Windows 10 Services that are Safe to Disable Version 1.03 5 February 2017
http://www.SavorTheJourney.us
[email protected]
Contents Windows Services Explained ............................................................................................................................................................................................................ 1 What is a Windows Service? ........................................................................................................................................................................................................ 1
The Windows Services Panel ....................................................................................................................................................................................................... 1
Startup Type ....................................................................................................................................................................................................................................... 1
Disabling Windows Services ............................................................................................................................................................................................................. 2
Stop a Service ................................................................................................................................................................................................................................ 3 Start/Enable a Service ................................................................................................................................................................................................................ 3
Disable a Service .......................................................................................................................................................................................................................... 3
List of Disabled Services ..................................................................................................................................................................................................................... 3
AllJoyn Router Service .................................................................................................................................................................................................................... 4 Application Layer Gateway Service ........................................................................................................................................................................................... 5
Certificate Propagation .................................................................................................................................................................................................................. 6
Computer Browser (Browser) ...................................................................................................................................................................................................... 7 Connected Device Platform Service ......................................................................................................................................................................................... 8
Connected User Experiences and Telemetry ........................................................................................................................................................................ 9 Credential Manager ....................................................................................................................................................................................................................... 10
DataCollectionPublishingService ............................................................................................................................................................................................. 11 Delivery Optimization ................................................................................................................................................................................................................... 12
dmwappushsvc ................................................................................................................................................................................................................................ 13
Downloaded Maps Manager ..................................................................................................................................................................................................... 14 Enterprise App Management Service .................................................................................................................................................................................... 15
Family Safety Filter Driver ........................................................................................................................................................................................................... 16
Fax ......................................................................................................................................................................................................................................................... 17
Function Discovery (2 services)................................................................................................................................................................................................. 18 Geolocation Service ....................................................................................................................................................................................................................... 19 HomeGroup (2 services) .............................................................................................................................................................................................................. 20
Human Interface Device Service .............................................................................................................................................................................................. 21
Hyper-V (8 services) ...................................................................................................................................................................................................................... 22 Intel (2 services)............................................................................................................................................................................................................................... 24
Internet Connection Sharing (ICS)........................................................................................................................................................................................... 25 Internet Explorer ETW Collector Service ............................................................................................................................................................................... 26
IP Helper ............................................................................................................................................................................................................................................. 27
Link-Layer Topology Discovery Mapper ............................................................................................................................................................................... 28
Microsoft Diagnostics Hub Standard Collector Service ................................................................................................................................................. 29 Microsoft iSCSI Initiator Service ............................................................................................................................................................................................... 30
Microsoft Windows SMS Router Service .............................................................................................................................................................................. 31 Netlogon ............................................................................................................................................................................................................................................ 32
Net.Tcp Port Sharing Service ..................................................................................................................................................................................................... 33
Network Connected Devices Auto-Setup ............................................................................................................................................................................ 34
Network Connectivity Assistant................................................................................................................................................................................................ 35
Peer Networking (3 services) ..................................................................................................................................................................................................... 36
Performance Counter DLL Host................................................................................................................................................................................................ 37 Performance Logs & Alerts ........................................................................................................................................................................................................ 38 PNRP Machine Name Publication Service ........................................................................................................................................................................... 39
Program Compatibility Assistant Service ............................................................................................................................................................................. 40
Quality Windows Audio Video Experience .......................................................................................................................................................................... 41
Remote Access (2 services) ........................................................................................................................................................................................................ 42 Remote Desktop (3 services) ..................................................................................................................................................................................................... 43
Remote Procedure Call (RPC) Locator ................................................................................................................................................................................... 44 Remote Registry.............................................................................................................................................................................................................................. 45
Retail Demo Service ...................................................................................................................................................................................................................... 46
Routing and Remote Access ...................................................................................................................................................................................................... 47 Secondary Logon ............................................................................................................................................................................................................................ 48
Sensor (3 services).......................................................................................................................................................................................................................... 49 Server ................................................................................................................................................................................................................................................... 50 Smart Card (3 services)................................................................................................................................................................................................................. 51 SSDP Discovery ............................................................................................................................................................................................................................... 52
TCP/IP NetBIOS Helper ................................................................................................................................................................................................................ 53 Touch Keyboard and Handwriting Panel Service .............................................................................................................................................................. 54 UPnP Device Host........................................................................................................................................................................................................................... 55
WebClient .......................................................................................................................................................................................................................................... 56
Windows Biometric Service ........................................................................................................................................................................................................ 57 Windows Connect Now - Config Registrar ......................................................................................................................................................................... 58 Windows Error Reporting Service............................................................................................................................................................................................ 59
Windows Event Collector ............................................................................................................................................................................................................ 60 Windows Media Player Network Sharing Service ............................................................................................................................................................. 61 Windows Mobile Hotspot Service ........................................................................................................................................................................................... 62 Windows Remote Management (WS-Management) ...................................................................................................................................................... 63
Windows Search ............................................................................................................................................................................................................................. 64 WMI Performance Adapter ........................................................................................................................................................................................................ 65 Workstation ...................................................................................................................................................................................................................................... 66 Xbox (3 services) ............................................................................................................................................................................................................................. 67
Appendix A: Internet Resources.................................................................................................................................................................................................... 68 Appendix B: Disabled Services (1-page list)............................................................................................................................................................................. 69
Appendix C: Change History .......................................................................................................................................................................................................... 70
Windows Services Explained What is a Windows Service?
Windows Services are programs that have no user interface (UI) and run silently in the background. Most services are from Microsoft and many of these must be running for a PC to operate properly. Other services may also be running that are installed by third parties (e.g. Intel, Adobe, etc.). Services can be configured to start when a PC boots up and run until the PC shutdown. They can also be set to start manually or to start when “triggered” by an event. If a PC has many services running, performance can be impacted causing lags and delays. Identifying running services that are unnecessary and can be stopped, can quickly free up resources (e.g. CPU and memory) and increase performance. To stop a service, Microsoft provides the Windows Services Panel.
The Windows Services Panel
The Windows Services Panel is used to manage the services installed on your computer. To access the panel, press WIN+R on your keyboard to open the Run dialog type services.msc.
Startup Type
Windows Services Panel
Double-clicking a service allows you to change the Startup Type (e.g. Automatic, Manual or Disabled) and the Service Status (e.g. Start, Stop, Pause or Resume). 1. Automatic - Starts automatically during the boot process.
2. Automatic ﴾Delayed Start﴿ - Starts automatically after the boot process (2 minutes after the last Automatic service starts).
3. Manual - Starts on demand when explicitly requested by a user or an application. Used when you want to start a service yourself. 4. Manual ﴾Trigger Start﴿ - Starts when a specific event occurs (e.g. when a USB device is plugged in). Without this setting, a service would have to be set instead to Automatic resulting in a service running continually to allow it to periodically “wake up” and scan the hardware for changes. 5. Disabled - Can’t be started by a user or program.
1
Disabling Windows Services
Disabling the wrong Windows’ service can potentially cripple your PC. Many of the services you’ll see listed in the Windows Service Panel are core features required for your PC to operate properly. Unless you are confident that you know the purpose of a service, DO NOT change its Startup Type. Having said that, the List of Disabled Services in this guide have been safely disabled on my PC with no problems noted. My computer is a 64-bit standalone laptop with Windows 10 Home (version 1511) installed. I have no network connections other than a wireless connection to the Internet file and printer Sharing are turned off. I follow a few basic rules anytime I consider disabling a service. Here they are: 1. Create a restore point before changing any service.
2. Use only the Services Manager (services.msc) to change a service. This reason for this is explained below.
3. Document every change made to include the date and a detailed description of why the change was made. If problems arise, this detailed list of changes may help you quickly solve the problem. 4. Change only 1 or 2 services at a time and then test the change. I put my PC through its paces for at least a week before making additional service changes. Warning
Although services can be changed using MSConfig (msconfig.exe), do NOT use it to change service settings. Instead, use only the Services Manager (services.msc). The reason for this is threefold:
1. MSConfig - Unchecking the box beside a service disables that service. There is no option to set a service to Manual.
2. MSConfig - Allows you to disable services that may be vital to boot your PC while Services Manager prevents this.
3. MSConfig - Provides a button titled “DISABLE ALL”. Selecting this button will definitely cripple you PC. I’m not sure why this option is available since no reason exists to justify disabling EVERYTHING.
Caution
Changing the default Service settings may prevent key Services from running correctly. It is especially important to use caution when changing Startup Types set to Automatic. Information
You must be signed in as an administrator to change service settings.
Some services, such as Remote Procedure Call ﴾RPC﴿, Event Log, and Plug and Play cannot be stopped. These services are required for the operating system to function properly.
If you stop, start or restart a service, any dependent services are also affected. Starting a service does not automatically restart its dependent services.
2
Stop a Service
1. Double-click the service to stop. 2. Click the Stop button.
3. Wait until the service status shows Stopped then click OK.
Start/Enable a Service
1. Double-click the service to start.
2. If the service is set to Disabled, it must first be changed to Manual, Automatic or Automatic (Delayed Start). Click Apply. 3. Click the Start button.
4. Wait until the service status shows Stopped then click OK
Disable a Service
1. Double-click a service to disable.
2. If the service is Running, then click the Stop button.
3. Wait until the service status shows Stopped then change the Startup type to Disabled. 4. Click OK.
List of Disabled Services
The services that I’ve disabled are obviously dependent upon how I use my PC. Here is a summary of my laptop’s specs and the Windows features I don’t use.
64-bit standalone laptop
No network connections other than a wireless connection to the Internet.
Windows 10 Home, version 1511 installed. File and Printer Sharing = OFF
I’ve tried to provide detailed information for all the services that I’ve disabled. I find that the service descriptions provided by Microsoft are generally vague and difficult to “decode” so I rewrote them to make them clearer. I’ve also included links to articles and tutorials that may provide additional information to help you decide whether or not a particular service is needed. For a quick list of the services I’ve disabled, without all the details, see Appendix B: Disabled Services (1-page list). Warning
It is important to create a restore point before making any changes to Windows services.
Click HERE for a great article from PC Magazine on how to create a restore point and also use that restore point to perform a system restore if needed.
