Runtime Broker进程首次出现在Windows 8中,是一个重要的系统进程,在Windows 10 PC上继续发挥着重要作用。与其他主要系统进程(例如unsecapp.exe )一样,运行时代理(Runtime Broker)进程无法关闭或禁用。
像运行时代理(Runtime Broker)这样的系统进程通常是隐藏的,所以如果它在你的雷达上,可能会有问题。如果您问自己“什么是运行时代理(Runtime Broker)?” 如果您不知道答案,请继续阅读,因为我们会解释它是什么,它是否安全,以及如果它在Windows 10中导致(Windows 10)CPU或RAM使用率过高,您可以做什么。
什么是 Windows 10 中的运行时代理?(What Is Runtime Broker in Windows 10?)
有些系统进程是包罗万象的,比如ntoskrnl.exe,这个非常重要,在任务管理器中简单的命名为System 。然而,运行时代理 (runtimebroker.exe)(Runtime Broker (runtimebroker.exe) )进程不那么重要,但仍然在 Windows 如何保护您的系统中发挥着重要作用。
运行时代理进程监控您从(Runtime Broker)Microsoft Store安装和运行的应用程序的权限。这可能是访问您的本地文件、记录您的网络摄像头(record your webcam)或监控您的位置的后台权限。这种数据很敏感,因此您(和Microsoft(Microsoft))可能希望限制对它的访问是有道理的。
并非您安装的每个应用程序都如其所见,因此通过监控权限,Windows 可以阻止恶意应用程序尝试声明尚未授予的权限(和访问权限)。这就是Runtime Broker的目的,因此如果没有它,任何Microsoft Store应用程序都可能使您的数据和隐私面临风险。
它是一个核心系统进程,自从通用 Windows 平台(Universal Windows Platform)( UWP ) 应用程序被引入Windows 8(或Metro应用程序,因为它们当时被称为)以来,它一直是Windows生态系统的一部分,充当Windows的额外安全性,你不应该这样做需要担心。
运行时代理安全吗?可以禁用吗?(Is Runtime Broker Safe and Can It Be Disabled?)
运行时代理(Broker)(runtimebroker.exe) 是一个主要的系统进程,旨在保护您的 PC 免受恶意Microsoft Store应用程序的侵害。它运行起来完全安全,在Microsoft为保护您的(Microsoft)Windows操作系统免受恶意软件感染(malware infections)等重大危险而部署的许多对策中发挥了重要作用。
与csrss.exe等其他主要系统进程不同,结束运行时代理(Runtime Broker)进程不会破坏您的 PC,但Windows会在几秒钟后自动重新启动它。它不能(can’t)被永久禁用,但禁用它也不是您应该做的事情。
正如我们已经提到的,运行时代理(Runtime Broker)是防御性的,并且会限制对您的文件和设置的访问。此规则的唯一例外是,如果恶意软件正在您的 PC 上运行,则将真实的Runtime Broker进程替换为假版本。虽然我们强调这不太可能,但也不能排除这种可能性。
如果您对此感到担心,可以按照以下步骤检查诸如 runtimebroker.exe 之类的系统进程是否合法。
是什么导致 Windows 10 中的运行时代理高 CPU 问题?(What Causes Runtime Broker High CPU Issues in Windows 10?)
