Windows Processes

Here is a list of crucial Windows processes. They usually cannot be killed via Task Manager. If their watcher is not terminated, the results listed will occur.

Thanks to this blog for the info!


 * winlogon.exe: Deals with Windows login sessions, hence the name, watches lsass.exe and services.exe. Opened when booting; when terminated:
 * XP: Cause blue screen
 * Vista and up: Log off
 * smss.exe: Session manager. Watches winlogon.exe, which if not terminated first, causes blue screen. Does nothing if terminated; opened when logging in.
 * csrss.exe: Clinct Server Runtime Subsystem. OS runs on top of this. Opened when booting; when terminated, cause blue screen (STOP 0x0F4).
 * lsass.exe: Local Security Authority Subsystem Service. Verifies user logins and allows password changes. Opened when logging in; when terminated, reboot computer after 1 minute.
 * services.exe: Service Control Manager. Controls all Windows services. Opened when booting; when terminated, reboot computer after 1 minute.
 * explorer.exe: Windows Explorer. Holds the main interface. Open when logging in; when terminated, gets rid of Taskbar, all Window Explorer processes, and desktop icons. On Windows 8 and up, also removes background. Usually reopens if terminated.
 * svchost.exe: Service Host. Holds user's themes. Opened when booting; when terminated, revert theme to lowest default.
 * System: Holds system threads. Cannot be terminated.
 * System Idle Process: Not a real process, tracks time no thread was running. Cannot be terminated.
 * DCOM Server Process Launcher: Unknown, if terminated:
 * Windows XP-7: Reboot computer after 1 minute.
 * Windows 8-10: Cause blue screen.