How To: Determine what Services are running in Windows

When you bring up the Task Manager you'll see an entry for Services (XP/Vista) and the amount of memory consumed. However this one listing is actually all the Services combined into a single entry. As you can see I have them trimmed down to only the Services needed for this machine. To view the complete list: From a command prompt: Start | Run (type) cmd (click Ok) or Start > All Programs > Accessories > Command Prompt (type) tasklist /svc (press Enter) (XP Pro/Vista/Win7) You will see all the Services running in process. [screenshot] "services.exe" does show up in Win7 from a Command Prompt.

To save the Command Prompt onscreen info: Right-click and select: Select All Right-click again and select: Mark Open Notepad and Paste the info File - Save As: tasklist.txt or (type) "tasklist /svc >tasklist.txt" (no quotes) In the image on the right you'll see a Services tab, this only displays a limited amount of info. Once that tab is open there is a button that will take you directly to the Services Editor ... (Win7) This is the same Editor as typing services.msc from the Run menu As you reduce the unneeded running Services, the Physical Memory usage will drop ... Tip: click the Memory column in the header bar, this will sort the running applications by displaying the programs that are consuming the most Memory (resources) at the top of the column ... A good example of a resource hog is FreeCell ... (over 90,000k) this is one of the applications that requires the "Windows Experience Index" be over a certain number to run properly ...

To Remove any unneeded running Processes

Log on as Administrator
Start | Settings | Control Panel | Administrative Tools | Services

• Windows XP/Vista/Win7 Service Configurations by Black Viper

Once completed, repeat the "tasklist /svc" method and compare. 
If you use the "tasklist /svc >tasklist.txt" method, change the second output (to prevent overwriting the previous file)  to: "tasklist /svc >tasklist1.txt" (no quotes) then compare. You can also view this info in System Information, however the text output loses the formatting and is almost unreadable.

Note: to temporarily disable a Service while troubleshooting:
Start | Run (type) "msconfig" (no quotes)
Click on the Services tab, uncheck desired service. (for testing only!)

To display the Process Identifier in Task Manager

Right-click on the Taskbar, select: Task Manager Click on the Processes tab, click View (up top) Select: "Select Columns", and select: PID (Process Identifier) from there you can also select any of the other options available. You can also sort the entries by clicking on the header in each section. Note: Each time you remove or add a Service the PID for the Services.exe entry will change. Protecting your Security and Privacy On a stand-alone system you should disable or at least Stop and set to "Manual" the Remote Access services, unless you really have a need for these. This would include [example] TCP/IP NetBIOS Helper, Telnet, Routing and Remote Access, Remote Access Auto Connection Manager, QoS RSVP, Remote Registry, etc. The point to all this is that the amount of unneeded services running directly affects the amount of Ports open and exposes the user to unnecessary risks. This tends to leave your Firewall full of holes!

Even Windows Firewall can achieve "Stealth" results [more info] After a while you'll notice all these things are tied together. A great place to start is by testing your setup by running ShieldsUP [Internet port vulnerabilities]

Symantec Security Response encourages all users and administrators to adhere to the following basic security "best practices":

Turn off and remove unneeded services. By default, many operating systems install auxiliary services that are not critical, such as an FTP server, telnet, and a Web server. These services are avenues of attack. If they are removed, blended threats have less avenues of attack and you have fewer services to maintain through patch updates.

The SANS Top 20 Internet Security Vulnerabilities
"These non essential services increase the exploit surface significantly."

Microsoft TechNet - Threats and Countermeasures: Security Settings in Windows (XP)
"Therefore, you should disable or remove any unneeded services"

To avoid the above manual method

Sysinternals Freeware - Autoruns - this terrific utility can display and disable services (if needed) [screenshot]

Safe XP allows users to quickly tweak various security and privacy related settings in XP.
This is a very useful little freeware utility! Compare the recommended Safe XP settings to the one's on Black Viper's site, then decide for yourself what is needed. [Screenshot]

How To: Generate a Printout of running Services

Run HijackThis | Config [button]
Select: "Include list of running processes in logfiles"

Click the "Misc Tools" [button]
Select: "List also minor sections", Select: "List empty sections"

Click "Generate Startuplist log" [button]
Open "Startuplist.txt" and scroll down to: "Enumerating Windows NT\2K\XP Services"

Use Netstat to Determine what Services are "Listening"

	From a Command Prompt (type) "netstat -ano" (no quotes)
To create a text file of this info - (type) "netstat -ano >autocon.txt" You can also use Microsoft/Sysinternals Freeware - TCPView to view a detailed listings of all TCP and UDP endpoints on your system

Related Articles

• Description of Svchost.exe
• How to disable programs that run when you start Windows XP Home Edition or Windows Vista
• Description of the Microsoft Computer Browser Service

Other Sites with Services Info

• WinPatrol [freeware] also has an excellent section on Services

Privacy Policy
Copyright © 1998 - 2011 All rights reserved.
http://winhelp2002.mvps.org/services.htm