当正在运行的进程在Windows 10中报告(Windows 10)CPU或RAM使用率过高时,通常会引起关注。毕竟,您可能会担心自己没有资源去做其他事情,比如玩游戏。
在大多数情况下,仅当首次启动Microsoft Store中的(Microsoft Store)UWP应用时,运行时代理(Runtime Broker)才会遭受高CPU使用率。这是因为运行时代理(Runtime Broker)进程正在检查应用程序是否具有运行所需的权限,并且它没有试图获得它不应该访问的权限。
它也可能是由其他Windows系统操作引起的。例如,通知区域中出现的针对新Windows用户的提示和警报将被触发,就像UWP应用程序正在运行一样,从而激活运行时代理(Runtime Broker)进程。
这可以解释Windows 任务管理器中(Windows Task Manager)运行时代理(Runtime Broker)进程中的小峰值。根据您当前的 PC 规格,CPU使用率的峰值应该是最小的,并且通常不会影响您的整体系统性能。
如果运行时代理(Runtime Broker)进程在较长时间内具有高CPU使用率,则这表明(CPU)UWP应用存在问题。如果应用程序不断请求新权限或反复打开和重新打开(例如,如果它不稳定),那么这可能会导致运行时代理(Runtime Broker)进程不堪重负。
不幸的是,没有一种简单的方法可以跟踪哪些应用程序可能导致运行时代理(Runtime Broker)进程中的CPU使用率过高。在你的电脑上打开UWP应用时,你需要监视任务管理器(Task Manager),如果这些应用中的任何一个导致问题,你需要进一步对其进行故障排除。
如何检查 Runtime Broker 是否是合法的系统进程(How to Check Whether Runtime Broker Is a Legitimate System Process)
Runtime Broker是一个系统进程,但正如我们所提到的,您 PC 上的恶意软件使用相同的名称,隐藏在您的(Runtime Broker)任务管理器(Task Manager)进程列表中,同时造成各种损害,这并非不可能。
为了帮助您抵御此类威胁,您可以检查运行时代理(Runtime Broker)进程 (runtimebroker.exe) 是否是合法的系统进程,或者它是否是令人讨厌的假冒。
- 为此,您需要打开Windows 任务管理器(Windows Task Manager)。为此,请右键单击任务栏并选择任务管理器(Task Manager)选项。
- 在任务管理器(Task Manager)窗口中,在进程选项卡中找到(Processes)运行时代理(Runtime Broker)进程(或在详细信息选项卡中找到(Details)runtimebroker.exe)。您可能会看到列出的几个示例 - 这是正常的,因为Windows将多次运行 runtimebroker.exe,具体取决于您运行的UWP应用程序。右键单击(Right-click)服务名称,然后选择打开文件位置(Open file location)选项。
- Windows文件资源管理器(File Explorer)将打开,显示正在运行的进程的位置。这应该在C:\Windows\System32 文件夹中找到。
如果Windows 文件资源管理(Windows File Explorer)器没有打开System32文件夹,那么您可以确信当前在您的 PC 上运行的进程不是(not)合法的系统进程。然后,您可以使用专业的反恶意软件或使用内置的Windows Defender删除您发现的(remove the malware)恶意软件。
进一步探索 Windows 系统进程(Exploring Windows System Processes Further)
如果您从Microsoft Store(Microsoft Store)安装了非 Microsoft 应用程序,那么您应该感谢运行时代理(Runtime Broker)进程让您的 PC 更加安全。通过监控和限制应用程序权限,您可以放心,您的文件和设置不会在不应该受到监控或访问时受到监控或访问。
当然,如果您不确定任何应用程序,您不应该三思而后行卸载它(uninstalling it)。runtimebroker.exe 和msmpeng.exe等(msmpeng.exe)系统(System)应用程序通常无法卸载,但如果您确实在Windows 任务管理器(Windows Task Manager)中发现了同名的虚假进程,则需要确保扫描恶意软件(scan for malware)以将其删除。
What Is Runtime Broker in Windows 10 (and Is It Safe)
First appearing in Windows 8, the Runtime Broker process is an important system рrocess that continuеs to servе an important purpose on Windowѕ 10 PCs. Like other major system proсesses, such as unsecapp.exe, the Runtime Broker process can’t be switched off or disabled.
System processes like the Runtime Broker are usually hidden, so if it’s on your radar, there could be a problem. If you’re asking yourself “what is Runtime Broker?” and you don’t know the answer, then keep reading, as we explain what it is, whether it’s safe, and what you can do if it’s causing high CPU or RAM usage in Windows 10.
What Is Runtime Broker in Windows 10?
Some system processes are all encompassing, like ntoskrnl.exe, which is so important, it’s simply named System in Task Manager. The Runtime Broker (runtimebroker.exe) process, however, is a little less important, but still plays a major role in how Windows protects your system.
The Runtime Broker process monitors the permissions of apps you install and run from the Microsoft Store. This could be background permissions to access your local files, record your webcam, or monitor your location. This kind of data is sensitive, so it makes sense that you (and Microsoft) might want to limit access to it.
Not every app you install is what it seems, so by monitoring permissions, Windows can stop rogue apps from trying to claim permissions (and access) that it hasn’t been granted. That’s the purpose of Runtime Broker, so without it, any Microsoft Store app could put your data and privacy at risk.
