11/17/23, 10:23 PM Controlling Services and Processes | Understanding Windows Operating System Basics

Controlling Services and Processes

When Windows is up and running, administrators need to know about the services and processes that are
operating on a given host. Obtaining that information can be the result of simple system maintenance or it
can be part of an investigation to see if there are suspicious processes that are running on a compromised
host. This topic presents several tools that are available to get information about processes and manage
them.

The task manager is a primary tool that every Windows administrator should be familiar with. The figure
shows an example of the Task Manager window from a Windows 7 installation.

The task manager provides a great deal of information regarding what is running on the system including
system performance metrics. Because it pertains to services and processes, the first three tabs provide the
most useful information.

Applications: Lists the applications currently running on the system and gives you the ability to end the
task or switch to it. This area can be useful for killing hung applications.

Right-clicking an application in this list gives you several options in a context menu. One option that you
may find useful is to jump to the process that runs the application.

Processes: Lists processes running on the system and it also gives you the ability to sort applications
several ways: by name, by the user that owns the process, by CPU resource consumption, by memory
resource consumption and description. This view can help you identify processes consuming resources or
acting strangely. You can also terminate misbehaving processes.

Right-clicking a listed process opens a context menu with various options, such as opening the location
of the file that starts the process or opening the processes properties.

Services: Lists the services that are loaded on the system, and the service status: Running or Stopped.
You can also open the Services management console applet, where you have greater control over loaded
services and configuring their properties.

Right-clicking an item in the services list allows you to open a context menu with several options. For
example, you can stop or start the service depending on its current state, and you can jump to the
process that runs the service in the process list.

https://ondemandelearning.cisco.com/apollo-alpha/mc_salyst110_21/pages/16 1/8
11/17/23, 10:23 PM Controlling Services and Processes | Understanding Windows Operating System Basics

The msconfig Utility

The msconfig utility also has the ability to show the status of the services. The figure below shows the
Services tab of the msconfig utility.

The amount of management that you can perform from msconfig is somewhat limited: you can only enable
or disable the services at the next reboot. But it allows you to view the services and potentially identify any
that appear suspicious. You may also find useful tools to give you greater control through the Tools tab.

In the Tools tab, you can select a tool and launch it from this application window. In this example above, the
user has selected the Computer Management tool which gives access to control a wide range of system
settings, including services.

Windows 8 (and Greater) Task Manager

The task manager was updated in recent versions of Windows (version 8 or greater), and added some key
enhancements and tabs that provide more useful information. This section provides an overview of the
updated task manager.

First, the task manager opens as a simple window that lists applications that are currently running on the
host.

https://ondemandelearning.cisco.com/apollo-alpha/mc_salyst110_21/pages/16 2/8
11/17/23, 10:23 PM Controlling Services and Processes | Understanding Windows Operating System Basics

To get to all the task manager features, click More Details to expand the window to reveal the full set of task
manager features as seen in the figure below.

Note that the application tabs have changed. The information is better organized graphically.

Processes: This presentation includes both applications and processes in a single list. Applications and
processes consuming large amounts of resources relative to others get shaded in various ways.
Generally, the darker the shade of yellow and then orange, the higher the resource consumption. If
resource utilization has reached a critical level, the value will be shaded in red. Processes are organized
in terms of Background processes and Windows processes. Each section of the list is labeled accordingly.

Another enhancement is that processes running sub-processes are identified with a button in the shape
of a greater-than symbol. Clicking this button expands the selection to show the sub-processes. In the
case of applications that are running multiple windows, such as a browser with multiple tabs open,
clicking the button lists all the windows or tabs belonging to that instance of the application.
One enhancement that could be particularly useful is embedded in the context menu. Right-click an
application or process in the list to see the context menu that is associated with that item . The option
that is called “Search Online” initiates a search for the item using the system’s default search engine. A
key use case for this feature is to do a quick lookup on a process that is suspicious. However, many
classes of malware either misrepresent what is displayed in the task manager or disable it all together.

Performance: This tab aggregates all the major performance metrics (CPU, memory, disk, and network)
into a single section. You can click a resource in the left portion of the tab and the main panel populates
with the performance details of that resource including a general performance graph over time and values
of key metrics that are dynamically updated as resource consumption changes.

https://ondemandelearning.cisco.com/apollo-alpha/mc_salyst110_21/pages/16 3/8
11/17/23, 10:23 PM Controlling Services and Processes | Understanding Windows Operating System Basics

App history: By default, this tab shows historical resource utilization of applications over time, giving you
an idea of which applications may be consuming high amounts of resources. Edit the properties of this
page to display historical resource consumption for all applications by clicking the Options menu at the
top of the window.

Startup tab: This tab presents a list of applications and services that start up at boot time. You can select
an item from this list and click the Disable button in the lower-right portion of the window to prevent the
application from initializing at boot time.

Users tab: This tab displays users who are currently in the system. It also displays the resources that are
consumed by the applications and processes that belong to each user. You can see a list of these
processes by clicking the arrow button in front of the listed user to expose the list of processes belonging
to the user. You can also select a user and disconnect him or her from the system if you have
administrator privilege.

https://ondemandelearning.cisco.com/apollo-alpha/mc_salyst110_21/pages/16 4/8
11/17/23, 10:23 PM Controlling Services and Processes | Understanding Windows Operating System Basics

Details tab: This tab displays a list of all the applications and processes running on the system. It
expands on the capabilities of the Processes tab in that it displays status information for each item and it
makes more advanced options for managing processes available through the context menu when you
right-click an item. For example, it allows you to set a processing priority for an item. The context menu
also allows you to set CPU affinity. Affinity is a feature that is used primarily on multi-core or multi-CPU
systems, allowing a process to run on a specific core or CPU. Another option on the context menu is
called, Analyze wait chain. This option will display the status of a process that might appear to be hung up.
You can easily determine from this option whether a non-responsive application is waiting on another
process.

Services tab: This tab, as the name implies, lists the services that are loaded on the system and the
service status (Running or Stopped). It is not much different than its predecessor from previous versions
of Windows but it does include the ability to do an online search for a service that may not be familiar to
you. It also allows you to open the Services applet from the management console application to give you
greater control over the properties and configuration of services.

https://ondemandelearning.cisco.com/apollo-alpha/mc_salyst110_21/pages/16 5/8
11/17/23, 10:23 PM Controlling Services and Processes | Understanding Windows Operating System Basics

Content Review Question Correct

Which tab is available from the task manager and the msconfig utility?

processes

services

tools

boot

Submit

Content Review Question Correct

Which Windows utility should be used to immediately stop a malicious running process?

task manager

msconfig

netstat

device manager

Submit

Content Review Question Correct

An analyst may run the Windows Task Manager to perform which two tasks? (Choose two.)

Tune the computer performance when the Windows host is under attack.

Monitor Kernel operations to debug rootkit operations.

Kill a malicious running process.

https://ondemandelearning.cisco.com/apollo-alpha/mc_salyst110_21/pages/16 6/8
11/17/23, 10:23 PM Controlling Services and Processes | Understanding Windows Operating System Basics

Kill a malicious running application.

Submit

https://ondemandelearning.cisco.com/apollo-alpha/mc_salyst110_21/pages/16 7/8
11/17/23, 10:23 PM Controlling Services and Processes | Understanding Windows Operating System Basics

Keep going! Next: Monitoring System Resources

https://ondemandelearning.cisco.com/apollo-alpha/mc_salyst110_21/pages/16 8/8