Jump to content

Okay, let's discuss how to get rid of these processes...


NoelC

Recommended Posts

Let me start by saying this:

 

I've uninstalled/disabled/hammered much of Cortana, OneDrive, and cloud-oriented, Modern App components, I never use the Windows Start Menu, and I log in with a local account and disable UAC, and have a deny-by-default firewall setup.

 

In short, I only need / want a desktop-oriented system - however archaic that may seem - that does pretty much what I am able to do with Win 8.1 and with 7 before that. 

 

I'm not interested in cloud-integration, save for the delivery of updates (e.g., to keep ahead of those who would take advantage of security holes).

 

In pursuit of these goals, I'm leaning the system down to being a pure desktop servant that isn't chatting with servers all over the internet, nor supporting any part of "Modern" activity.  Unfortunately, I apparently DO still need the Settings app.

 

I've already made strides...  I have a system that settles to a process count in the mid 40s when it's idle, and uses maybe about 1 GB of RAM (on an 8 GB system).

 

But I'm not done.  I want to find out what it will take to eliminate the following processes that are always seen running.  I don't believe they're needed at all on a system with the above goals, and I don't want them to even start.  Someone please correct me if I'm wrong or have characterized what they do incorrectly.

 

  • InstallAgent.exe - (presumably) Looks for updates for Modern Apps
  • RuntimeBroker.exe - Manages permissions / trust for Modern Apps
  • SettingSyncHost.exe - Syncs settings on multiple systems through the cloud - not wanted.
  • ShellExperienceHost.exe - Unversal App integration in the shell.  Needed for Settings?
  • sihost.exe - Shell Infrastructure Host, not sure what this does.
  • svchost running UnistackSvcGroup - not sure what this does; haven't matched it to a named service.
  • taskhostw.exe - running {222A245B-E637-4AE9-A93F-A59CA119A75E}; not sure what this does.

 

All these new "hosts" and "brokers".  Sheesh.

 

Initial experiments imply that the system can run with no problems without at least some of these.  I'd like to know your thoughts. 

 

-Noel

Edited by NoelC
Link to comment
Share on other sites


Sounds like a good plan.  Remove them... how?  I'd like to get into specifics here.

 

At least one of them triggers a big pop-up message (I guess emitted by Explorer) in which we're told Cortana and the Start Menu are now unavailable (yes!) and that we need to log off and the system will try to correct the problem.  There is no [Cancel] button or close caption button, as you might imagine.

 

Others just come back on their own.

 

More research... 

 

taskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E}

 

"Host Process for Windows Tasks"

 

Besides obviously purposefully being named so as to obfuscate its function, seems to be virtually unknown:

 

  • A worldwide Google search turns up exactly 5 references.
  • A registry search for the GUID finds nothing and only several vague or generic references to taskhostw.
  • It's not listed in Autoruns.

 

So how's it getting started?

 

Its parent is svchost, specifically process 1016 on my system at the moment.  This runs the following services:

 

BITS - Background Intelligent Transfer Service

Browser - Computer Browser

CertPropSvc - Certificate Propagation

DsmSvc - Device Setup Manager

IKEEXT - IKE and AuthIP IPsec Keying Modules

iphlpsvc - IP Helper

LanmanServer - Server

ProSvc - User Profile Service

Schedule - Task Scheduler

SENS - System Event Notification Service

SessionEnv - Remote Desktop Configuration

ShellHWDetection - Shell Hardware Detection

Themes - Themes

UserManager - User Manager

Winmgmt - Windows Management Instrumentation

 

Clearly one of the above services starts it.

 

A search through all of the files on the hard disk for 222A245B-E637-4AE9-A93F-A59CA119A75E turns up:  Nothing!  (save for a number of files that can't be opened - I'll look at making permissions changes and try again)

 

Now, since its tracks are quite obviously covered up, I'm more sure than ever I don't want it running.  Let's see, what kind of program would be so intentionally obfuscated?

 

Killing it doesn't seem to leave the system worse for the wear, nor does it appear to come back.

