当一台Windows PC 运行时,会发生数百万次计算,告诉计算机如何执行从加载网页到打开软件的所有操作。此过程需要任意数量的系统服务才能将您从 A 带到 B,其中诸如ntoskrnl.exe之类的过程旨在在整体用户体验中发挥作用。
这包括 conhost.exe,这是一个在您打开命令提示符(command prompt)窗口时会出现的系统进程。但是 conhost.exe 究竟是什么?让这个过程在您的 PC 上运行是否安全?本指南将解释您需要了解的有关 conhost.exe 的所有信息,包括如何识别虚假系统进程。
什么是Conhost.exe?(What is Conhost.exe?)
conhost.exe 进程,也称为控制台窗口主机(Console Window Host)进程,起源于Windows XP,作为命令提示符 (cmd.exe) 与Windows的其他元素交互的一种方式,包括作为客户端服务器运行时系统(Client Server Runtime System Service (csrss.exe))(Client Server Runtime System Service (csrss.exe))一部分的Windows 资源管理器(Windows Explorer)服务(csrss.exe)。
例如,如果您决定将文件拖到命令提示符窗口上,CSRSS将确保文件的位置正确显示在命令提示符行上。
不幸的是,作为一个主要的系统进程,这带来了巨大的安全风险。允许命令行(完全控制您的 PC)这种对文件系统的访问可能会导致您的 PC 崩溃。这种安全威胁迫使微软(Microsoft)改变系统的运行方式。
Windows Vista提供了更高的安全性,但功能有所减少,因此无法将文件拖放到命令行窗口中。对于Windows 10,Microsoft引入了 conhost.exe 进程,该进程(以及更小的 csrss.exe 进程)允许命令行安全地与其他进程一起工作,而不会出现与Windows XP中的 csrss.exe 相同级别的安全风险.
这使微软(Microsoft)能够更紧密地将命令行等进程集成到Windows 10中,并具有现代主题(modern themes)和拖放功能,如 XP 版本的 csrss.exe 中所见。如果您使用的是现代 Windows Powershell(modern Windows Powershell),您将看到更高的安全性,完全忽略 csrss.exe 和 conhost.exe。
Conhost.exe 会导致高 CPU、RAM 或其他高系统资源使用率吗?(Can Conhost.exe Cause High CPU, RAM or Other High System Resource Usage?)
虽然不太可能,但据报道 conhost.exe 会导致Windows 10 PC 上的CPU或RAM使用率高(或通常是系统资源使用率高)。如果您遇到这种情况,则可能表明您的 PC 存在更大的问题。
在正常情况下,conhost.exe 应该不会导致高系统资源使用。只有当您(或后台应用程序)使用命令行时,它才会出现。由于Windows PowerShell现在是(Windows PowerShell)Windows中的默认终端工具,因此您根本不需要打开 cmd.exe。
但是,这并不排除其他后台应用程序可能仍在使用隐藏命令行运行的可能性。虽然玩旧的 DOS 游戏(playing old DOS games)不太可能导致系统资源使用量激增,但一些较新的系统应用程序可能会导致问题。
要找到罪魁祸首,您可以使用 Microsoft 开发的Process Explorer应用程序。这使您可以查看哪些正在运行的应用程序可能与 conhost.exe 交互并导致CPU使用率过高。
- 为此,请从Microsoft网站下载并运行 Process Explorer 。(download and run Process Explorer)在Process Explorer窗口中,选择Find > Find Handle or DLL打开搜索框。或者,按键盘上的Ctrl + F
- 在Process Explorer Search框中,搜索conhost,然后选择Search按钮。在列表中,选择结果之一。Process Explorer将立即更改视图以使项目成为焦点。
- 对 PC 上运行的每个 conhost.exe 示例执行此操作。如果系统资源使用率(例如CPU列下的CPU)过高,您可以通过右键单击并选择Kill Process选项来结束进程。
如果您发现 conhost.exe 正在与您不认识的其他应用程序或服务交互,则可能表明存在恶意软件感染。如果发生这种情况,请扫描您的 PC 以查找恶意软件(scan your PC for malware),以确保您的 PC 可以安全使用。
如何从 Windows 10 中删除 Conhost.exe(How to Remove Conhost.exe from Windows 10)
conhost.exe 为后台应用程序提供的界面继续被证明是必不可少的,即使命令行在Windows 10中变得不那么重要了。作为一个重要的系统进程,你不能删除 conhost.exe 的运行。尝试这样做可能会阻止其他应用程序和服务运行。
对于大多数用户来说,conhost.exe 进程不会导致任何问题,并且可以完全安全地继续运行。如果它运行,它将在后台运行,允许其他应用程序与较低级别的Windows操作系统交互。
如果您自己运行它,它仍然应该不是问题,尽管从长远来看,我们仍然建议切换到较新的 PowerShell(switching to the newer PowerShell)。然而,conhost.exe 可能会出现问题的地方是它被流氓软件所利用。
一些恶意软件会运行虚假进程(使用 conhost.exe 名称)来伪装自己,而其他恶意软件会与 conhost.exe 交互以获得对您的 PC 及其资源的额外控制权。如果您对此感到担心(即使在扫描了恶意软件(scanning for malware)之后),您可以检查 conhost.exe 是否是合法的系统进程。
如何检查 Conhost.exe 是否真实且安全(How to Check if Conhost.exe is Real and Safe)
在几乎所有情况下,像 conhost.exe 和msmpeng.exe这样的系统进程只能从您 PC 上的一个位置运行:Windows文件夹 (C: Windows ) 或其子文件夹之一 (例如 C: Windows System32)。尽管像yourphoneexe.exe这样的打包(yourphonexe.exe)UWP应用也有例外,但conhost.exe仍然如此。