3
AllJoyn Router Service
Description - This service (AJRouter) is used by the Internet of Things (IoT) to discover and communicate (customize and control) with “smart” devices using IPv6. Security and privacy risks exist with IoT (see “Additional Information” below). Reason for Disabling on a Standalone PC
PRIVACY RISK (IoT)
Direct communication with IoT devices not used.
Default Service Settings - The AllJoyn Router Service runs in a shared process (svchost.exe). Display Name: AllJoyn Router Service Service Name: AJRouter Startup Type: Manual Path: C:\WINDOWS\system32\svchost.exe -k LocalService File: C:\Windows\system32\AJRouter.dll Registry Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AJRouter Dependencies: This service depends on the following system components: None The following system components depend on this service: None
Additional Information
IoT Applications with Examples (InternetOfThingsWiki.com/)
5 Reasons to Avoid Smart Assistants If You Value Your Privacy (MakeUseOf.com)
AllJoyn Consumer Applications (AllSeenAlliance.org)
The Internet of Things Industry Failed Us (PCMag.com)
Friday's IoT-based DDoS Attack has Security Experts Worried (ComputerWorld.com) Are My Smarthome Devices Secure? (HowToGeek.com)
GUIDE: How to disable IPv6 or its components in Windows (Microsoft.com)
NOTES
4
Application Layer Gateway Service
Description - This service (ALG) provides support to non-Microsoft (third-party) protocol plug-ins by allowing their proprietary network protocols to pass through Windows Firewall and work behind Internet Connection Sharing (ICS). These plug-ins are capable of opening ports and changing data (e.g. IP addresses) embedded in packets. This service is also referred to as Application Level Gateway Reason for Disabling on a Standalone PC - PC’s internet connection (ICS) not shared with other computers or devices. Default Service Settings - The Application Layer Gateway Service runs in its own process (alg.exe). Display Name: Application Layer Gateway Service Service Name: ALG Startup Type: Manual Path: C:\WINDOWS\system32\alg.exe Registry Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ALG Dependencies: This service depends on the following system components: None The following system components depend on this service: None
Additional Information
Application Layer Gateway (Wikipedia.org)
GUIDE: How to Block an Application from Accessing the Internet with Windows Firewall (HowToGeek.com)
GUIDE: How to Allow Apps to Communicate Through the Windows Firewall (HowToGeek.com)
NOTES
5
Certificate Propagation
Description - This service (CertPropSvc) detects when a smart card is inserted into a smart card reader, installs the smart card Plug and Play driver if needed, and copies the user certificate and root certificate from the smart card onto the PC in the user’s certificate store. Reason for Disabling on a Standalone PC - Smart card not used.
Default Service Settings - The Certificate Propagation service runs in a shared process (svchost.exe). Display Name: Certificate Propagation Service Name: CertPropSvc Startup Type: Manual Path: C:\WINDOWS\system32\svchost.exe -k netsvcs File: C:\WINDOWS\system32\certprop.dll Registry Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CertPropSvc Dependencies: This service depends on the following system components: Remote Procedure Call (RPC) (RpcSs) The following system components depend on this service: None
Additional Information
Smart Card (Wikipedia.org)
Security with Smart Cards (TechNet.Microsoft.com)
NOTES
6
Computer Browser (Browser)
Description - This service (Browser) tracks and maintains a list of the computers and files on a network. This service is only useful for a LAN setup where the computers share files with each other. Reason for Disabling on a Standalone PC
No network connections.
File and printer sharing turned off.
Default Service Settings - The Computer Browser service runs in a shared process (svchost.exe). Display Name: Computer Browser Service Name: Browser Startup Type: Manual Path: C:\WINDOWS\system32\svchost.exe -k netsvcs File: C:\WINDOWS\system32\browser.dll Registry Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Browser Dependencies: This service depends on the following system components: Server (LanmanServer) Workstation (LanmanWorkstation) The following system components depend on this service: None
Additional Information
Computer Browser Service (Wikipedia.org)
GUIDE: How to Turn On or Off File and Printer Sharing (TenForums.com)
GUIDE: Guide to Network and Sharing Center (Online-Tech-Tips.com)
GUIDE: How to Turn On or Off Public Folder Sharing (TenForums.com) GUIDE: How to Turn On or Off Network Discovery (TenForums.com)
NOTES
7
Connected Device Platform Service
Description – Microsoft’s description for this service (CDPSvc) says "This service is used for Connected Devices and Universal Glass scenarios". I’ve spent a bit of time researching this service and can’t really determine exactly what it is. The default setting for this service is Disabled. I have left it disabled with no problems noted. Reason for Disabling on a Standalone PC - Default setting for Startup Type = Disabled.
Default Service Settings - The Connected Devices Platform Service runs in a shared process (svchost.exe). Display Name: Connected Devices Platform Service Service Name: CDPSvc Startup Type: Disabled Path: C:\WINDOWS\system32\svchost.exe -k LocalService File: C:\WINDOWS\system32\CDPSvc.dll Registry Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CDPSvc Dependencies: This service depends on the following system components: None The following system components depend on this service: None
NOTES
8
Connected User Experiences and Telemetry
Description - This service (DiagTrack) collects and transmits diagnostic and usage information to Microsoft. In earlier versions of Windows 10 this service was called "Diagnostics Tracking Service." Microsoft’s tracking and data collection is a privacy risk (see “Additional Information” below). Reason for Disabling on a Standalone PC - PRIVACY RISK (telemetry and data collection). In addition to disabling this service, I recommend using the portable freeware program Spybot Anti-Beacon to remove all known tracking features in Windows. Default Service Settings - The Connected User Experiences and Telemetry service runs in its own process (svchost.exe). Display Name: Connected User Experiences and Telemetry Service Name: DiagTrack Startup Type: Automatic Path: C:\WINDOWS\system32\svchost.exe -k utcsvc File: C:\WINDOWS\system32\diagtrack.dll Registry Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DiagTrack Dependencies: This service depends on the following system components: Remote Procedure Call (RPC) (RpcSs) The following system components depend on this service: None
Additional Information
Even When Told Not To, Windows 10 Just Can’t Stop Talking to Microsoft (arstechnica.com)
Microsoft Walks a Thin Line Between Windows 10 Telemetry and Snooping (InfoWorld.com)
Microsoft Doesn't See Windows 10's Mandatory Data Collection as a Privacy Risk (PCWorld.com) Windows 10 Telemetry Secrets: Where, When, and Why Microsoft Collects Your Data (ZDNet.com) GUIDE: Manage Windows 10 Telemetry and Data Collection Settings (TheWindowsClub.com) Guide: How to Enable or Disable Cortana (TenForums.com)
NOTES
9
Credential Manager
Description - This service (VaultSvc) is the "digital locker" where Windows stores log-in credentials (username, password, etc.) for computers on your network and for Internet websites. This service is used whenever you see a prompt asking if you want Windows or Internet Explorer to remember your password. Reason for Disabling on a Standalone PC - Log-in usernames and passwords not stored on PC. Default Service Settings - The Credential Manager service runs in a shared process (lsass.exe). Display Name: Credential Manager Service Name: VaultSvc Startup Type: Manual Path: C:\WINDOWS\system32\lsass.exe File: C:\WINDOWS\system32\vaultsvc.dll Registry Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VaultSvc Dependencies: This service depends on the following system components: Remote Procedure Call (RPC) (RpcSs) The following system components depend on this service: Windows Biometric Service (WbioSrvc)
Additional Information
GUIDE: How to Add Credentials to the Windows Credential Manager Vault (HowToGeek.com)
GUIDE: Add, Remove, Edit, Backup and Restore Stored User Names and Passwords (TheWindowsClub.com)
NOTES
10
DataCollectionPublishingService
Description - This service (DcpSvc) allows Microsoft apps to upload data to the cloud. Cloud computing presents several security and privacy risks (see “Additional Information” below). Reason for Disabling on a Standalone PC
SECURITY & PRIVACY RISK (cloud)
The uploading of data from Microsoft apps to the cloud is not not used.
Default Service Settings - The DataCollectionPublishingService runs in a shared process (svchost.exe). Display Name: DataCollectionPublishingService Service Name: DcpSvc Startup Type: Manual Path: C:\WINDOWS\system32\svchost.exe -k netsvcs File: C:\WINDOWS\system32\dcpsvc.dll Registry Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DcpSvc Dependencies: This service depends on the following system components: None The following system components depend on this service: None
Additional Information
Cloud Computing Issues (Wikipedia.org)
The Dirty Dozen: 12 Cloud Security Threats (InfoWorld.com)
Top 10 Security Concerns for Cloud-Based Services (Incapsula.com) Top Ten Major Risks Associated with Cloud Storage (Cloudwards.net)
GUIDE: How to Disable OneDrive and Remove It From File Explorer (HowToGeek.com)
NOTES
11
Delivery Optimization
Description - This service (DoSvc) allows Microsoft to distribute their Windows updates to/from your PC to other computers on the internet and on your local network. In other words, Microsoft is using your bandwidth to distribute their updates to other users. You’re not asked if you’d like to participate in this distribution. Instead, MS turns this feature on by default. I can think of no good reason to leave this service set to anything but “Disabled.” Reason for Disabling on a Standalone PC
SECURITY & PRIVACY RISK (connecting to unknown computers)
PC is not a Microsoft server. Most users (to include me) have limited bandwidth plans with data caps. I don’t intend to exceed these caps, and increase my costs, to distribute Microsoft software to other users.
Default Service Settings - The Delivery Optimization service runs in a shared process (svchost.exe). Display Name: Delivery Optimization Service Name: DoSvc Startup Type: Automatic Path: C:\WINDOWS\system32\svchost.exe -k netsvcs File: C:\WINDOWS\system32\doscv.dll Registry Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DoSvc Dependencies: This service depends on the following system components: Remote Procedure Call (RPC) (RpcSs) The following system components depend on this service: None
Additional Information
Windows Update Delivery Optimization: FAQ (Microsoft.com)
GUIDE: How to Delete Delivery Optimization Files and Reclaim Lost Disk Space (TheWindowsClub.com)
GUIDE: How to Stop Windows 10 From Uploading Updates to Other PCs Over the Internet (HowToGeek.com) GUIDE: How to Enable or Disable Automatic Windows Updates (TenForums.com)
GUIDE: Prevent Automatic Windows Update Downloads with a Metered Connection (HowToGeek.com)
GUIDE: How to Monitor Your Internet Bandwidth Usage and Avoid Exceeding Data Caps (HowToGeek.com)
NOTES
12
dmwappushsvc
Description - This service, WAP Push Message Routing Service, is used for receiving mobile text messages that redirect to web pages. The message arrives as an alert that, when clicked, opens a web page in a mobile browser. For example, a restaurant may send you a digital coupon when you are near their location. This location tracking service is a privacy risk. Reason for Disabling on a Standalone PC
PRIVACY RISK (telemetry and data collection) Push Messages not used.
