none
100% CPU utilization on svchost.exe or Automatic Updates service

    Question

  • We have upgraded from WSUS 2.0 to 3.0 SP1 and now have few Windows XP SP2 PCs that are extremely slow because the CPU is at 100% utilization running a process called "svchost.exe."  If I go into services and stop and disable the "Automatic Updates" service the CPU drop to normal almost instantly.  I tried forcing a reinstall of the Windows Update Agent.  After I enable the "Automatic Updates" service the machine works fine for a day, than after a reboot it goes back to 100% CPU utilization.  We need this fixed so we can get these computers updates.

    Friday, April 25, 2008 2:01 PM

Answers

  • Hi Ryan,

    For this problem, please install update 927891:

    You receive an access violation error and the system may appear to become unresponsive when you try to install an update from Windows Update or from Microsoft Update

    http://support.microsoft.com/?scid=kb%3Ben-us%3B927891&x=4&y=21

    --------------------
    Regards,
    Eric Zhang



    Monday, April 28, 2008 3:35 AM
    Moderator

All replies

  • Hi Ryan,

    For this problem, please install update 927891:

    You receive an access violation error and the system may appear to become unresponsive when you try to install an update from Windows Update or from Microsoft Update

    http://support.microsoft.com/?scid=kb%3Ben-us%3B927891&x=4&y=21

    --------------------
    Regards,
    Eric Zhang



    Monday, April 28, 2008 3:35 AM
    Moderator
  • I tried that. Did not work.

     

    Friday, May 02, 2008 12:59 PM
  • Hi Ryan,

    Did you use symantec or other anti-virus software on your clients?

    If you did, the following KB will be helpful, you need to exclude all files in SoftwareDistribution folder from scanning:

    Virus scanning recommendations for computers that are running Windows Server 2003, Windows 2000, or Windows XP:
    http://support.microsoft.com/kb/822158

    --------------------
    Regards,
    Eric Zhang





    Monday, May 05, 2008 9:13 AM
    Moderator
  • Eric Zhang,

    I am also having this problem on Windows XP with svchost.exe taking 100% CPU. I followed the KB above and excluded the files form my virus scan, but to no avail.

    Any other avenues that I can try? This is very frustrating.

    Regards,
    Dave
    Thursday, May 08, 2008 2:51 AM
  • Hi Dave,

    The svchost issue can also be caused by virus, I'd like to suggest you boot into safe mode and perform a full scan by your anit-virus software, also, for more questions about Windows XP, please use Microsoft Public newsgroup for Windows XP which would be the most relevant newsgroup for your question.

    Windows XP Newsgroup:
    http://www.microsoft.com/windowsxp/expertzone/newsgroups/reader.mspx

    --------------------
    Regards,
    Eric Zhang



    Thursday, May 08, 2008 10:00 AM
    Moderator
  • I have had the exact same problem with svchost.exe on 4 different PCs today!

    They are NOT infected with virus - it must be some update from MS that is causing these problems.

    I have consulted different MS forums, and it seem to be a LOT of people having this problem.

    It disappears when you disable Windows Update, but that is of course not s long-term solution.

    When is the fix coming out? Is it incorporated in SP3 for XP?

    Thanks!

     

     

    Thursday, May 08, 2008 4:37 PM
  • I am going to try installing Windows XP SP3 on the machines with the issue and see if that takes care of it.  I guess the only other solution is to format and re-install.

     

    Thursday, May 08, 2008 5:43 PM
  • I didn't have the problem until after SP3 was installed on my system last night.

    Friday, May 09, 2008 2:18 AM
  • I had this issue on 2 laptops and 2 workstations.  All are running Windows XP/SP2 and this issue started 2 days ago.  I thought I had a virus or malware that was spreading from machine to machine.

    I finally tracked this issue down to a DAT or Engine update for my CA AntiVirus 2008 software.  I disabled the Automatic Updates service to alleviate the issue, but the issue still occured if I tried to go to the Microsoft Update site and scanned my PCs for necessary updates.

    When I disabled the real time scanner on my AV software, this issue went away.

    I have removed this AV software and am now using the free Avast Anti-Virus.  Issue resolved on all machines.

    I may even attempt an upgrade to SP3 this weekend.
    Friday, May 09, 2008 10:27 PM
  • I'm running 2 machines with XP/SP2 and 2 machines with XP/SP3 and I can now reproduce and correct this issue at any time on any of theese machines.  It is definately the CA AntiVirus engine that is interfering with the svchost.exe process that is causing the poor performance and CPU spike.

