Windows XP 78 Processes Explained
1. Alerter
The process name of the Alerter service is Services.exe (i.e., the name of the process that runs in the background after you start the service, which can be seen in the Task Manager). The function of the Alerter Service is that WinXP transmits management-related events to designated computers or users on the network in the form of Alert messages, for example, when a printing error occurs or a hard disk is about to be filled up, this kind of alert message is collected and sent by XP's Alerter Service.
Although the Alerter Service does not rely on the Messenger service, the Alerter Service must rely on the latter in order to send messages, so you must make sure that the Messenger service is working after you start the Alerter Service, and that the receiving computer must also start the Messenger service. Since the Alerter service is running, the service enables users to send pop-up messages to other users, which may be used by attackers to carry out attacks, such as tricking users into changing their passwords, thus causing security risks. At the same time, the service makes the user account name leakage, which may also be used by attackers to carry out password guessing attacks. So for home users, or even for most small LANs, this feature can be completely disabled, which not only saves system resources and speeds up startup, but also improves the security of the machine.
2. Application Layer Gateway Service
The process name is ALG (Application Layer Gateway), and its process name is alg.exe, which is installed by default in WinXP Home/PRO as a manual startup type. ALG is also known as Proxy Server, which is a type of network firewall categorized from the functional aspect. When an internal computer connects to an external host, the Proxy Server acts as a relay for the connection between the internal computer and the external host. The benefit of using ALG is to hide the address of the internal host and prevent abnormal connections from the outside, if the Proxy Server does not have a proxy program designed for the application, any packets belonging to this network service will not be able to pass through the firewall at all. In layman's terms, ALG itself is the specific control program for the Internet connection **** enjoyment/firewall that comes with WinXP, and if you need to enable both, this service is a must-have. Of course, only one computer Internet family can consider disabling this service, but I personally feel that WinXP built-in firewall effect is still good, if you do not insist on using a third-party firewall, or recommended to open it.
3. Application Management
AppMgmt (application management service) process name is Svchost.exe, WinXP Home/Pro default installation of the startup type is manual, there is no dependent service relationship. From Win2000 Microsoft introduced a new, effective software management program based on the MSI file format (application installation information package file) - that is, the application management component service (Application Management), which not only manages the installation and deletion of the software, but also It not only manages the installation and removal of software, but also uses this service to modify and repair existing applications, monitor file recovery and troubleshoot basic problems through recovery. Usually it is better to leave this service in its default state.
Many of our friends may have the impression that when ACDSee 4.0 was first released, due to the poorly thought out installation, it did not take into account the fact that the majority of people's systems at that time did not support the MSI installation format, and as a result, only had to go to the download and installation of an MSI auxiliary file called Windows Installer to solve the problem. Usually the MSI file format to install the software is very good to recognize, such as Office XP, when you run the software installation program again after installation, it will generally have "reinstall", "repair the software", "uninstall the software" and so on. Uninstall the software" and other options, rather than the previous installer that simply uninstalls or overwrites the installation.
4. Automatic Updates
Wuauserv (Automatic Updates Service) process name is Svchost.exe, WinXP Home/Pro default installation of the startup type is automatic, there is no dependence on the service relationship. This is a very familiar system auto-update function, so I won't talk about it. For those of you who have suffered a lot from using kittens on the Internet, remember that disabling it in System Properties is not enough, but you should also disable the Automatic Updates service. In the future, if you need to update, you can directly type in the Windows Update website address in IE to update it manually.
5. Background Intelligent Transfer Service
The process name of BITS (Background Intelligent Transfer Service) is Svchost.exe, which is installed by default in WinXP Home/Pro and starts manually, relying on Remote Procedure, Call, and Workstation services. Call, and Workstation services. Microsoft claims that BITS is able to utilize the remaining bandwidth to transfer files, and when the network is cut off or the computer needs to be restarted, the Background Intelligent Transmission Service will automatically maintain the file transfer, and when the network is reconnected, the Background Intelligent Transmission Service will continue to start transferring the file from the place where it was stopped. In fact, this service is originally used to realize the transfer of information between HTTP 1.1 servers, basically its application is to support the Windows automatic update of the intermittent transfer. If you disable Automatic Updates, there's basically no point in keeping it.