Default Service Settings - The Dmwappushsvc service runs in a shared process of (svchost.exe). Display Name: Dmwappushsvc Service Name: Dmwappushservice Startup Type: Manual Path: C:\WINDOWS\system32\svchost.exe -k netsvcs File: C:\WINDOWS\system32\dmwappushsvc.dll Registry Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\dmwappushservice Dependencies: This service depends on the following system components: Remote Procedure Call (RPC) (RpcSs) The following system components depend on this service: None
Additional Information
Wireless Application Protocol (Wikipedia.org)
NOTES
13
Downloaded Maps Manager
Description - This service (MapsBroker) provides offline access to downloaded maps via the Windows Map app. Reason for Disabling on a Standalone PC - Windows Map app not used.
Default Service Settings - The Downloaded Maps Manager service runs in its own process of (svchost.exe). Display Name: Downloaded Maps Manager Service Name: MapsBroker Startup Type: Automatic Path: C:\WINDOWS\system32\svchost.exe -k NetworkService File: C:\WINDOWS\system32\moshost.dll Registry Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MapsBroker Dependencies: This service depends on the following system components: Remote Procedure Call (RPC) (RpcSs) The following system components depend on this service: None
NOTES
14
Enterprise App Management Service
Description - This service (EntAppSvc) is used to manage enterprise applications within a corporate computer-based information system. Reason for Disabling on a Standalone PC - Enterprise applications not used.
Default Service Settings - The Enterprise App Management Service runs in a shared process (svchost.exe). Display Name: Enterprise App Management Service Service Name: EntAppSvc Startup Type: Manual Path: C:\WINDOWS\system32\svchost.exe -k appmodel File: C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll Registry Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EntAppSvc Dependencies: This service depends on the following system components: Remote Procedure Call (RPC) (RpcSs) The following system components depend on this service: None
Additional Information
Enterprise Applications (Wikipedia.org)
NOTES
15
Family Safety Filter Driver
Description - This service (wpcfltr) allows parents to manage and restrict a child’s web content. Web filtering is restricted to Microsoft Edge and Microsoft Internet Explorer browsers. Reason for Disabling on a Standalone PC - Microsoft family features not used.
Default Service Settings - The Family Safety Filter Driver service is a kernel mode driver. Display Name: Family Safety Filter Driver Service Name: Wpcfltr Startup Type: Manual Path: C:\WINDOWS\system32\drivers\wpcfltr.sys Registry Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wpcfltr Dependencies: This service depends on the following system components: None The following system components depend on this service: None
Additional Information
Microsoft Family Features (Wikipedia.org)
GUIDE: How to Manage Family Settings for a Child (TenForums.com)
NOTES
16
Fax
Description - This service (Fax) allows you to send, receive, and archive faxes from applications using either a local or a shared network fax device. Instead of using services.msc to disable Fax, this service is disabled through the Control Panel (see below). Note: Some programs and features included with Windows (e.g. Internet Information Services) must be turned on before you can use them. Other features (e.g. Windows Media Player, Windows Fax and Scan) are turned on by default, but you can turn them off if you don’t use them. Turn off the Fax service 1. WIN + X 2. Select Control Panel from the menu that pops up 3. Select Programs and Features 4. Select Turn Windows features on or off 5. Click the “+” next to Print and Document Services 6. Deselect Windows Fax and Scan
Reason for Disabling on a Standalone PC - Faxing not used.
Default Service Settings - The Fax service runs in its own process (fxssvc.exe). Display Name: Fax Service Name: Fax Startup Type: Manual Path: C:\WINDOWS\system32\drivers\fxssvc.exe Registry Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Fax Dependencies: This service depends on the following system components: Print Spooler (Spooler) Remote Procedure Call (RPC) (RpcSs) Telephony (TapiSrv) The following system components depend on this service: None
Additional Information
Windows Fax and Scan (Wikipedia .org)
How to Send and Receive Faxes Online Without a Fax Machine or Phone Line (HowToGeek.com)
NOTES
17
Function Discovery (2 services) Description
Function Discovery Provider Host - Enables file sharing with other computers within a network.
Function Discovery Resource Publication - Makes a computer and the resources attached to it (e.g. printer) discoverable and available within a network.
Reason for Disabling on a Standalone PC
No network connections.
File sharing or HomeGroup not used.
Default Service Settings - Both the Function Discovery Provider Host service and the Function Discovery Resource Publication service run in a shared process (svchost.exe). Display Name: Function Discovery Provider Host Service Name: fdPHost Startup Type: Manual Path: C:\WINDOWS\system32\svchost.exe -k LocalService File: C:\WINDOWS\system32\fdPHost.dll Registry Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\fdPHost Dependencies: This service depends on the following system components: HTTP Service (http) Remote Procedure Call (RPC) (RpcSs) The following system components depend on this service: HomeGroup Provider (HomeGroupProvider) Display Name: Function Discovery Resource Publication Service Name: FDResPub Startup Type: Manual Path: C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation File: C:\WINDOWS\system32\fdrespub.dll Registry Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FDResPub Dependencies: This service depends on the following system components: HTTP Service (http) Remote Procedure Call (RPC) (RpcSs) The following system components depend on this service: HomeGroup Provider (HomeGroupProvider)
Additional Information
GUIDE: Guide to Network and Sharing Center (Online-Tech-Tips.com)
GUIDE: How to Turn On or Off Public Folder Sharing (TenForums.com)
GUIDE: How to Turn On or Off File and Printer Sharing (TenForums.com) GUIDE: How to Turn On or Off Network Discovery (TenForums.com)
NOTES
18
Geolocation Service
Description - This service (lfsvc) tracks a PC’s current location and also manages geofences. Geofencing is the creation of geographic boundary around a specific location. Crossing this boundary triggers an action (e.g. message). Geofencing is used with mobile devices such as phones or tablets. Reason for Disabling on a Standalone PC
PRIVACY RISK (location tracking and location sharing) Geolocation not used.
Default Service Settings - The Geolocation Service runs in a shared process (svchost.exe). Display Name: Geolocation Service Service Name: lfsvc Startup Type: Manual Path: C:\WINDOWS\system32\svchost.exe -k netsvcs File: C:\WINDOWS\system32\lfsvc.dll Registry Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lfsvc Dependencies: This service depends on the following system components: Remote Procedure Call (RPC) (RpcSs) The following system components depend on this service: None
Additional Information
Geolocation (Wikipedia.org)
Locational Privacy (eff.org)
Geolocation Privacy and Surveillance Act (Wikipedia.org)
NOTES
19
HomeGroup (2 services) Description
HomeGroup Listener - Monitors your PC’s configuration and applies changes to HomeGroups. HomeGroup Provider - Detects other HomeGroups.
Reason for Disabling on a Standalone PC
No home network connection. HomeGroup not used.
Default Service Settings - Both the HomeGroup Listener service and the HomeGroup Provider service run in a shared process (svchost.exe). Display Name: HomeGroup Listener Service Name: HomeGroupListener Startup Type: Manual Path: C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted File: C:\WINDOWS\system32\listsvc.dll Registry Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HomeGroupListener Dependencies: This service depends on the following system components: None The following system components depend on this service: None Display Name: HomeGroup Provider Service Name: HomeGroupProvider Startup Type: Manual Path: C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted File: C:\WINDOWS\system32\provsvc.dll Registry Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HomeGroupProvider Dependencies: This service depends on the following system components: Function Discovery Provider Host (fdPHost) Function Discovery Resource Publication (FDResPub) Network List Service (netprofm) The following system components depend on this service: None
Additional Information
HomeGroup from Start to Finish (Microsoft.com)
GUIDE: How to Create a HomeGroup (TenForums.com)
GUIDE: How to Setup and Manage Windows 10 HomeGroup on a Local Network (WindowsCentral.com) GUIDE: How to Join a HomeGroup (TenForums.com)
GUIDE: How to Leave a HomeGroup (TenForums.com)
NOTES
20
Human Interface Device Service
Description - This service (hidserv) allows you to use special buttons/keys (e.g. volume control, email access, etc.) on multimedia keyboards, mice, game controllers, remote controls and Human Interface Devices (HID) that connect to your PC via USB or Bluetooth. Note: A Logitech 2-button mouse is connected to my PC and works properly without this service. Reason for Disabling on a Standalone PC - HID devices not connected to PC.
Default Service Settings - The Human Interface Device Service runs in a shared process (svchost.exe). Display Name: Human Interface Device Service Service Name: Hidserv Startup Type: Manual Path: C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted File: C:\WINDOWS\system32\hidserv.dll Registry Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\hidserv Dependencies: This service depends on the following system components: None The following system components depend on this service: None
Additional Information
Introduction to HID Concepts (msdn.Microsoft.com) Human Interface Device (Wikipedia.org)
NOTES
21
Hyper-V (8 services)
Description - Hyper-V creates Virtual Machines (VM) on x86-64 systems running Windows.
Hyper-V Data Exchange Service - Allows information sharing between the host and VM.
Hyper-V Guest Shutdown Service - Performs an orderly shutdown of VMs without having to login to a VM.
Hyper-V Guest Service Interface - Allows file copying to a running VM without using a network connection. Hyper-V Heartbeat Service – Identifies VMs that have stopped responding.
Hyper-V Remote Desktop Virtualization Service – Communications between the VM and the OS on a remote computer. Hyper-V Time Synchronization Service - Synchronizes a VM’s time with the host’s time. Hyper-V VM Session Service – Manages a VM with PowerShell.
Hyper-V Volume Shadow Copy Requestor – Used to backup and restore VMs.
