Svchost and Process Watchdog

[Capt_Ahab]

I have an issue on my PC where svchost.exe seems to develop a memory leak and after a few days it will grow to over a few gigs. I have tried to trace what services tied to svchost are causing the memory leak however the largest tied service to the process is the Font Cache service- at least according to Comodo's Kill Switch app although it only shows at most 32MB of usage. I was wondering if the process watchdog feature in Process Lasso can safely restart the svchost service, or would doing so cause system instability?

[BenYeeHua]

Should not the safe ways is reinstall/fix windows?
Or maybe your fonts is installed too much?
----
As I know is Nope.

[Capt_Ahab]

This copy of Windows was just installed a few months ago. I checked for any signs of malware and nothing is showing up.  I think it could be due to some of the other software that I have running on the computer. At any rate, I was hoping to find out what particular service within Svchost was causing the memory leak and then at least have that service restart.

[edkiefer]

you might have better luck with process explorer .

Why do you think there is memory leak though ?

cause it starts low and increases to 32mb , that doesn't mean its has memory leak, it could be just the way its coded . really hard to say w/o knowing the app .

[Capt_Ahab]

Actually the svchost process will start out low and then begin to work its way up to over 2GB of memory the longer the computer is left on for until it's rebooted and then the process starts over again. Not sure what could be causing the issue...The services that fall under this svchost process are the following:
WinHttpAutoProxySvc
WdiServiceHost
nsi
netprofm
FontCache
fdPHost
EventSystem

Any idea on which one of these could be the most likely culprit?

[edkiefer]

no , idea but I think most of those are not critical .
try disabling each one or ones it lets you while still able to run for a day or so and see which is the problem service .
then investigate the problem one .

[Capt_Ahab]

I thought I would give an update on what I did to help with managing the individual services. There is a command you can run as administrator on the machine that basically tells windows to unbundle the service and list it separately. I created a bat file with the following:

Code Select Expand

SC Config wdiservicehost Type= own
SC Config nsi Type= own
SC Config netprofm Type= own
SC Config fontcache Type= own
SC Config fdphost Type= own
SC Config EventSystem Type= own
I then ran the bat file and rebooted. The services are still listed under the svchost.exe process however there are now svchost processes that contain only one service instead of a bundle- at least with the services I specified. The only downside to doing this is that it can consume slightly more memory however I think that the benefits outweigh the costs in this case. I'll keep an eye on the individual processes to see which ones are causing the memory bloat.

[BenYeeHua]

I thought I would give an update on what I did to help with managing the individual services. There is a command you can run as administrator on the machine that basically tells windows to unbundle the service and list it separately. I created a bat file with the following:

Code Select Expand

SC Config wdiservicehost Type= own
SC Config nsi Type= own
SC Config netprofm Type= own
SC Config fontcache Type= own
SC Config fdphost Type= own
SC Config EventSystem Type= own
I then ran the bat file and rebooted. The services are still listed under the svchost.exe process however there are now svchost processes that contain only one service instead of a bundle- at least with the services I specified. The only downside to doing this is that it can consume slightly more memory however I think that the benefits outweigh the costs in this case. I'll keep an eye on the individual processes to see which ones are causing the memory bloat.

Hope you will find who do that.