6. ClipBook
ClipSrv (Clipboard Viewer Service) has a process name of clipsrv.exe, which is installed by default in WinXP Home/Pro with a startup type of manual, relying on Network DDE services. Network DDE service provided by Network DDE and Network DDEM to access the clipboard on a remote machine. In layman's terms, ClipBook supports the ClipBook Viewer program, which allows clip pages to be viewed by ClipBook on a remote computer.
For example, there is a larger document project, by A, B, C*** with the development, A is responsible for the Excel data part, B is responsible for the Visio charting part, and C is responsible for the integration of the two parts of the document. C often need to A, B, the data copy, the stupidity of the practice is that C open A, B in the Network Neighborhood on the *** enjoy the document, and then the relevant contents of the copy. The Win dows system has a certain understanding of the user should have heard of OLE this thing, the above EXCEL data and Visio charting can be considered an independent OLE object, if A, B, C of the three machines on the Clipbook service are open, you can use ClipBook *** enjoy these OLE objects, C as long as the documents in their own C as long as the establishment of their documents in the OLE object links to point to A, B's Excel and Visio, A, B, any changes to their own work can be automatically reflected in the C compound document. As you can see, ClipBook is based on object **** enjoyment, rather than simple file **** enjoyment. So it's understandable that this is a double-edged sword, bringing great convenience, but also bringing the security risk of unauthorized remote access to the ClipBook clipboard. For those who don't have a job like this, and don't plan to use remote desktops or use them very rarely, this service can be disabled and turned on when needed.
7. COM+ Event System
EventSystem (COM+ Event System service) process name is Svchost.exe, WinXP Home/Pro default installation startup type is manual, rely on Remote Procedure Call service. COM+ is a very difficult term to understand for non-software development professionals. Simply put COM+ is a standard for software artifacts/components. For example, writing a software is like building a house. And windows and doors and other components will be designed according to the standard, in order to save time and effort, COM components that is Windows windows and doors and other standard components, COM + is a further extension of COM, the specific meaning of this will not be described in detail, the Windows system and a typical message (event) processing system, many features are triggered by the message, which gives rise to the COM + Event System. What we want to learn is how to determine whether there is a program on your system that relies on this service. Check the "Program files\ComPlus Applications" directory under your system's installation disk, and if there is nothing there you can turn this service off.
8. COM+ System Application
The process name of COMMSysApp (COM+ System Application service) is Dllhost.exe, and the default startup type installed by WinXP Home/Pro is Manual, which relies on the Remote Procedure Call service. Simply put, COM+ System Application is the specific executor of COM+ Event System, and if you disable COM+ Event System you will naturally disable it.
9. Computer Browser
The Browser (Computer Browser Service) process name is Svchost.exe, which is installed by default in WinXP Home/Pro and has a startup type of automatic, relying on the Server and Workstation services. The Browser service maintains a list of network resources, including Windows-based domains, workgroups and computers, as well as other network devices that support the NetBIOS protocol, which is the source of the content we see displayed in the "Online Neighborhood". Obviously, this service is not necessary for the average home computer, unless the computer is located on a LAN, such as the Great Wall Broadband friends, it can be convenient to know the network environment in the community. It is better to be cautious about this service and set it to automatic if you don't care too much about it.
10. Cryptographic services
CryptSvc (authentication services) process name is Svchost.exe, WinXP Home/Pro default installation of the startup type of automatic, relying on Remote Procedure Call services. CryptSvc is the core component of the entire Microsoft Public Key Infrastructure (PKI). The so-called PK is a public-key cryptography that secures and transmits data through encryption. It is not the same as traditional secret (symmetric) key cryptography; the basic characteristic of PK cryptography is that the keys for encryption and decryption are different, with two keys for each user, a public secret key and a private key. Leaving aside these terms, which are difficult to understand at once, in CryptSvc itself, this service should not be turned off if we use Automatic Updates in WinXP, or if we use certificates on the Internet for authentication and proper management of these certificates. One of the most useful things about this feature is when you install a driver to determine if it is certified by Microsoft. Because drivers can get very high operating privileges within the operating system, drivers containing malicious code will let you play through, and thus the manufacturers who develop drivers generally go to do Microsoft certification, through the validation, Microsoft will add its authentication data inside, and then to your machine when you install it can be upgraded through the CryptSvc detection.