    I have opened a case with CA who have acknowledged that a recent dat/engine update may be responsible and am waiting to hear back from them.

    If you have Automatic Updates enabled in any form on your PC and have CA AV installed and the real-time scanner enabled, you will have this issue when the computer is rebooted.  This is because one of the first things XP does after boot is to see if there are any updates needed for the computer.  The Automatic Update process uses svchost.exe as part of the scan of the workstation to see which updates are necessary.  Because the AV real-time scanner is enabled, the AV software "interferes" with svchost.exe causing the CPU spike the scan never completes.

    If you turn Automatic Updates off, you will not experience this issue at boot time.  However, you can still reproduce this issue by manually running a scan for updates from the Microsoft Update page in IE.  If you navigate to this page and run a scan and the AV real-time scanner is enabled, you will have this issue.  If you put the real-time scanner in sleep mode before you run a scan, the issue does not occur and the updates for your computer will be displayed and can be downloaded or installed.

    Fix 1:  Remove CA AV software from your computer.  I have tested 5 other AV software products and I cannot reproduce this issue with any of them.  Avast, AVG, McAfee, Trend Micro, and Norton all work fine and do not interfere with svchost.exe and Automatic/Microsoft Update process.

    Fix 2:  Disable Automatic updates on the PC.  This will solve the boot time issues.  Disable the real-time scan engine when manually scanning for patches from the Microsoft Update site

    Fix 3:  Wait for CA to resolve their issue and push a new DAT/Engine.  I'm sure CA will be able to fix the issue in time, but PC with Automatic Updates will suffer until this is done.

    Good luck to all of you.
    Saturday, May 10, 2008 5:05 PM
  • yep. I had the exact same problem. I have CA Antivirus and with automatic update off its not happening.

     

    Sunday, May 11, 2008 12:55 AM
  • I have exactly the same issue on 2 machines.  One runs Vista the other runs XP SP3 which was running SP2 a couple of days ago but also had issues then.

    I have also placed a call with CA in regards to this issue.

    Sunday, May 11, 2008 10:50 AM
  • Me too, on a portable PC Acer running XP SP2 Home !  Will try to disable Windows Automatic Updates...

     

    Update : I did disable automatic updates in the corresponding panel and also by changing the starting mode of the service (from "automatic" to "on demand").  The reboot worked fine.  Problem is gone for now. I do hope CA fix this real quick, even if the link with CA is not obvious.

     

    Thanks for sharing this info, I was really getting crazy !

     

    Sunday, May 11, 2008 7:22 PM
  • Started to experience this same sympton, on both XP and Vista machines. Common application is CA's antivirus on the two machines.

     

    Thanks

    Sunday, May 11, 2008 8:20 PM
  • Have had lots of calls regarding this ca problem, the wierd thing is that on my own machines it hasn't happened. Will have to wait for ca to sort it out

     

    Monday, May 12, 2008 2:11 AM
  • Have just got off talking to a CA technician.  Was advised to exclude all *.msp and *.msi files in the Real-Time scan.

     

    What I did was:

     

    1.  "Open Security Center"

    2.  "Open Advance Settings"

    3.  Clicked on the "Options" button

    4.  Clicked on the "Modify" link under the Exclusions list and then "Added" *.msi and *.msp to the list and clicked OK

     

    Ran the MS update manually to verify that this worked and it seemed to work ok.

    Mind you this worked on my Vista machine.  I will verify it on the XP box also but I think it should be ok.

    Monday, May 12, 2008 5:43 AM
  •  

    colflagg,

    Excellent find. Disabled CA realtime scanner. All working well now.

     

    Did you hear from CA yet? As turning off the CA antivirus would mean the machine practically has no anti-virus installed.

     

    Regards,

    Monday, May 12, 2008 5:48 AM
  •  

    Works on both xp and vista machines
    Monday, May 12, 2008 7:03 AM
  •  

    you shouldn't need to turn off CA antivirus just exclude the *.msi and *.msp files.
    Monday, May 12, 2008 8:12 AM
  • Thank you, Colflagg. Now at least I understand what hit me as from May 6 when it all started.

    Monday, May 12, 2008 10:10 AM
  • I am another victim of this.  Within my business, I have a total of 6 PCs.  2 of which I have just purchased in the last fortnight and thankfully are not afflicted with this problem.