这使得通过使用Windows 任务管理器(Windows Task Manager)打开任何正在运行的 conhost.exe 进程的位置,可以轻松确定 conhost.exe 是否安全和合法,或者它是否是假的。如果您想确保 conhost 没有与恶意软件交互,您可以使用 Process Explorer(如上所述)首先进行检查。
- 要检查 conhost.exe 是否安全,请右键单击任务栏并选择任务管理器(Task Manager )选项。
- 在任务管理器窗口的进程(Processes)选项卡中,查找控制台窗口主机(Console Window Host )进程。您可能需要按每个进程旁边的箭头图标才能找到它列在另一个进程下。(arrow icon )或者,改为在“详细信息(Details)”选项卡中搜索conhost.exe。
- 要检查 conhost.exe 进程是否真实,请在“进程(Processes )”或“详细信息(Details)”选项卡中右键单击它,然后选择“打开文件位置(Open file location )”选项。
- 这将在Windows File Explorer(Windows File Explorer)中打开C:\Windows\System32 文件夹。如果不是,那么当前运行的 conhost.exe 进程是假的。如果是这种情况,您需要采取措施扫描您的 PC 以消除可能的恶意软件感染。(likely malware infection)
保护 Windows 10 系统(Securing a Windows 10 System)
Conhost.exe只是在使整个Windows操作系统正常工作方面发挥作用的许多不同系统进程之一。通过执行上述步骤,您可以确信您的 PC 所依赖的进程可以安全运行和使用,而无需停止或删除它们。
这并不意味着在您的 PC 上运行的每个进程都是安全的。如果您担心,您可以安排启动级 Windows Defender 扫描(schedule a boot-level Windows Defender scan)来检查您 PC 上的每个文件是否存在恶意软件。而且,如果这不起作用,那么有很多第三方应用程序可以删除顽固的恶意软件(remove stubborn malware)。
What Is Conhost.exe and Is It Safe?
When a Windows PC is running, mіllions of computations are taking place, telling the computer hоw to do everything from loading a web page to opеning a piece of software. This process requires any number of sуstem serviсes to take you from A to B, with proсesses like ntoskrnl.exe designed to play a part in the overall user experience.
This includes conhost.exe, a system process that will appear any time you open a command prompt window. But what is conhost.exe exactly? And is it safe to leave this process running on your PC? This guide will explain everything you need to know about conhost.exe, including how to spot a fake system process.
What is Conhost.exe?
The conhost.exe process, also known as the Console Window Host process, originated in Windows XP as a way for the command prompt (cmd.exe) to interface with other elements of Windows, including Windows Explorer as part of the Client Server Runtime System Service (csrss.exe).
If you decided to drag a file onto a command prompt window, for instance, CSRSS would ensure that the location of the file would correctly appear on the command prompt line.
Unfortunately, as a major system process, this presents huge security risks. Allowing the command line (with full control over your PC) this kind of access to the file system could bring down your PC. This security threat forced Microsoft to make changes to how the system operated.
Windows Vista offered greater security but with reduced functionality, making it impossible to drag-and-drop files onto a command line window. For Windows 10, Microsoft introduced the conhost.exe process, which (along with a much-smaller csrss.exe process) allows the command line to safely work with other processes without the same level of security risks that csrss.exe presented in Windows XP.