11.DHCP Client
Dhcp (DHCP client service) process name is Svchost.exe, WinXP Home/Pro default installation of the startup type is automatic, dependent on the AFD Networking Support Environment, NetBIOS over TCP/IP and TCP/IP Protocol Driver services. Simply put, the DHCP process is that a host in the network (DHCP Server) automatically assigns all network parameters to any computer in the network, and the DHCP Client is the object computer in the network to which the network parameters are assigned. The DHCP Client is the computer to which the network parameters are assigned. The DHCP Client service is indispensable if network parameters such as IP addresses are to be automatically assigned in the network. For home standalone users, anyone who uses DSL/Cable to access the Internet, ICS and IPSEC services will need this to assign a static IP address, so usually this service is not turned off unless your machine is a completely standalone environment.
12. Distributed Link Tracking Client
TrkWks (Distributed Link Tracking Client service) has a process name of Svchost.exe, which is installed by default in WinXP Home/Pro with a startup type of automatic, relying on the Remote Procedure Call service. People who have a certain understanding of computers are not unfamiliar with the word "distributed", so I won't explain it here.TrkWks service simply put, it is the entire network scattered on various computers connected to each other NTFS files as a whole, which is equivalent to the file system of a machine, so when file movement occurs in the system, it will record the file movement. When a file is moved within the system, this information is recorded. It is a "distributed connection" for "domain users" of "NTFS files", you can't use it without one of these three conditions, for single users who are not on the LAN, of course, it is disabled. For a single user not on a LAN, disable it of course.
----------------------------13.Distributed Transaction coordinator
The process name of MSDTC (Distributed Transaction Coordinator) is Msdtc.exe, and it is installed by default in WinXP Home/Pro. The process name of MSDTC is Msdtc.exe, the default startup type installed in WinXP Home/Pro is manual, and it relies on Remote Procedure Call and Security Accounts Manager services.MSDTC is mainly used to deal with distributed transactions, the so-called distributed transactions are the transactions within a single SQL Server that spans two or more databases. Transactions between different data tables within the same database cannot be called distributed transactions. Obviously for users who need to deal with multiple databases or file systems at the same time, this service is very significant, but it is also the usual sense of the average user will not be used to the service, usually come to the default manually start just fine, in fact, this service is also susceptible to remote denial-of-service attacks, disable it is not a problem, and more secure.
14. DNS Client
Dnscache (DNS Client Service) process name is Svchost.exe, WinXP Home/Pro default installation of the startup type of automatic, relying on the TCP/IP Protocol Driver service. DNS (Domain Name System) is also a common term, a simple explanation is that when you use a web browser to surf the Internet, you will type in the URL of a website, and the name of these URLs is interpreted on the Internet through the domain name servers (DNS servers) to complete the conversion of the name into an IP address. In fact, some websites do not have only one server working, but several servers working at the same time, which means that the same website name and address can correspond to different IP addresses (this query can be performed in the operating system before Win2000). However, if you change your operating system to Win2000 or XP, you will always find the same IP address for the same website. Why is this so? This is where the DNS Client service comes in.
In order to achieve the fastest, most efficient way to allow clients to quickly find the domain validation service, in the Win2000/XP system, added a DNS cache (Cache) function, when the first time in the destination host to find the IP address, the operating system will be queried by the name and IP address recorded in the machine's DNS cache buffer, the next time the client still need to query again when the IP address of the host. The next time the client needs to query again, you do not need to go to the DNS server to query, but directly use the data in the local DNS Cache can be, so the results of your query is always the same IP address. It's not a big deal if this service is turned off or not. At most, it can leak your cache contents to determine which sites you have visited in terms of security.
15. Error Reporting Service
ERSvc (Error Reporting Service) process name is Svchost.exe, WinXP Home/Pro default installation of the startup type is automatic, dependent on the Remote Procedure Call service. We often encounter this service, when using the program error will pop up a dialog box, asking you whether you need to send a report to Microsoft, is the function of this service. This service is fully configurable as manual or disabled. If you want to set up more detailed settings for error reporting, you can right-click on the "My Computer" icon, select "Properties", and then click on "Error Reporting" under the "Advanced Tab". Under the "Advanced tab", click the "Error Reporting" button, where you can decide whether and how to send error reports. If you don't have access to the Internet, you can disable the service, and if you have access to the Internet, you can disable it if you're worried about the reports leaking your private information to Microsoft (which Microsoft guarantees won't happen, of course).