Reason for Disabling on a Standalone PC - Virtual Machines (VM) not used.
Default Service Settings - All 8 Hyper-V services run in a shared process (svchost.exe). Display Name: Hyper-V Data Exchange Service Service Name: vmickvpexchange Startup Type: Manual Path: C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted File: C:\WINDOWS\system32\icsvc.dll Registry Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vmickvpexchange Dependencies: This service depends on the following system components: None The following system components depend on this service: None Display Name: Hyper-V Guest Service Interface Service Name: vmicguestinterface Startup Type: Manual Path: C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted File: C:\WINDOWS\system32\icsvc.dll Registry Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vmicguestinterface Dependencies: This service depends on the following system components: None The following system components depend on this service: None Display Name: Hyper-V Guest Shutdown Service Service Name: vmicshutdown Startup Type: Manual Path: C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted File: C:\WINDOWS\system32\icsvc.dll Registry Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vmicshutdown Dependencies: This service depends on the following system components: None The following system components depend on this service: None
22
Display Name: Hyper-V Heartbeat Service Service Name: vmicheartbeat Startup Type: Manual Path: C:\WINDOWS\system32\svchost.exe -k ICService File: C:\WINDOWS\system32\icsvc.dll Registry Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vmicheartbeat Dependencies: This service depends on the following system components: None The following system components depend on this service: None Display Name: Hyper-V Remote Desktop Virtualization Service Service Name: vmicrdv Startup Type: Manual Path: C:\WINDOWS\system32\svchost.exe -k ICService File: C:\WINDOWS\system32\icsvcext.dll Registry Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vmicrdv Dependencies: This service depends on the following system components: None The following system components depend on this service: None Display Name: Hyper-V Time Synchronization Service Service Name: vmictimesync Startup Type: Manual Path: C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted File: C:\WINDOWS\system32\icsvc.dll Registry Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vmictimesync Dependencies: This service depends on the following system components: Microsoft Hyper-V Guest Infrastructure Driver (vmgid) The following system components depend on this service: None Display Name: Hyper-V VM Session Service Service Name: vmicvmsession Startup Type: Manual Path: C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted File: C:\WINDOWS\system32\icsvc.dll Registry Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vmicvmsession Dependencies: This service depends on the following system components: None The following system components depend on this service: None Display Name: Hyper-V Volume Shadow Copy Requestor Service Name: vmicvss Startup Type: Manual Path: C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted File: C:\WINDOWS\system32\icsvcext.dll Registry Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vmicvss Dependencies: This service depends on the following system components: None The following system components depend on this service: None
Additional Information
Hyper-V (Wikipedia.org)
Hyper-V on Windows 10 (Microsoft.com)
23
Intel (2 services) Description
Intel Management and Security Application Local Management Service - Part of Intel’s Active Management Technology (AMT) and is aimed enterprise users not home users. AMT uses remote access to computers running this service to monitor, maintain, update, upgrade, and repair them.
Intel Management and Security Application User Notification Service - Part of Intel’s Active Management Technology (AMT) and is aimed enterprise users not home users. This services receives messages from AMT and writes them to Window’s local event log.
Reason for Disabling on a Standalone PC - Not an enterprise user. Default Service Settings
Display Name: Intel Management and Security Application Local Management Service Service Name: LMS Startup Type: Automatic (Delayed Start) Path: C:\Program Files (x86)\Intel\Intel Management Engine Components\LMS\LMS.exe Registry Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LMS Dependencies: This service depends on the following system components: None The following system components depend on this service: Intel(R) Management and Security Application User Notification Service (UNS) Display Name: Intel Management and Security Application User Notification Service Service Name: UNS Startup Type: Automatic (Delayed Start) Path: C:\Program Files (x86)\Intel\Intel Management Engine Components\UNS\UNS.exe Registry Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UNS Dependencies: This service depends on the following system components: Intel Management and Security Application User Notification Service (LMS) The following system components depend on this service: None
Additional Information
Intel Active Management Technology (Intel.com)
Intel Active Management Technology (Wikipedia.org)
NOTES
24
Internet Connection Sharing (ICS)
Description - This service (ICS) uses a PC with wired access to the internet as a hub or router to provide wireless internet access to other computers and devices. Reason for Disabling on a Standalone PC - PC’s internet connection not shared with other computers or devices. Default Service Settings - The Internet Connection Sharing (ICS) service runs in a shared process (svchost.exe). Display Name: Internet Connection Sharing (ICS) Service Name: SharedAccess Startup Type: Manual Path: C:\WINDOWS\system32\svchost.exe -k netsvcs File: C:\WINDOWS\system32\hidserv.dll Registry Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ipnathlp.dll Dependencies: This service depends on the following system components: Base Filtering Engine (BFE) Network Connections (Netman) Windows Management Instrumentation (Winmgmt) The following system components depend on this service: None
Additional Information
Internet Connection Sharing (Wikipedia.org)
GUIDE: How to Share a Wired Ethernet Internet Connection with All Your Devices (HowToGeek.com)
GUIDE: How to Share Your Smartphone’s Internet Connection: Hotspots and Tethering Explained (HowToGeek.com) GUIDE: How to Turn Your Windows PC into a Wi-Fi Hotspot (HowToGeek.com)
NOTES
25
Internet Explorer ETW Collector Service
Description - This service (IEEtwCollectorService) collects ETW data for Internet Explorer. ETW stands for Event Tracing for Windows. ETW is a Windows system and software diagnostic feature that captures the sequence and timing of events. These captured events can be used by software programmers to analyze performance and troubleshoot problems (e.g. data bottlenecks). Reason for Disabling on a Standalone PC - Internet Explorer’s ETW feature not used.
Default Service Settings - The Internet Explorer ETW Collector Service runs in its own process (IEEtwCollector.exe). Display Name: Internet Explorer ETW Collector Service Service Name: IEEtwCollectorService Startup Type: Manual Path: C:\WINDOWS\system32\IEEtwCollector.exe /V File: C:\WINDOWS\system32\IEEtwCollector.exe Registry Key: H HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IEEtwCollectorService Dependencies: This service depends on the following system components: None The following system components depend on this service: None
Additional Information
ETW Introduction and Overview (Microsoft.com)
Event Tracing, MSDN Magazine, Apr 2007 (Microsoft.com)
NOTES
26
IP Helper
Description - This service (iphlpsvc) provides support for an IPv6 connection over an IPv4 network. IPv6 is the newest Internet Protocal and is intended to replace IPv4. IPv6 is also used to connect to Internet of Things (IoT) devices. Security risks exist with both IoT and IPv6 (see “Additional Information” below). Reason for Disabling on a Standalone PC
SECURITY RISK (IPv6 and IoT) IPv6 connections not used.
Default Service Settings - The IP Helper service runs in a shared process (svchost.exe). Display Name: IP Helper Service Name: Iphlpsvc Startup Type: Automatic Path: C:\WINDOWS\system32\svchost.exe -k NetSvcs File: C:\WINDOWS\system32\iphlpsvc.dll. Registry Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\iphlpsvc Dependencies: This service depends on the following system components: NetIO Legacy TDI Support Driver (tdx) Network Store Interface Service (nsi) Remote Procedure Call (RPC) (RpcSs) TCP/IP Protocol Driver (Tcpip) WinHTTP Web Proxy Auto-Discovery Service (WinHttpAutoProxySvc) Windows Management Instrumentation (winmgmt) The following system components depend on this service: Network Connectivity Assistant (NcaSvc)
Additional Information
IPv6: The Smart Person's Guide (TechRepublic.com)
IoT Security Issues Unplugged (TechTarget.com)
IPv6: Security Concerns (TechRepublic.com)
10 Things to Know about the October 21 IoT DDoS Attacks (WeLiveSecurity.com) Are My Smarthome Devices Secure? (HowToGeek.com)
NOTES
27
Link-Layer Topology Discovery Mapper
Description - This service (lltdsvc) displays a map of your network. This network map is visible in the Network and Sharing Center by selecting "See Full Map". Reason for Disabling on a Standalone PC - Visible network map (in the Network and Sharing Center) not used. Default Service Settings - The Link-Layer Topology Discovery Mapper runs in a shared process (svchost.exe). Display Name: Link-Layer Topology Discovery Mapper Service Name: lltdsvc Startup Type: Manual Path: C:\WINDOWS\system32\svchost.exe -k LocalService File: C:\WINDOWS\system32\lltdsvc.dll Registry Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\iphlpsvc Dependencies: This service depends on the following system components: Link-Layer Topology Discovery Mapper I/O Driver (lltdio) Remote Procedure Call (RPC) (RpcSs) The following system components depend on this service: None
Additional Information
Link Layer Topology Discovery (Wikipedia.org)
NOTES
28
Microsoft Diagnostics Hub Standard Collector Service
Description - This service (diagnosticshub.standardcollector.service) collects ETW (Event Tracing for Windows) data.. ETW is a system and software diagnostic component in Windows that captures the sequence and timing of events. These captured events can be used by software programmers to analyze performance and troubleshoot problems (e.g. data bottlenecks). Reason for Disabling on a Standalone PC - ETW feature not used.
Default Service Settings - The Microsoft Diagnostics Hub Standard Collector Service runs in its own process (DiagnosticsHub.StandardCollector.Service.exe). Display Name: Microsoft Diagnostics Hub Standard Collector Service Service Name: diagnosticshub.standardcollector.service Startup Type: Manual Path: C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe Registry Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\diagnosticshub.standardcollector.serv ice Dependencies: This service depends on the following system components: None The following system components depend on this service: None
Additional Information
ETW Introduction and Overview (Microsoft.com)
Event Tracing, MSDN Magazine, Apr 2007 (Microsoft.com)
NOTES
29
Microsoft iSCSI Initiator Service
Description - This service (MSiSCSI) manages remote iSCSI devices (disks, tapes, CDs, or other storage devices on network connected systems). Reason for Disabling on a Standalone PC - Networked iSCSI devices not used.
