” was until I saw that it had been loaded from “\Program Files\Yahoo!\Messenger”. That made it fairly clear that it’s Yahoo’s instant messaging client.
If it’s not obvious from the description or the command line then my next step, again much like the DLL search, is Google. For example search on “LSASS.EXE” provided me with a site that told me it was the “The Windows Local Security Authority Server Process” the component of windows that handles local security related requests. In other words, a key component of the operating system itself.
I also recommend Microsoft’s Support Site. The problem with both it and Google is simply that there are often a lot of unhelpful entries to wade through. LSASS, for example, returns a plethora of articles on the Microsoft Support site dealing with specific issues relating to LSASS but not a clear definition of what it is. Nonetheless, both can be valuable aids if you can sort the wheat from the chaff.
The steps above can identify most programs, at least to the point of understanding what application they belong to or whether they are part of the operating system.
One program, “svchost”, usually has multiple copies running at the same time on Windows NT, XP, 2000, and 2003. Labeled only as “Generic Host Process”, it deserves a little more attention that I’ll save for a separate article.