16. Event Log (Note: Do not disable this.)
The Eventlog (System Logging Service) process name is Services.exe, and WinXP Home/Pro installs it by default with a startup type of Automatic and no service dependencies. The Event Log service is responsible for logging administrative event messages from the system and from running programs, and provides a standardized and centralized method of logging important information to Windows and applications. and centralized way for Windows and applications to log important software and hardware events. To open the Event Viewer, open Start → Control Panel, then select Administrative Tools → Event Viewer. This is a basic service that cannot be turned off.
17. Fast User Switching Compatibility
Fast User Switching Compatibility (multi-user fast switching service) process name is svchost.exe, WinXP Home/Pro default installation startup type is manual, dependent on Terminal Services. This service is new to WinXP Home/Pro and relies on the Terminal Services service. This service is a new technology of WinXP, which is a fast multi-user switching environment. It solves the problem that previous multi-user environments were safe, but switching between them required a reboot and loss of the previous user's working environment. The use of very simple, as long as the "Start ?ú Logout ?ú Switch User" operation can be easily switched to the user environment, is a very good multi-user technology, if you do not use the multi-user environment, do not have to open it (after joining the domain can not be fast switching by default, of course, can be disabled).
18. FAX Service
FAX (fax service) process name is Fxssvc.exe, WinXP Home/Pro is not installed by default, depending on Plug and Play, Print Spooler, Remote Procedure Call, FAX service is not installed by default, but if you install it you can "Start → All Programs → Accessories → Communications → Fax" operation, use WinXP built-in fax service to send and receive faxes, of course, you have to ensure that your machine at least retained a kitten. If you don't need it, just disable it .
19. Help and Support
Helpsvc (help service) process name is Svchost.exe, WinXP Home/Pro default installation of the startup type is automatic, dependent on the Remote Procedure Call service. This service is used to support WinXP Help and Support Center functions. If you are just starting to use WinXP, this Help Center can solve a lot of problems, if you don't think you need it anymore, then disable it.
20. Human Interface Device Access
The process name of HidServ (Human Interface Device Service) is Svchost.exe, which is installed by default in WinXP Home/Pro with the startup type disabled, relying on the Remote Procedure Call service. This service simply supports those so-called smart keyboards with multimedia features, such as volume control. Of course if you have ergonomic devices (mainly keyboards and mice) then this service is set to automatic, otherwise some of the features of these devices will not work properly. If you don't have such devices, or if your devices have their own drivers, you can disable this service.
21. IMAPI CD-Burning COM Service
The process name of ImapiService (IMAPI CD-Burning Service) is Imapi.exe, which is installed by default in WinXP Home/Pro with a manual startup type and without any service dependencies. This is the built-in CD burning service of WinXP, which was described in detail in Issue 12, 2003 of the magazine. In general, this service has limited functionality and performance, so if you have a burner, you should install a mature third-party burner and turn off this service.
22. Indexing Service
Cisvc (Indexing Service) process name is Cisvc.exe, WinXP Home/Pro default installation of the startup type is manual, dependent on the Remote Procedure Call service. This service indexes files on local and remote computers, i.e. like a library index for books, which speeds up the search for files. One of the big advantages of having this service enabled for individual users is that the speed of file browsing (i.e. waiting time after double-clicking on a folder) is significantly increased, because the directory structure is already read into memory and is called directly when needed. However, when this service is enabled, it can cause the system to become extremely busy, and through the task manager, you can see that the Cidaemon.exe process takes up most of the CPU resources. Therefore, to treat this immature service, please set it to "Automatic" or "Disabled" depending on your machine.
23. Internet Connection Firewall/Internet Connection Sharing
The process name for SharedAccess (Internet Connection*** Sharing and Firewall service) is Svchost.exe, which is the default startup type installed in WinXP Home/Pro. The default startup types installed in Pro are manual and automatic, respectively, and rely on Application Layer Gateway Service, Network Connections, Network Location Awareness, and Remote Access Connection Manager services. This service provides WinXP's built-in access to the Internet. This service provides WinXP's built-in Internet connectivity*** and firewall features. I prefer these two features, performance is good and convenient, specific closure or not depends on personal preference, do not use it can be closed.