Default Service Settings - The Microsoft iSCSI Initiator Service runs i a shared process (svchost.exe). Display Name: Microsoft iSCSI Initiator Service Service Name: MSiSCSI Startup Type: Manual Path: C:\WINDOWS\system32\svchost.exe -k netsvcs File: C:\WINDOWS\system32\iscsiexe.dll Registry Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSiSCSI Dependencies: This service depends on the following system components: None The following system components depend on this service: None
Additional Information
iSCSI (Wikipedia.org)
NOTES
30
Microsoft Windows SMS Router Service
Description - This service (SmsRouter) routes messages from a Local Area Network (LAN) server to connected PCs. These messages support the (1) inventory of hardware and software, (2) distribution and installation of software, and (3) performance of diagnostic tests. Reason for Disabling on a Standalone PC - No LAN connections.
Default Service Settings - The Microsoft Windows SMS Router Service. Runs in a shared process (svchost.exe). Display Name: Microsoft Windows SMS Router Service Service Name: SmsRouter Startup Type: Manual Path: C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted File: C:\WINDOWS\system32\SmsRouterSvc.dll Registry Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SmsRouter Dependencies: This service depends on the following system components: NDIS Usermode I/O Protocol (Ndisuio) Remote Procedure Call (RPC) (RpcSs) The following system components depend on this service: None
Additional Information
Systems Management Server (SMS) (Wikipedia.org) Local Area Network (LAN) (Wikipedia.org)
NOTES
31
Netlogon
Description - This service (Netlogon) authenticates users and other services within a Windows domain. Reason for Disabling on a Standalone PC - No network connections.
Default Service Settings - The Netlogon service runs in a shared process (lsass.exe). Display Name: Netlogon Service Name: Netlogon Startup Type: Manual Path: C:\WINDOWS\system32\lsass.exe File: C:\WINDOWS\system32\netlogon.dll Registry Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon Dependencies: This service depends on the following system components: Workstation (LanmanWorkstation) The following system components depend on this service: None
NOTES
32
Net.Tcp Port Sharing Service
Description - This service (NetTcpPortSharing) is a part of the Windows Communication Foundation (WCF) in .NET. The service allows several applications to use the same TCP port for network communications. Reason for Disabling on a Standalone PC - Default setting for Startup Type = Disabled.
Default Service Settings - The Net.Tcp Port Sharing Service runs in a shared process (SMSvcHost.exe). Display Name: Net.Tcp Port Sharing Service Service Name: NetTcpPortSharing Startup Type: Disabled Path: C:\WINDOWS\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe Registry Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetTcpPortSharing Dependencies: This service depends on the following system components: None The following system components depend on this service: None
Additional Information
Net.TCP Port Sharing (Microsoft.com)
NOTES
33
Network Connected Devices Auto-Setup
Description - This service (NcdAutoSetup) automatically detects, sets up and enables the use of devices for private network locations (e.g. home or workplace). Within private networks, network discovery is turned on, file and printer sharing are turned on and HomeGroup connections are allowed. Reason for Disabling on a Standalone PC - No private network connections.
Default Service Settings - The Network Connected Devices Auto-Setup service runs in a shared process (svchost.exe). Display Name: Network Connected Devices Auto-Setup Service Name: NcdAutoSetup Startup Type: Manual Path: C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork File: C:\WINDOWS\system32\NcdAutoSetup.dll Registry Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NcdAutoSetup Dependencies: This service depends on the following system components: Network List Service (netprofm) The following system components depend on this service: None
Additional Information
GUIDE: Guide to Network and Sharing Center (Online-Tech-Tips.com)
GUIDE: How to Turn On or Off Public Folder Sharing (TenForums.com)
GUIDE: How to Turn On or Off File and Printer Sharing (TenForums.com) GUIDE: How to Turn On or Off Network Discovery (TenForums.com)
NOTES
34
Network Connectivity Assistant
Description - This service (NcaSvc) indicates network connection status and allows data collection when connecting to DirectAccess servers. Reason for Disabling on a Standalone PC - No network connections.
Default Service Settings - The Network Connectivity Assistant service runs in a shared process (svchost.exe). Display Name: Network Connectivity Assistant Service Name: NcaSvc Startup Type: Manual Path: C:\WINDOWS\system32\svchost.exe -k NetSvcs File: C:\WINDOWS\system32\ncasvc.dll Registry Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NcaSvc Dependencies: This service depends on the following system components: Base Filtering Engine (BFE) DNS Client (Dnscache) IP Helper (iphlpsvc) Network Store Interface Service (nsi) The following system components depend on this service: None
NOTES
35
Peer Networking (3 services) Services Disabled
Peer Name Resolution Protocol
Peer Networking Identity Manager
Peer Networking Grouping
Description - These services enable peer-to-peer (P2P) and collaborative programs (e.g. HomeGroup and Remote Assistance) to communicate with each other across a network. Reason for Disabling on a Standalone PC - No connections to P2P networks, HomeGroup, or Remote Assistance. Default Service Settings - All 3 Peer Networking services run in a shared process (svchost.exe). Display Name: Peer Name Resolution Protocol Service Name: PNRPsvc Startup Type: Manual Path: C:\WINDOWS\system32\svchost.exe -k LocalServicePeerNet File: C:\WINDOWS\system32\pnrpsvc.dll Registry Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PNRPsvc Dependencies: This service depends on the following system components: Peer Networking Identity Manager (p2pimsvc) The following system components depend on this service: PNRP Machine Name Publication Service (PNRPAutoReg) Peer Networking Grouping (p2psvc) Display Name: Peer Networking Grouping Service Name: p2psvc Startup Type: Manual Path: C:\WINDOWS\system32\svchost.exe -k LocalServicePeerNet File: C:\WINDOWS\system32\p2psvc.dll Registry Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\p2psvc Dependencies: This service depends on the following system components: Peer Name Resolution Protocol (PNRPsvc) Peer Networking Identity Manager (p2pimsvc) The following system components depend on this service: None Display Name: Peer Networking Identity Manager Service Name: p2pimsvc Startup Type: Manual Path: C:\WINDOWS\system32\svchost.exe -k LocalServicePeerNet File: C:\WINDOWS\system32\pnrpsvc.dll Registry Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\p2pimsvc Dependencies: This service depends on the following system components: None The following system components depend on this service: Peer Name Resolution Protocol (PNRPsvc) Peer Networking Grouping (p2psvc)
NOTES
36
Performance Counter DLL Host
Description - This service (PerfHost) runs 32-bit Performance Counters remotely from users on 64-bit servers. These counters provide performance data for operating systems (OS), applications, services, or drivers and can identify system bottlenecks. Reason for Disabling on a Standalone PC - Don’t remotely run 32-bit performance counters. Default Service Settings
Display Name: Performance Counter DLL Host Service Name: PerfHost Startup Type: Manual Path: C:\WINDOWS\SysWow64\perfhost.exe Registry Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PerfHost Dependencies: This service depends on the following system components: Remote Procedure Call (RPC) (RpcSs) The following system components depend on this service: None
NOTES
37
Performance Logs & Alerts
Description - This service (pla) collects Performance Counter data from local or remote computers. These counters provide performance data for operating systems (OS), applications, services, or drivers and can identify system bottlenecks. Based on counter data, this service can trigger alerts or write performance data to a log file for analysis and report generation. Real-time performance counter data can be viewed graphically using Performance Monitor (WIN+R perfmon.msc). Reason for Disabling on a Standalone PC
Performance counter data not needed. No remote connections.
Default Service Settings - The Performance Logs & Alerts service runs in a shared process (svchost.exe). Display Name: Performance Logs & Alerts Service Name: pla Startup Type: Manual Path: C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork File: C:\WINDOWS\system32\pla.dll Registry Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\pla Dependencies: This service depends on the following system components: Remote Procedure Call (RPC) (RpcSs) The following system components depend on this service: None
NOTES
38
PNRP Machine Name Publication Service Description
This service (PNRPAutoReg) publishes a PC's name using Peer Name Resolution Protocol. This is a peer-to-peer (P2P) protocol used by Remote Assistance and HomeGroup. Reason for Disabling on a Standalone PC - No connections to P2P networks.
Default Service Settings - The Peer Name Resolution Protocol service runs in a shared process (svchost.exe). Display Name: PNRP Machine Name Publication Service Service Name: PNRPAutoReg Startup Type: Manual Path: C:\WINDOWS\system32\svchost.exe -k LocalServicePeerNet File: C:\WINDOWS\system32\pnrpsvc.dll Registry Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PNRPsvc Dependencies: This service depends on the following system components: Peer Networking Identity Manager (p2pimsvc) The following system components depend on this service: PNRP Machine Name Publication Service (PNRPAutoReg) Peer Networking Grouping (p2psvc)
NOTES
39
Program Compatibility Assistant Service
Description - This service (PcaSvc) monitors programs that run to identify Windows 10 compatibility issues. Older programs may have compatibility problems. If compatibility issues exist, you are notified and offered a remedy. The service can resolve program conflicts with User Account Control (UAC) and also run programs in a compatibility mode that simulates an earlier version of Windows. Reason for Disabling on a Standalone PC - No incompatible programs installed.
Default Service Settings - The Program Compatibility Assistant Service runs in a shared process (svchost.exe). Display Name: Program Compatibility Assistant Service Service Name: PcaSvc Startup Type: Manual Path: C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted File: C:\WINDOWS\system32\pcasvc.dll Registry Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PcaSvc Dependencies: This service depends on the following system components: Remote Procedure Call (RPC) (RpcSs) The following system components depend on this service: None
NOTES
40
Quality Windows Audio Video Experience
Description - This service (QWAVE) enables high performance video streaming across a LAN (home) network. Reason for Disabling on a Standalone PC - No LAN connections.
Default Service Settings - The Quality Windows Audio Video Experience service runs in a shared process (svchost.exe). Display Name: Quality Windows Audio Video Experience Service Name: QWAVE Startup Type: Manual Path: C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation File: C:\WINDOWS\system32\qwave.dll Registry Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\QWAVE Dependencies: This service depends on the following system components: Link-Layer Topology Discovery Mapper I/O Driver (lltdio) QWAVE driver (QWAVEdrv) QoS Packet Scheduler (Psched) Remote Procedure Call (RPC) (RpcSs) The following system components depend on this service: None
NOTES
41
Remote Access (2 services) Description
Remote Access Auto Connection Manager - Detects unsuccessful attempts to connect to a remote network or computer and provides alternative methods for connection. Used by some direct cable and DSL providers to logon and connect to the internet. If you use a hardware gateway or router, this service is not required.