 

Looks like a script to kill all these things at startup, and again maybe at intervals (for the ones that get re-started), would be in order.

 

At the moment I'm going through ALL the Microsoft scheduled tasks to eliminate all those I don't know are needed.

 

-Noel

Edited by NoelC
Link to comment
Share on other sites

As I said elsewhere, I am neither on W8 nor on W10 so I have idea how the metro-related background tasks are related.

 

But can't you do the brute-force method? A "task-kill" batch which nukes them on every start-up?

 

Have you tried auto-it? It's very easy to program a script with it which monitors whether a task is running and then kills it immediately.

 

Here's an example:

While 1	If ProcessExists("ShellExperienceHost.exe") Then	ProcessClose("ShellExperienceHost.exe")	EndIfWEnd

This one runs constantly in the background (takes almost no resources) and always kills ShellExperienceHost.exe whenever it appears.

 

Change the process in the above script to "Notepad.exe", run it and then try to run notepad to see how effective it is at closing.

Edited by Formfiller
Link to comment
Share on other sites

I'm good with scripting (I have a nice little tool called WinBatch that can even make standalone executables), but I'm going to put some effort into killing them at the source first. 

 

I'm most of the way through the Task Scheduler right now, vetting each and every entry.  I've disabled many, and there have been some (e.g., BackgroundUploadTask) that might be the source of some of the above processes as well as having been sneakily protected by Microsoft.  Of course I know how to deal with permissions issues.

 

Once I've exhausted all my capabilities to cut them off at the source, I'll write up a nice little script/application that runs at bootup and maybe occasionally as a scheduled task to re-kill any that show up again.

 

My goal is to have a quiet Win 10 system have well under 40 processes running.  I've got it down to 42 now.

 

-Noel

Edited by NoelC
Link to comment
Share on other sites

OK, after the sweep through the Task Scheduler, SettingSyncHost.exe is now no more.  There were several entries in there having to do with uploading settings - something I certainly don't want.

 

All the others I listed still remain.  I'm waiting for the system to settle again after the reboot, but it's already down to 45 processes.

 

-Noel

Edited by NoelC
Link to comment
Share on other sites

What are you going to do when Windows 10.1 arrives through WinUpdate and resets everything?

 

For one thing, it won't go in until I say so.

 

Then, I'll just deal with it, as with all prior versions.  At this point it's an interesting hobby (I have nothing critical on my test system, and it's easily restored via a snapshot).  The data is going into my knowledge base and book.  Next time it will be even easier.  And if it gets out of hand I have been considering writing a "re-tweaker".

 

I will be VERY interested to see how difficult dealing with one of their 4 month cycles is, in order to return a well-tuned, well-controlled system back to the proper state.  If it's not a superhuman task, and of course depending on what else they screw up.  I'll consider upgrading my business systems to Windows 10.

 

Rest assured I won't see ads nor will Microsoft get any of my personal data.

 

-Noel

Edited by NoelC
Link to comment
Share on other sites

I've just killed all the above processes manually to see what would happen.  Down to 39 processes after that.  It'd be about 9 less than that but there are processes corresponding to the 3rd party stuff I DO want running.

 

ShellExperienceHost.exe seems to try to come up again one or more times after being killed, but immediately exits.

 

Curiously, killing sihost.exe results in this message popping up. 

 

CriticalErrorAfterStoppingsihost.png

 

Edit:  The Settings App won't come up after doing the above.  Sihost may be necessary, unfortunately.

 

And, no thanks, Microsoft - don't "try to fix it".  A lack of Cortana and your feeble Start Menu don't a broken system make!

 

I wonder what the UnistackSvcGroup service does...

 

-Noel

Edited by NoelC
Link to comment
Share on other sites

What do you mean?  I've edited my post a bit.  They tell me not to post repeatedly in the same thread, as that could be considered bumping so I've been updating the same post (even though I've posted several times above repeatedly already).

 

-Noel

Edited by NoelC
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...