24.IPSEC Services
PolicyAgent (IP Security Policy Service) process name is Lsass.exe, WinXP Home/Pro installed by default startup type for automatic, dependent on IPSEC driver, Remote Procedure Call, TCP /IP Protocol Driver services. /IPSEC is an important defense method used to protect intranets, private networks and extranets (Internet, Extranet) from attacks, the main feature is that it encrypts and authenticates all IP-level communications, which is what allows IPSEC to ensure that all communication, including remote login, client/server, e-mail, file transfer and Web access, is protected. This is what allows IPSEC to secure a wide range of applications, including remote login, client/server, e-mail, file transfer, and Web access. This service is important as enterprise and government users are very focused on deploying secure IP. At the same time, it can be seen that for the vast majority of users, this is something that they simply don't have to care about. So disable it.
*********25.Logical Disk Manager
The process name for Dmserver (Logical Disk Manager service) is Svchost.exe, and the default startup types installed in WinXP Home/Pro are Manual and Automatic, respectively, which rely on Plug and Play, Dmserver is used to dynamically manage disks, such as displaying disk free space and using the disk management features in the Microsoft Management Console (MMC). This service is essential for those who frequently use peripherals such as removable drives and USB flash drives, and you can choose to disable it if you don't have one.
26. Logical Disk Manager Administrative Service
Dmadmin (Logical Disk Manager Administrative Service) process name is Svchost.exe, WinXP Home/Pro installed by default startup types are manual and automatic, dependent on Logical Disk Manager, Plug and Play, Remote Procedure Call services. Dmadmin is mainly used to configure hard disk information, usually basically useless. When you open the Microsoft Management Console (MMC), you can see Disk Management, which can be set to Manual.
27. Messenger
Messenger (messenger service) process name is Services.exe, WinXP Home/Pro in the default installation of the startup type of automatic, dependent on NetBIOS Interface, Plug and Play, Remote Procedure Call, Workstation services. Messenger service should be more familiar to those who have been on the Internet. Originally, Microsoft developed the "messenger service" to facilitate the exchange of information among administrators in the same domain, and then some people developed a messenger sending tool to break through the domain restrictions. Later, some people developed a messenger sending tool to break through the domain restrictions, so when you hang on the Internet, a dialog box named "Messenger Service" often pops up on the computer, and these uninvited "messengers" are basically some spam messenger messages, boring advertisements, and illegal information, etc. Usually, these messages are sent using some tools named "Messenger Service", which can be used to send messages to the Internet. Usually, these messages are released by software called "Fierce Baby Messenger" or "Demon Stinger", but in fact, if you are in the same domain, you can easily send messages by using the NET SEND command. The sudden appearance of the "messenger service" will not only interfere with the work, affect the mood, but also vulnerable to "social engineering" attacks, so disable it.
28. MS Software Shadow Copy Provider
SwPrv (Managed Disk Area Volume Shadow Copy Service) has the process name dllhost.exe, and the default startup type is manual, relying on the Remote Procedure Call service, which is installed by default in WinXP Home/Pro. The process name is dllhost.exe. This service supports the MS Backup backup program in WinXP, and strangely enough, even with it turned off, my backups work fine, so disable it if you don't need it.
29. Net Logon
The process name of Netlogon is lsass.exe, and the default startup types installed in WinXP Home/Pro are manual and automatic, depending on the Workstation service. This service is used for domain review. When your computer is in a domain network, if you want to use the network domain server to log on to the domain network, you have to log on through it. It is not necessary for general users, so disable it.
30. NetMeeting Remote Desktop Sharing
Mnmsrvc (NetMeeting Remote Desktop **** enjoy the service) of the process name is Mnmsrvc.exe, WinXP Home/Pro in the default installation of the startup type of manual, relying on Remote The default startup type installed in WinXP Home/Pro is manual and relies on the Remote Procedure Call service. Using NetMeeting allows users to share the control of their computers to other users on the LAN or on the Internet through the company's internal network. Many people turn it off because of security issues and it takes up a lot of network resources. But if you want to do some non-text communication with others, it is still more fun. Note that when you turn it off, the Remote Desktop *** enjoyment feature will not work.