Remote Access Connection Manager - Manages dial-up and VPN connections from your computer to the Internet or other remote networks. When you double-click a connection in the Network Connections folder and then click the
Connect button, this service either dials the connection or sends a VPN connection request and handles communications with the remote access server to set up the connection.
Reason for Disabling on a Standalone PC - No connections to remote networks or computers.
Default Service Settings - Both the Remote Access Auto Connection Manager service and the Remote Access Connection Manager service run in a shared process (svchost.exe). Display Name: Remote Access Auto Connection Manager Service Name: RasAuto Startup Type: Manual Path: C:\WINDOWS\system32\svchost.exe -k netsvcs File: C:\WINDOWS\system32\rasauto.dll Registry Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasAuto Dependencies: This service depends on the following system components: Remote Access Auto Connection Driver (RasAcd) The following system components depend on this service: None Display Name: Remote Access Connection Manager Service Name: RasMan Startup Type: Manual Path: C:\WINDOWS\system32\svchost.exe -k netsvcs File: C:\WINDOWS\system32\rasmans.dll Registry Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasMan Dependencies: This service depends on the following system components: Secure Socket Tunneling Protocol Service (SstpSvc) The following system components depend on this service: Routing and Remote Access (RemoteAccess)
Additional Information
Remote Access (TheNetworkEncyclopedia.com)
NOTES
42
Remote Desktop (3 services)
Description - These services allow a user to take control of a remote computer or virtual machine over a network connection. Remote Desktop is often targeted by hackers and considered a security risk.
Remote Desktop Configuration
Remote Desktop Services UserMode Port Redirector
Remote Desktop Services
Reason for Disabling on a Standalone PC - No remote connections. Remote Assistance connections disabled. Default Service Settings - All 3 Remote Desktop services run in a shared process (svchost.exe). Display Name: Remote Desktop Configuration Service Name: SessionEnv Startup Type: Manual Path: C:\WINDOWS\system32\svchost.exe -k netsvcs File: C:\WINDOWS\system32\sessenv.dll Registry Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SessionEnv Dependencies: This service depends on the following system components: Remote Procedure Call (RPC) (RpcSs) Workstation (LanmanWorkstation) The following system components depend on this service: None Display Name: Remote Desktop Services Service Name: TermService Startup Type: Manual Path: C:\WINDOWS\system32\svchost.exe -k NetworkService File: C:\WINDOWS\system32\termsrv.dll Registry Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TermService Dependencies: This service depends on the following system components: Remote Procedure Call (RPC) (RpcSs) The following system components depend on this service: Remote Desktop Services UserMode Port Redirector (UmRdpService) Display Name: Remote Desktop Services UserMode Port Redirector Service Name: UmRdpService Startup Type: Manual Path: C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted File: C:\WINDOWS\system32\umrdp.dll Registry Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UmRdpService Dependencies: This service depends on the following system components: Remote Desktop Device Redirector Driver (RDPDR) Remote Desktop Services (TermService) The following system components depend on this service: None
Additional Information
Remote Desktop Protocol Security Issues (Wikipedia.org)
GUIDE: How to Enable and Secure Remote Desktop on Windows (HowToGeek.com)
NOTES
43
Remote Procedure Call (RPC) Locator
Description - This service (RpcLocator) is used to discover Remote Procedure Call (RPC) services. This service is not used by the operating system and is only present for third-party programs that requires it. Reason for Disabling - No third-party programs run that require this service.
Default Service Settings - The Remote Procedure Call (RPC) Locator service runs in its own process (locator.exe). Display Name: Remote Procedure Call (RPC) Locator Service Name: RpcLocator Startup Type: Manual Path: C:\WINDOWS\system32\locator.exe Registry Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcLocator Dependencies: This service depends on the following system components: Remote Desktop Device Redirector Driver (RDPDR) Remote Desktop Services (TermService) The following system components depend on this service: None
NOTES
44
Remote Registry
Description - This service (RemoteRegistry) allows remote users to modify registry settings on a computer. If it is disabled, only locally logged on users can modify the registry. This service presents a security risk should be disabled. "Disabled" is the default setting in Windows 10 Home 1511. Reason for Disabling on a Standalone PC
SECURITY RISK (remote access to registry)
Default setting for Startup Type = Disabled.
Default Service Settings - The Remote Registry service runs in a shared process (svchost.exe). Display Name: Remote Registry Service Name: RemoteRegistry Startup Type: Disabled Path: C:\WINDOWS\system32\svchost.exe -k localService File: C:\WINDOWS\system32\regsvc.dll Registry Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry Dependencies: This service depends on the following system components: Remote Procedure Call (RPC) (RpcSs) The following system components depend on this service: None
NOTES
45
Retail Demo Service
Description - This service (RetailDemo) allows retail store staff to demonstrate Windows 10 features to customers. Reason for Disabling on a Standalone PC – Bloatware that is not needed.
Default Service Settings - The Retail Demo Service runs in a shared process (svchost.exe). Display Name: Retail Demo Service Service Name: RetailDemo Startup Type: Manual Path: C:\WINDOWS\system32\svchost.exe -k netsvcs File: C:\WINDOWS\system32\RDXService.dll Registry Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RetailDemo Dependencies: This service depends on the following system components: None The following system components depend on this service: None
NOTES
46
Routing and Remote Access
Description - This service (RemoteAccess) is used within corporate networks. It allows computers to dial in to a local computer to gain access to the local network. Reason for Disabling on a Standalone PC
No connections to remote networks or computers. Default setting for Startup Type = Disabled.
Default Service Settings - The Routing and Remote Access service runs in a shared process (svchost.exe). Display Name: Routing and Remote Access Service Name: RemoteAccess Startup Type: Disabled Path: C:\WINDOWS\system32\svchost.exe -k netsvcs File: C:\WINDOWS\system32\mprdim.dll Registry Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess Dependencies: This service depends on the following system components: Base Filtering Engine (BFE) HTTP Service (HTTP) NetBIOSGroup Remote Access Connection Manager (RasMan) Remote Procedure Call (RPC) (RpcSs) The following system components depend on this service: None
Additional Information
Routing and Remote Access Service (Technet.Microsoft.com)
NOTES
47
Secondary Logon
Description - This service (seclogon) allows users to use the “Run As” command to elevate their privileges and run commands available to administrators. This is a great way for administrators to do ordinary work (e-mail, Word, Excel, etc.) as ordinary users while also performing administrative tasks without logging off and then back on again. However, this presents a security risk if accessed by users that aren’t intended to have administrative privileges. Reason for Disabling on a Standalone PC
SECURITY RISK (access administrator privileges) Administrator command “Run As” not used.
Default Service Settings - The Secondary Logon service runs in a shared process (svchost.exe). Display Name: Secondary Logon Service Name: seclogon Startup Type: Manual Path: C:\WINDOWS\system32\svchost.exe -k netsvcs File: C:\WINDOWS\system32\seclogon.dll Registry Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\seclogon Dependencies: This service depends on the following system components: None The following system components depend on this service: None
NOTES
48
Sensor (3 services)
Description - These services monitor, manage and deliver sensor data. Sensor data includes motion (accelerometer, gyroscope, magnetometer), barometer, altimeter, ambient light, proximity (human presence), environmental (temperature, humidity, CO2, UV), Biometric (fingerprint, face, iris scanning), and activity (walking, running).
Sensor Data Service
Sensor Service
Sensor Monitoring Service
Reason for Disabling on a Standalone PC
PRIVACY RISK (location tracking and usage) Sensors not used.
Default Service Settings - The Sensor Data Service runs in its own process (SensorDataService.exe). Both Sensor Monitoring Service and Sensor Service run in a shared process (svchost.exe). Display Name: Sensor Data Service Service Name: SensorDataService Startup Type: Manual Path: C:\WINDOWS\system32\SensorDataService.exe Registry Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SensorDataService Dependencies: This service depends on the following system components: None The following system components depend on this service: None Display Name: Sensor Monitoring Service Service Name: SensrSvc Startup Type: Manual Path: C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation File: C:\WINDOWS\system32\sensrsvc.dll Registry Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SensrSv Dependencies: This service depends on the following system components: None The following system components depend on this service: None Display Name: Sensor Service Service Name: SensorService Startup Type: Manual Path: C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted File: C:\WINDOWS\system32\SensorService.dll Registry Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SensorService Dependencies: This service depends on the following system components: None The following system components depend on this service: None
Additional Information
Sensors Overview (msdn.Microsoft.com) Biometrics Privacy Concerns (eff.org)
NOTES
49
Server
Description - This service (LanmanServer) allows sharing of files and printers with other computes on a network. Reason for Disabling on a Standalone PC
No network connections.
File and printer sharing turned off.
Default Service Settings - The Server service runs in a shared process (svchost.exe). Display Name: Server Service Name: LanmanServer Startup Type: Automatic Path: C:\WINDOWS\system32\svchost.exe -k netsvcs File: C:\WINDOWS\system32\srvsvc.dll Registry Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer Dependencies: This service depends on the following system components: Security Accounts Manager (SamSs) Server SMB 2.xxx Driver (srv2) The following system components depend on this service: Computer Browser (Browser)
Additional Information
GUIDE: Turn Off File and Printer Sharing (TenForums.com)
NOTES
50
Smart Card (3 services)
Description - These services enable Smart Card use for authentication purposes.
Smart Card
Smart Card Removal Policy
Smart Card Device Enumeration Service
Reason for Disabling on a Standalone PC - Smart Card not used.
