Svchost Consume 100% CPU

Published on: Fri, 18 July 2014

Svchost is a system process that is responsible for running most of Windows services, so whenever we see that svchost consume 100% CPU, that mean one of the services managed by svchost is having trouble.

Svchost Consume 100% CPU

So, how do we know which service cause svchost to consume 100% CPU?

In a previous article we explained how to Find PID for Service, now we are going to do the opposite: Find Service from PID
For more explanation, please refer to the article. Now, we are going to change some parameters.

tasklist /SVC /FI "PID eq 1680"

Find Service from PID

As you can see a lot of services are running under the same process, so if we killed the process all these services will be stopped.

So, we need to find which service from this list caused svchost consumes 100% CPU!
We can simply stop them one by one and see when the svchost stop utilizing all CPU resources.

But, based on our experience, the service that cause this issue is: Automatic Updates, or Windows Update Service.

To verify that, try to stop the service using this command: net stop wuauserv

Svchost Normal CPU

Now, after we verified that Automatic Updates, or Windows Update Service, was the cause for svchost consumes 100% CPU, we are going to explain what cause the service to hang and how can we fix it.

The problem is caused by the Windows Update Client evaluating an exceptionally long superseded chain of updates. Each update in the chain doubles the CPU resources needed to evaluate it over the previous version, which cause the Windows Update Client to hang and thus cause svchost consumes 100% CPU.

Now, the question that raises itself, what cause this exceptionally long superseded chain of updates?

We have two reasons that may one of them, or both of them are behind the problem, so you need to check both of them to see which one will fix your problem.

Old Internet Explorer Version

In older Windows versions like Windows XP, most of us still stuck with IE6, and maybe IE7

With these old Internet Explorer versions, Microsoft released an extremely large number of updates; to fix vulnerability and security issues, and each time Microsoft release a new one, they supersede the older one.

For example, Windows XP with IE6 was supported for over than 10 years, with at least one update every month and sometimes two or three updates in a month. So, we may have about 150 update for Internet Explorer!

Imagine a new formatted computer need to contact Microsoft Update, or one has never been updated, then receives about 150 update for IE6 and need to process them and see what has been superseded to ignore it, and install the newer one, for sure it is going to hang.

The Solution is to either manually installing the latest cumulative update for internet explorer, or upgrade to a newer version like IE8 for Windows XP, or IE11 for newer Windows versions.

In this case, the number of updates need to be processed by the Update Client are much lower, and will not cause it to hang.


Another issue we may face in corporate IT, is a miss configured WSUS server!

Most of Large Corporation are still stuck with Windows XP and IE6, and are struggling to move to a newer version of Windows and most probably will not be able to fully move.

So, they will keep facing this issue as they cannot upgrade to a newer version of Internet Explorer nor manually install the latest cumulative internet explorer update on hundreds or thousands or computers.

Fortunately, we can decrease this long list of updates that the computer will receive from WSUS server.

All we have to do is to decline expired and superseded updates from WSUS server, and thus the clients will receive a smaller list of updates, and will not hang processing it.

WSUS Server Cleanup

Of course the server will be busy for few hours processing that long list instead of the clients, but it will not hang as it is designed for this.