31. Network Connections
Netman (Network Connections Service) process name is svchost.exe, WinXP Home/PRO default installation of the startup type is manual, dependent on the Remote Procedure Call service. Netman is also a very important basic service that manages all the objects in the "Network and Dial-up Connections" folder and is required for any connection on the network (LAN, Internet). If it is disabled, you won't see anything in the "Network and Dial-up Connections" folder, let alone create a new connection and dial-up the Internet. So unless your machine is absolutely standalone, turn it off.
32. Network DDE
NetDDE (Network Dynamic Data Exchange), whose process name is netdde.exe and which is installed by default in WinXP Home/PRO, has a manual startup type and relies on the Network DDE DSDM service. Data Exchange), a method devised by Microsoft in the early days to allow applications to exchange dynamic data between Windows on different PCs, is now rarely used. In fact, in WinXP, the only real use of it is the ClipBook service, recalling the example mentioned in the previous issue of three people **** with the development of documents, through the ClipBook to exchange dynamic data can be a good understanding of the role of this service. Data **** enjoyment service is usually through a trusted communication channel, responsible for the management of this service is the network DDE agent (Network DDE Agent), in fact, the network DDE agent can make the machine is very vulnerable to attack and lose the machine's administrator control. So if you don't need ClipBook*** to enjoy this particular service, you may want to disable it.
33. Network DDE DSDM
NetDDE dsdm (Network Dynamic Data Exchange network ****enabled service) has the process name netdde.exe, and is installed by default in WinXP Home/PRO with a manual startup type, which does not depend on any other service. If this service is terminated, the Network DDE service will be unavailable, in fact, if you don't use Network DDE, it is good to disable Network DDE DSDM as well.
34.Network Location Awareness
The process name of NLA (Network Location Awareness Service) is svchost.exe, and the startup type installed by default in WinXP Home/PRO is manual, which relies on the AFD Network Support Environment and TCP/IP Protocol Driver service, and the ICF/ICS service depends on it.NLA can detect relevant information about the network system and notify relevant applications when this information changes. Basically, the main target of this service is laptops. This is because in real work and life, people's laptops are often used in more than one network environment. Often, you may encounter the problem that you need to use a dynamic IP address in one network and a static IP address in another network. For example, if you use a dynamic IP address in the office and a static IP address at home for your broadband connection, NLA allows you to automatically recognize the different network environments when switching between your home and workplace network (wired), so you can automatically select the appropriate configuration without having to re-adjust network parameters. This is a really nice feature for people who are constantly on the move.
35. NT LM Security Support Provider
The process name of NtLmSsp (NT LM Security Support Provider service) is lsass.exe, and the default startup type installed by WinXP Home/PRO is manual, which doesn't rely on other services. LanManger, is one of the authentication methods provided under NT, using 64-bit encryption.NtLmSsp This service is mainly for RPC (Remote Procedure Call), usually RPC can choose to be based on two types of communication methods, one is the transport protocols, such as TCP/IP, UDP, IPX, etc., and the other is the named pipeline (Pipeline). Normally Windows default choice is the transport protocol, and because RPC is the use of non-encrypted transmission, the security of communication data can not be guaranteed, and NtLmSsp can be to this type of RPC to provide security services. WinXP is known to this type of RP C application is Telnet service (Telnet also relies on the NtLmSsp), so no need to Standalone users who do not need the Telnet service can turn NtLmSsp off.
36. Performance Logs and Alerts
SysmonLog (Performance Logs and Alerts service) has the process name smlogsvc.exe, and is installed by default in WinXP Home/PRO with a manual startup type, which has no service dependencies. If you open the Administrative Tools section of the Control Panel, you can see that there is a tool called Performance, which provides a more detailed view of the system's performance, but it is quite complicated to configure, not easy to get started, and most people would find this performance tool to be meaningless.
SysmonLog is the service that provides logging for it. This is definitely a tool worth looking into if you care more about how your machine works, as it allows you to rigorously monitor the hard disk, memory, CPU, and even the software running on your system, and analyze the machine's software through the recorded log data