Default Service Settings - All 3 services run in a shared process (svchost.exe). Display Name: Smart Card Service Name: SCardSvr Startup Type: Disabled Path: C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation File: C:\WINDOWS\system32\SCardSvr.dll Registry Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SCardSvr Dependencies: This service depends on the following system components: Windows Driver Foundation - User-mode Driver Framework (wudfsvc) The following system components depend on this service: None Display Name: Smart Card Device Enumeration Service Service Name: ScDeviceEnum Startup Type: Manual Path: C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted File: C:\WINDOWS\system32\ScDeviceEnum.dll Registry Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ScDeviceEnum Dependencies: This service depends on the following system components: None The following system components depend on this service: None Display Name: Smart Card Removal Policy Service Name: SCPolicySvc Startup Type: Manual Path: C:\WINDOWS\system32\svchost.exe -k netsvcs File: C:\WINDOWS\system32\certprop.dll Registry Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SCPolicySvc Dependencies: This service depends on the following system components: Remote Procedure Call (RPC) (RpcSs) The following system components depend on this service: None
Additional Information
Smart Card (Wikipedia.org)
Security with Smart Cards (TechNet.Microsoft.com)
NOTES
51
SSDP Discovery
Description - This service (SSDPSRV) enables discovery of UPnP devices on a network. UPnP is a peer-to-peer network feature that allows smart devices, wireless devices, PCs and peripherals to connect to a network and communicate with each other. UPnP is also known as Network Discovery. Security risks exist with UPnP and this service should be disabled (see “Additional Services” below). Reason for Disabling on a Standalone PC
SECURITY RISK (lack of built-in authentication) No network connections
Default Service Settings - The SSDP Discovery service runs in a shared process (svchost.exe). Display Name: SSDP Discovery Service Name: SSDPSRV Startup Type: Manual Path: C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation File: C:\WINDOWS\system32\ssdpsrv.dll Registry Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SSDPSRV Dependencies: This service depends on the following system components: HTTP Service (HTTP) The following system components depend on this service: UPnP Device Host (upnphost)
Additional Information
Millions of PCs Exposed Through Network Bugs, Security Researchers Find (ZDNet.com)
GUIDE: How to Turn On or Off Network Discovery (TenForums.com)
Is UPnP a Security Risk? (HowToGeek.com)
NOTES
52
TCP/IP NetBIOS Helper
Description - This service (lmhosts) allows network users to share files, print, and log on to the network Reason for Disabling on a Standalone PC
No network connections.
File and printer sharing turned off.
Default Service Settings - The TCP/IP NetBIOS Helper service runs in a shared process (svchost.exe). Display Name: TCP/IP NetBIOS Helper Service Name: lmhosts Startup Type: Manual Path: C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted File: C:\WINDOWS\system32\lmhsvc.dll Registry Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lmhosts Dependencies: This service depends on the following system components: Ancillary Function Driver for Winsock (AFD) The following system components depend on this service: None
Additional Information
NetBIOS over TCP/IP (Wikipedia.org)
Introduction to TCP/IP (Linux-Tutorial.info)
TCP/IP (Wikipedia.org)
GUIDE: Guide to Network and Sharing Center (Online-Tech-Tips.com)
GUIDE: How to Turn On or Off File and Printer Sharing (TenForums.com) GUIDE: How to Turn On or Off Public Folder Sharing (TenForums.com) GUIDE: How to Turn On or Off Network Discovery (TenForums.com)
NOTES
53
Touch Keyboard and Handwriting Panel Service
Description - This service (TabletInputService) is designed for tablets using two Windows features called Touch Keyboard and Handwriting Panel. These features are not needed on a laptop or desktop computer. Reason for Disabling on a Standalone PC - Touch Keyboard and Handwriting Panel features not used.
Default Service Settings - The Touch Keyboard and Handwriting Panel Service runs in a shared process (svchost.exe). Display Name: Touch Keyboard and Handwriting Panel Service Service Name: TabletInputService Startup Type: Manual Path: C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted File: C:\WINDOWS\system32\TabSvc.dll Registry Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TabletInputService Dependencies: This service depends on the following system components: Remote Procedure Call (RPC) (RpcSs) The following system components depend on this service: None
NOTES
54
UPnP Device Host
Description - This service (upnphost) allows UPnP devices to be hosted on this computer. UPnP is a peer-to-peer network feature that allows smart devices, wireless devices, PCs and peripherals to connect to a network and communicate with each other. UPnP is also known as Network Discovery. Security risks exist with UPnP and this service should be disabled (see “Additional Information” below). Reason for Disabling on a Standalone PC
SECURITY RISK (lack of built-in authentication) No network connections.
Default Service Settings - The UPnP Device Host service runs in a shared process (svchost.exe). Display Name: UPnP Device Host Service Name: upnphost Startup Type: Manual Path: C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation File: C:\WINDOWS\system32\upnphost.dll Registry Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\upnphost Dependencies: This service depends on the following system components: HTTP Service (HTTP) SSDP Discovery (SSDPSRV) The following system components depend on this service: None
Additional Information
Millions of PCs Exposed Through Network Bugs, Security Researchers Find (ZDNet.com)
GUIDE: How to Turn On or Off Network Discovery (TenForums.com)
Is UPnP a Security Risk? (HowToGeek.com)
NOTES
55
WebClient
Description - This service (WebClient) allows you to browse to “Network Places” and create, access and modify files on the Internet with Windows-based programs This service is not needed for FTP, SSH, SCP or browser-based connections. Reason for Disabling on a Standalone PC - No network connections.
Default Service Settings - The WebClient service runs in a shared process (svchost.exe). Display Name: WebClient Service Name: WebClient Startup Type: Manual Path: C:\WINDOWS\system32\svchost.exe -k LocalService File: C:\WINDOWS\system32\webclnt.dll Registry Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WebClient Dependencies: This service depends on the following system components: WebDav Client Redirector Driver (MRxDAV) The following system components depend on this service: None
Additional Information
GUIDE: How to Add a Network Location to This PC (TenForums.com)
GUIDE: How to Map Network Drive or Disconnect Network Drive (TenForums.com)
GUIDE: How to Set Network Location to be Public or Private (TenForums.com)
NOTES
56
Windows Biometric Service
Description - This service (WbioSrvc) allows applications to capture, compare, manipulate and store biometric data (like finger prints or iris scans). Security and privacy risks exist with the storage of biometric data (see “Additional Information” below). Reason for Disabling on a Standalone PC SECURITY & PRIVACY RISKS (biometrics)
Default Service Settings - The Windows Biometric Service runs in a shared process (svchost.exe). Display Name: Windows Biometric Service Service Name: WbioSrvc Startup Type: Manual Path: C:\WINDOWS\system32\svchost.exe -k WbioSvcGroup File: C:\WINDOWS\system32\wbiosrvc.dll Registry Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WbioSrvc Dependencies: This service depends on the following system components: Credential Manager (VaultSvc) Remote Procedure Call (RPC) (RpcSs) Windows Driver Foundation - User-mode Driver Framework (wudfsvc) The following system components depend on this service: None
Additional Information
Biometrics are a Grave Threat to Privacy (NYTimes.com)
Biometrics are Coming, Along with Serious Security Concerns (Wired.com)
Biometric Security Poses Huge Privacy Risks (ScientificAmerican.com)
NOTES
57
Windows Connect Now - Config Registrar
Description - This service (wcncsvc) is used by wireless networks in homes and small offices and is geared toward users that are not familiar with Wi-Fi configuration. Windows Connect Now simplifies the creation and configuration of wireless networks and allows devices to be easily added to a network while providing a secure connection. Note: Windows Connect Now is Microsoft’s implementation of Wi-Fi Protected Setup (WPS). Pin-based WPS is vulnerable to a brute-force attack which can result in rogue devices being allowed to connect to a network. Reason for Disabling on a Standalone PC - No network (LAN) connections.
Default Service Settings - The Windows Connect Now - Config Registrar service runs in a shared process (svchost.exe). Display Name: Windows Connect Now - Config Registrar Service Name: wcncsvc Startup Type: Manual Path: C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation File: C:\WINDOWS\system32\wcncsvc.dll Registry Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wcncsvc Dependencies: This service depends on the following system components: Remote Procedure Call (RPC) (RpcSs) The following system components depend on this service: None
NOTES
58
Windows Error Reporting Service
Description - This service (WerSvc) sends reports of errors on your computer (errors, faults, crashes) to Microsoft. They acknowledge that personally identifiable information could be contained in the memory and application data compiled in the 100-200 KB "minidumps" that Windows Error Reporting compiles and sends back to Microsoft. This presents a privacy risk that can be avoided by disabling the service. Reason for Disabling on a Standalone PC - Privacy risk (personally identifiable information is transmitted). Default Service Settings - The Windows Error Reporting Service runs in its own process (svchost.exe). Display Name: Windows Error Reporting Service Service Name: WerSvc Startup Type: Manual Path: C:\WINDOWS\system32\svchost.exe -k WerSvcGroup File: C:\WINDOWS\system32\WerSvc.dll Registry Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WerSvc Dependencies: This service depends on the following system components: None The following system components depend on this service: None
Additional Information
Windows Error Reporting Privacy Concerns (Wikipedia.org)
NOTES
59
Windows Event Collector
Description - This service (Wecsvc) allows administrators to get events from remote computers and store them in a centralized place. Reason for Disabling on a Standalone PC - No remote connections.
Default Service Settings - The Windows Event Collector service runs in a shared process (svchost.exe). Display Name: Windows Event Collector Service Name: Wecsvc Startup Type: Manual Path: C:\WINDOWS\system32\svchost.exe -k NetworkService File: C:\WINDOWS\system32\wecsvc.dll Registry Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Wecsvc Dependencies: This service depends on the following system components: HTTP Service (HTTP) Windows Event Log (EventLog) The following system components depend on this service: None
NOTES
60
Windows Media Player Network Sharing Service
Description - This service (WMPNetworkSvc) allows the streaming of Windows Media Player (WMP) music and video to home entertainment systems and other computers/devices over a local network. Instead of using services.msc to disable Windows Media Player Network Sharing Service, this service is disabled through the Control Panel (see below). Note: Some programs and features included with Windows (e.g. Internet Information Services) must be turned on before you can use them. Other features (e.g. Windows Media Player, Windows Fax and Scan) are turned on by default, but you can turn them off if you don’t use them. Turn off Windows Media Player Network Sharing Service 1. WIN + X 2. Select Control Panel from the menu that pops up 3. Select Programs and Features 4. Select Turn Windows features on or off 5. Click the “+” next to Media Features 6. Deselect Windows Media Player
Reason for Disabling on a Standalone PC
No network connections.
WMP removed. For playback of music and video, I use the portable Media Player Classic Home Cinema. Another popular portable WMP replacement is VLC Media Player.