This allows Microsoft to more closely integrate processes like the command line into Windows 10, with modern themes and drag-and-drop features like those seen in XP’s version of csrss.exe. If you’re using the modern Windows Powershell, you’ll see even greater security, with csrss.exe and conhost.exe disregarded entirely.
Can Conhost.exe Cause High CPU, RAM or Other High System Resource Usage?
While unlikely, it has been reported that conhost.exe causes high CPU or RAM usage (or high system resource usage generally) on Windows 10 PCs. If this happens to you, it could point to a larger problem with your PC.
Under normal circumstances, conhost.exe should not cause high system resource usage. It should only appear if you (or a background app) is using the command line. With the Windows PowerShell now the default terminal tool in Windows, you shouldn’t find it necessary to open cmd.exe at all.
That doesn’t discount the possibility that other background apps might still be using a hidden command line to run, however. While playing old DOS games isn’t likely to cause a spike in system resource usage, some newer system apps may cause problems.
To find the culprit, you can use the Microsoft-developed Process Explorer app. This allows you to see which running apps might be interfacing with conhost.exe and causing high CPU usage.
- To do this, download and run Process Explorer from the Microsoft website. In the Process Explorer window, select Find > Find Handle or DLL to open the search box. Alternatively, press Ctrl + F on your keyboard.
- In the Process Explorer Search box, search for conhost, then select the Search button. In the list, select one of the results. Process Explorer will immediately change view to bring the item into focus.
- Do this for each example of conhost.exe running on your PC. If the system resource usage (for example, CPU under the CPU column) is too high, you can end the process by right-clicking and selecting the Kill Process option.
If you find conhost.exe is interfacing with another app or service that you don’t recognize, it may point to a malware infection. If this happens, scan your PC for malware to make sure that your PC is safe to use.
How to Remove Conhost.exe from Windows 10
The interface that conhost.exe provides for background apps continues to prove essential, even as the command line becomes less important in Windows 10. As an important system process in its own right, you can’t remove conhost.exe from running. And attempting to do so could prevent other apps and services from running.
For most users, the conhost.exe process doesn’t cause any issues and is entirely safe to leave running. If it runs, it runs in the background, allowing other apps to interface with lower levels of the Windows operating system.
If you’re running it yourself, it still shouldn’t be a problem, although we’d still recommend switching to the newer PowerShell in the long run. Where conhost.exe can prove to be problematic, however, is when it’s co-opted by rogue software.
Some malware will run fake processes (using the conhost.exe name) to disguise itself, while others will interface with conhost.exe to gain additional control over your PC and its resources. If you’re worried about this (even after scanning for malware), you can check if conhost.exe is a legitimate system process.
How to Check if Conhost.exe is Real and Safe
In almost all cases, system processes like conhost.exe and msmpeng.exe should only run from one place on your PC: the Windows folder (C:\Windows) or one of its subfolders (eg. C:\Windows\System32). While there are exceptions for packaged UWP apps like yourphonexe.exe, this is still true for conhost.exe.
This makes it easy to determine if conhost.exe is safe and legitimate or whether it’s fake by using Windows Task Manager to open the location of any running conhost.exe processes. If you want to be sure that conhost isn’t interfacing with malware, you can use the Process Explorer (as explained above) to check first.
- To check if conhost.exe is safe, right-click the taskbar and select the Task Manager option.
- In the Processes tab of the Task Manager window, look for the Console Window Host process. You may need to press the arrow icon next to each process to find it listed under another process. Alternatively, search for conhost.exe in the Details tab instead.
- To check if the conhost.exe process is real, right-click it in the Processes or Details tab, then select the Open file location option.
- This will open the C:\Windows\System32 folder in Windows File Explorer. If it doesn’t, then the currently running conhost.exe process is fake. You’ll need to take steps to scan your PC to get rid of the likely malware infection if this is the case.
Securing a Windows 10 System
Conhost.exe is just one of many different system processes that play a part in making the overall Windows operating system work properly. By following the steps above, you can be confident that the processes your PC relies are on are safe to run and use without needing to stop or remove them.
That doesn’t mean that every process running on your PC is safe. If you’re worried, you can schedule a boot-level Windows Defender scan to check every file on your PC for malware. And, if that doesn’t work, there are plenty of third-party apps out there that can remove stubborn malware instead.