     

    The older PCs including a laptop that have been operating over a reasonable period of time are suffering with the exact same symptoms described.  Seeing that said laptop had nothing of importance on it (only used for accessing emails on the run), I decided to do a clean install of Windows XP Professional and immediately installed SP3 prior to reinstalling my CA Internet Suite software.  The only minor hiccup I suffered was AV Realtime scanner not wanting to work but after reading the FAQs, that was quickly resolved.

     

    Has not yet been 24 hrs but with all definition updates installed and Auto Updates left ON, I have observed that the svchost.exe did briefly work up to 100% CPU for about 30 seconds early on, but since then it has been keeping under 10%.  Will keep the PC running idle and have Process Explorer try keep a log of it.

     

    Not saying that everyone would like to take the same action as myself, but obviously fresher systems may not have the same issues.  Will watch this space.

     

    Cheers to colflagg for identifying the cause.

    Monday, May 12, 2008 1:41 PM
  • Thanks for the pointer to this thread.

     

    I certainly can't/won't discount the potential link to CA Antivirus [yes, I run it].  However I did finally get my situation corrected on a laptop by eliminating the original SoftwareDistribution folder within the Windows directory.  A new version of it got created, presumably by the windows update service, and ever since the system has been running fine, even with CA fully enabled and no files or directories excluded [which would be a serious exposure].

     

    When I first experienced the problem [last Wednesday] on my desktop XP/SP2 system, it was resolved be allowing it to 'loop' itself back to health - no other changes were made, and CA was never stopped or suspended.  Each time I allowed wauaend.dll to loop [perhaps an hour or so each time], I eventually found that a Microsoft update had been installed [and they were not always identified], one of which had to do with Genuine Advantage.  Now I do find that interesting.

     

    So perhaps CA is somehow involved, but they are not alone in this mystery.  I still have a nagging suspicion that Microsoft is at the heart of this situation.

     

    Regards...

     

     

     

     

     

    Monday, May 12, 2008 3:39 PM
  • Found this to be an EXTREMELY helpful post. I disabled the CA On Access scan and it fixed the problem. I looked on CA's website but couldn't find anything about the issue.Keep me posted if you see CA fixes the issue and I'll do the same. So much for vulnerabilities

    Tuesday, May 13, 2008 1:08 AM
  • Excluding *.msp and *.msi in the CA AntiVirus exclusions did it for me, on two XP machines. Now we just need to wait for the CA folks to get the problem fixed so we can remove the exclusions.  Thank you!
    Tuesday, May 13, 2008 2:11 AM
  • Upgrading to Windows XP Service Pack 3 does not fix the issue.  I do not have CA Antivirus on these machines.  We use Symantec AV v.10.1.4.4000.  Is there any issues with that Symantec AV version and Automatic updates?

     

    Tuesday, May 13, 2008 2:55 PM
  •  

    I also use CA on all the networked machines here, with RealTime Scanner On, and Automatic Updates ON. I realised it was a Windiows Update issue late last night but was too tired to deal with it. I left one (the fastest) PC on overnight and by morning CPU was back to 3%. This indicated seemingly indicated that the Update Service had completed - but there were no new updates!?!. Somehow the svchost.exe 100% resolved itself. The other PCs have taken me all day to resolve and I wish I had found this thread earlier!

     

    In the end the svchost.exe 100% does finally resolve (as I was able to show on the other PCs taking up to 4 hrs to sort out each!), and I have also downloaded today's CA updates as well. The problem hadnt shown up earlier because we so rarely reboot machines. Not the case with another group of PCs I look after. I have wasted 12 hours on this and hold MS and CA jointly responsible, till evidence shows to the contrary.

     

    I suspect its more CAs fault than MSs fault as in another famous update from CA they managed to label a whole raft of kosher sites as shipping out trojans. That took about 4 hrs for them to correct. This has taken longer already.

     

    Thanks to all who have unwound the problem and given the workarounds.

     

    Tuesday, May 13, 2008 4:19 PM
  •  

    I just "chated" with the folks at CA and they said ...

     

    "The update will be released which will fix the issue"

    Joe says:

    any eta?