It’s a core system process, and has been part of the Windows ecosystem since Universal Windows Platform (UWP) apps were introduced in Windows 8 (or Metro apps, as they were then known), acting as extra security for Windows that you shouldn’t need to worry about.
Is Runtime Broker Safe and Can It Be Disabled?
Runtime Broker (runtimebroker.exe) is a major system process, designed to keep your PC safe from rogue Microsoft Store apps. It’s entirely safe to run, playing an important part in the many countermeasures that Microsoft has deployed to protect your Windows operating system from major dangers, such as malware infections.
Unlike other major system processes like csrss.exe, ending the Runtime Broker process won’t break your PC, but Windows will automatically restart it after a few seconds. It can’t be permanently disabled, but disabling it isn’t something you should want to do, either.
As we’ve already mentioned, Runtime Broker is defensive, and acts to restrict access to your files and settings. The only exception to this rule is if malware is running on your PC, replacing the real Runtime Broker process with a fake version. While we stress that this is unlikely, it isn’t something that can be ruled out.
If you’re worried about this, you can check whether or not a system process like runtimebroker.exe is legitimate by following the steps below.
What Causes Runtime Broker High CPU Issues in Windows 10?
When a running process reports high CPU or RAM usage in Windows 10, it can often be a cause for concern. After all, you might be worried that you won’t have the resources to do other things, like playing games.
In most cases, Runtime Broker suffers high CPU usage only when a UWP app from the Microsoft Store is first launched. This is because the Runtime Broker process is checking that the app has the required permissions to run and that it isn’t trying to gain permissions that it shouldn’t have access to.
It can also be caused by other Windows system actions. For instance, tips and alerts for new Windows users that appear in the notifications area will be triggered as if a UWP app is running, activating the Runtime Broker process.
This may explain small spikes in the Runtime Broker process in Windows Task Manager. Depending on your current PC specifications, spikes in CPU usage should be minimal, and shouldn’t typically impact your overall system performance.
If the Runtime Broker process has high CPU usage for a longer period of time, then this would indicate an issue with a UWP app. If an app continually requested new permissions or opened and reopened repeatedly (if it was unstable, for instance), then this could cause the Runtime Broker process to become overwhelmed.
Unfortunately, there isn’t an easy way to trace what apps might be causing high CPU usage in the Runtime Broker process. You’ll need to monitor the Task Manager as you open UWP apps on your PC and, if any of those apps cause issues, you’ll need to troubleshoot them further.
How to Check Whether Runtime Broker Is a Legitimate System Process
Runtime Broker is a system process, but as we’ve mentioned, it isn’t impossible that malware on your PC has taken the same name, hiding in your Task Manager processes list while it causes all kinds of damage.
To help you protect against this kind of threat, you can check whether or not the Runtime Broker process (runtimebroker.exe) is the legitimate system process or whether it’s a nasty fake.
- To do this, you’ll need to open the Windows Task Manager. To do this, right-click the taskbar and select the Task Manager option.
- In the Task Manager window, find the Runtime Broker process in the Processes tab (or runtimebroker.exe in the Details tab). You may see several examples listed—this is normal, as Windows will run runtimebroker.exe several times, depending on the UWP apps you have running. Right-click the service name, then select the Open file location option.
- Windows File Explorer will open, showing the location of the running process. This should be found in the C:\Windows\System32 folder.
If Windows File Explorer doesn’t open to the System32 folder, then you can be confident that the process currently running on your PC is not the legitimate system process. You can then move to remove the malware that you find using specialist antimalware software or by using the built-in Windows Defender.
Exploring Windows System Processes Further
If you’ve installed non-Microsoft apps from the Microsoft Store, then you can thank the Runtime Broker process for keeping your PC that little bit safer. By monitoring and restricting app permissions, you can rest assured that your files and settings are safe from being monitored or accessed when they shouldn’t be.
Of course, if you’re unsure about any app, you shouldn’t think twice about uninstalling it. System apps like runtimebroker.exe and msmpeng.exe can’t typically be uninstalled, but if you do discover a fake process with the same name in Windows Task Manager, you’ll need to make sure you scan for malware to remove it instead.