Default Service Settings - The Windows Media Player Network Sharing Service runs in its own process (wmpnetwk.exe). Display Name: Windows Media Player Network Sharing Service Service Name: WMPNetworkSvc Startup Type: Manual Path: C:\Program Files\Windows Media Player\wmpnetwk.exe Registry Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WMPNetworkSvc Dependencies: This service depends on the following system components: HTTP Service (HTTP) Windows Search (WSearch) The following system components depend on this service: None
Additional Information
Freeware: Media Player Classic Home Cinema (MPC-HC.org)
Freeware: Portable Freeware List - Video Players (PortableFreeware.com)
Freeware: VLC Media Player (Videolan.org)
NOTES
61
Windows Mobile Hotspot Service
Description - This service (icssvc) allows a mobile PC or device to share its Internet connection with up to 8 other devices. You need Wi-Fi to share your connection, but the connection you’re sharing can be an Ethernet (wired), Wi-Fi, or cellular connection. Reason for Disabling on a Standalone PC - Mobile Hotspot not used.
Default Service Settings - The Windows Mobile Hotspot Service runs in a shared process (svchost.exe). Display Name: Windows Mobile Hotspot Service Service Name: icssvc Startup Type: Manual Path: C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted File: C:\WINDOWS\system32\tetheringservice.dll Registry Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\icssvc Dependencies: This service depends on the following system components: Remote Procedure Call (RPC) (RpcSs) Windows Connection Manager (Wcmsvc) The following system components depend on this service: None
Additional Information
How to Turn Your Windows PC into a Wi-Fi Hotspot (HowToGeek.com)
NOTES
62
Windows Remote Management (WS-Management)
Description - This service (WinRM) provides software and hardware management capabilities to network administrators by allowing them to access, edit and update data from remote computers. Reason for Disabling on a Standalone PC - Remote management of hardware and software not used.
Default Service Settings - The Windows Remote Management (WS-Management) service runs in a shared process (svchost.exe). Display Name: Windows Remote Management (WS-Management) Service Name: WinRM Startup Type: Manual Path: C:\WINDOWS\system32\svchost.exe -k NetworkService File: C:\WINDOWS\system32\WsmSvc.dll Registry Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinRM Dependencies: This service depends on the following system components: HTTP Service (HTTP) Remote Procedure Call (RPC) (RpcSs) The following system components depend on this service: None
NOTES
63
Windows Search
Description - This service (WSearch) performs file searches, collects detailed about these files, and stores this information in an index for use during subsequent searches. Reason for Disabling on a Standalone PC - Windows Search not used, replaced with Classic Shell or Everything. Default Service Settings - The Windows Search service runs in its own process (SearchIndexer.exe). Display Name: Windows Search Service Name: WSearch Startup Type: Automatic Path: C:\WINDOWS\system32\SearchIndexer.exe /Embedding Registry Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WSearch Dependencies: This service depends on the following system components: Remote Procedure Call (RPC) (RpcSs) The following system components depend on this service: Windows Media Player Network Sharing Service (WMPNetworkSvc) Work Folders (workfolderssvc)
Additional Information
Freeware: Classic Shell (ClassicShell.net) Freeware: Everything (VoidTools.com)
NOTES
64
WMI Performance Adapter
Description - WMI, or Windows Management Instrumentation, provides network administrators with an interface which simplifies the remote monitoring and management of corporate networks. Reason for Disabling on a Standalone PC - No network connections.
Default Service Settings - The WMI Performance Adapter runs in its own process (WmiApSrv.exe). Display Name: WMI Performance Adapter Service Name: wmiApSrv Startup Type: Manual Path: C:\WINDOWS\system32\wbem\WmiApSrv.exe Registry Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wmiApSrv Dependencies: This service depends on the following system components: None The following system components depend on this service: None
NOTES
65
Workstation
Description - This service (LanmanWorkstation) enables file and printer sharing over a network. Reason for Disabling on a Standalone PC
No network connections.
File and printer sharing turned off.
Default Service Settings - The Workstation service runs in a shared process (svchost.exe). Display Name: Workstation Service Name: LanmanWorkstation Startup Type: Automatic Path: C:\WINDOWS\system32\svchost.exe -k NetworkService File: C:\WINDOWS\system32\wkssvc.dll Registry Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation Dependencies: This service depends on the following system components: Browser Support Driver (bowser) Network Store Interface Service (nsi) SMB 2.0 MiniRedirector (mrxsmb20) The following system components depend on this service: Computer Browser (Browser) Netlogon (Netlogon) Remote Desktop Configuration (SessionEnv)
Additional Information
GUIDE: Guide to Network and Sharing Center (Online-Tech-Tips.com)
GUIDE: How to Turn On or Off Public Folder Sharing (TenForums.com)
GUIDE: How to Turn On or Off File and Printer Sharing (TenForums.com) GUIDE: How to Turn On or Off Network Discovery (TenForums.com)
NOTES
66
Xbox (3 services) Description
Xbox Live Auth Manager - Provides authentication and authorization services for interacting with Xbox Live.
Xbox Live Networking Service - Supports the Windows.Networking.XboxLive application programming interface.
Xbox Live Game Save - Syncs save data for Xbox Live save enabled games.
Reason for Disabling on a Standalone PC - Xbox not used.
Default Service Settings - All 3 services run in a shared process (svchost.exe). Display Name: Xbox Live Auth Manager Service Name: XblAuthManager Startup Type: Manual Path: C:\WINDOWS\system32\svchost.exe -k netsvcs File: C:\WINDOWS\system32\XblAuthManager.dll Registry Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\XblAuthManager Dependencies: This service depends on the following system components: Remote Procedure Call (RPC) (RpcSs) The following system components depend on this service: Xbox Live Game Save (XblGameSave) Display Name: Xbox Live Game Save Service Name: XblGameSave Startup Type: Manual Path: C:\WINDOWS\system32\svchost.exe -k netsvcs File: C:\WINDOWS\system32\XblGameSave.dll Registry Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\XblGameSave Dependencies: This service depends on the following system components: User Manager (UserManager) Xbox Live Auth Manager (XblAuthManager) The following system components depend on this service: None Display Name: Xbox Live Networking Service Service Name: XboxNetApiSvc Startup Type: Manual Path: C:\WINDOWS\system32\svchost.exe -k netsvcs File: C:\WINDOWS\system32\XboxNetApiSvc.dll Registry Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\XboxNetApiSvc Dependencies: This service depends on the following system components: Base Filtering Engine (BFE) Windows Firewall (MpsSvc) The following system components depend on this service: None
NOTES
67
Appendix A: Internet Resources TUTORIALS
How-To-Geek
Lifewire
Windows Ten Forums
Windows Central
SERVICE REFERENCES
Black Viper’s Windows 10 Service Configurations
Windows 10 Service Defaults
COMPUTER DICTIONARIES/ENCYCLOPEDIAS
Techopedia
TechTarget
Wikipedia
Your Dictionary
The Free Dictionary
MISCELLANEOUS
The Portable Freeware Collection (PortableFreeware.com) Windows 10 Version History (Wikipedia.org)
68
Webopedia
Appendix B: Disabled Services (1-page list)
AllJoyn Router Service Application Layer Gateway Certificate Propagation Computer Browser (Browser) Connected Device Platform Service
Connected User Experiences and Telemetry
Credential Manager DataCollectionPublishingService Delivery Optimization dmwappushsvc Downloaded Maps Manager Enterprise App Management Service
Family Safety Filter Driver Fax Function Discovery Provider Host Function Discovery Resource Publication
Geolocation Service HomeGroup Listener HomeGroup Provider Human Interface Device Service Hyper-V Data Exchange Service Hyper-V Guest Service Interface Hyper-V Guest Shutdown Service Hyper-V Heartbeat Service Hyper-V Remote Desktop Virtualization Service
Hyper-V Time Synchronization Service
Hyper-V VM Session Service Hyper-V Volume Shadow Copy Requestor
Intel Management and Security Application Local Management Service
Intel Management and Security Application User Notification Service
Internet Connection Sharing (ICS)
Internet Explorer ETW Collector Service
IP Helper Link-Layer Topology Discovery Mapper
Microsoft Diagnostics Hub Standard Collector Service
Microsoft iSCSI Initiator Service Microsoft Windows SMS Router Service
Netlogon Net.Tcp Port Sharing Service Network Connected Devices AutoSetup
Network Connectivity Assistant Peer Name Resolution Protocol Peer Networking Grouping Peer Networking Identity Manager Performance Counter DLL Host Performance Logs & Alerts PNRP Machine Name Publication Service
Program Compatibility Assistant Service
Quality Windows Audio Video Experience
Remote Access Auto Connection Manager
Remote Access Connection Manager
Remote Desktop Configuration (TermService)
Remote Desktop Services Remote Desktop Services
UserMode Port Redirector
Remote Procedure Call (RPC) Locator
Remote Registry Retail Demo Service Routing and Remote Access Secondary Logon Sensor Data Service 69
Sensor Monitoring Service Sensor Service Server Smart Card Smart Card Device Enumeration Service
Smart Card Removal Policy SSDP Discovery TCP/IP NetBIOS Helper Touch Keyboard and Handwriting Panel Service
UPnP Device Host WebClient Windows Biometric Service Windows Connect Now - Config Registrar
Windows Error Reporting Service Windows Event Collector Windows Media Player Network Sharing Service
Windows Mobile Hotspot Service Windows Remote Management (WS-Management)
Windows Search WMI Performance Adapter Workstation Xbox Live Auth Manager Xbox Live Game Save Xbox Live Networking Service
Appendix C: Change History Version
Date
Changes
1.01
12/4/2016
1.0
12/1/2016
Initial release.
1.02
1/2/2017
1.03
2/5/2017
Page 4: AllJoyn Router Service – Removed Check Now If Your Internet Devices Are Open to Hackers (MakeUseOf.com) link. Page 4: AllJoyn Router Service – Added Are My Smarthome Devices Secure? (HowToGeek.com) link.
Page 27: IP Helper – Removed Check Now If Your Internet Devices Are Open to Hackers (MakeUseOf.com) link.
Page 27: IP Helper – Added Are My Smarthome Devices Secure? (HowToGeek.com) link. Page 4: AllJoyn Router Service – Added 5 Reasons to Avoid Smart Assistants If You Value Your Privacy (MakeUseOf.com) link. Updated contact email to
[email protected].
70