    Asher says:

    No Joe. Adding *.msp and *.msi to realtime exclusion will resolve the issue. However, there is no eta for the update

    Tuesday, May 13, 2008 9:17 PM
  •  

    I just spoke to CA, its a recognised problem. They are aparently relasing an update on the 16th of may that will automatically fix the issue. If you can't wait until then, do the following:

     

    1. Boot to safe mode

    2. Open CA, go to the advanced options menu

    3. Go to options

    4. click 'modify' on realtime scanner

    5. Add *.msi and *.msp  individually, dont use the comma.

    6. Reboot and use as per usual. When the CA update is released delete those exclusions.

     

    Everything will work fine, windows updates ect will operate as per usual.

    Wednesday, May 14, 2008 1:19 AM
  • I found this solution on the CA website.

     

    http://homeofficekb.ca.com/CIDocument.asp?SimpleUI=1&GUID=905A78660B764524A8C29600BE0CCCDF&ExternalCallID=0&Ver=&AddBookmark=0&KDId=3196

     

    It seems CA is not willing to provide a date when this issue might be fixed.  The above document provides a hotfix and manual instructions.

    Friday, May 16, 2008 12:42 AM
  • Hi Ryan / Folks,

     

    NO CA Products here - but I have had the same issues with Microsoft updates!

    Here's the install path I used during my experience :

    • Cold install of XP with SP1 on the PC (Full factory system restore/rebuild).
      • Acer - Semperon 1.8GHz + 1GB RAM - 8Mb ADSL connection to Internet
    • XP SP2
    • Windows updates OK - used to install IE7
      • Reason - I found IE is compromised if you go straight to XP SP3
    • XP SP3
    • Next Office 2003 Pro
    • Switch to Microsoft updates - Custom Updates - SVCHost issue - Still checking for updates after 15 minutes
    • Switch back to Windows updates - Custom Updates - NO SVCHost Issue - Checking complete after 2 minutes
    • Tried both Microsoft fixes mentioned above
    • Swich back to manual Microsoft Updates and all is not really rosey as the initial "checking updates" scan can take at least 5 minutes with SVCHost at better than 90% CPU usage. So I believe the issue is not fixed, but it is just about useable.

    Interestingly, no issues on my work LAN where I am the systems manager - 20 PCs and 8 servers using WSUS. All units are up to date and no SVCHost issues.

     

    So.... No fix yet here, however my solution is as follows:

    On the problematic PC I decided to switch back to Automatic Windows Updates. This keeps the PC up to date with all Operating System patches. Performance is not affected. I have decided that I will manually switch to the Microsoft update system once every couple of weeks or so to catch the updates for Office etc. I'll just have to set the updates scan running over a quiet period I suppose.

     

    Plan B = Manual Office Updates http://office.microsoft.com/en-gb/downloads/default.aspx - Left Pane - Office Updates.

     

    Hope this sheds some light.

     

    Regards,

    Knaphie

     

    Friday, May 16, 2008 10:22 AM
  •  

    Do you think CA's fix of excluding *.msi *.msp files is safe? Virus writers will be all over this. I prefer to disable windows automatic update for now and hope they can get a real fix in place. This is not how to keep a system safe.... Allthough CA is still better than Norton or McAfee they use 50% mem/cpu all the time!!
    Friday, May 16, 2008 11:49 AM
  • I had the same problem and excluded *.msi and *.msp files from the Real-Time scan.

    I also excluded them from the ON-Demand scan.

    This solution seems to work. Thanks for posting it.

     

    Friday, May 16, 2008 12:49 PM
  • Anyone who believes that excluding the msi and msp file extensions from the CA A/V scanner is an acceptable solution is delusional, and asking for trouble.  Exclude installer files?  Come on people!

    Identifying the cause of this problem was very important, as is finding a permanent, secure solution.  Anyone who experiences the problem would be far better off disabling the windows update service for a time rather than crippling their antivirus protection -  there aren't daily updates from Microsoft anyway, so what do they think they would be missing?

    Having said that, let me add that I am grossly disappointed with CA.  This is not the first issue I have experienced because of their A/V product; I'm still waiting for a resolution to that 8 month old problem.  My disappointment extends to their attitude regarding disclosure and accepting responsibility.  Once identified, this problem should have been more prominently addressed by CA, at least by way of public notification.  Even after they started to provide a risky circumvention, they were mum on an expected target date for a more permanent solution.  Savvy users hit the forums in search of answers, and eventually started to piece together the situation.  What about the not so savvy users - the millions of trusting CA customers potentially affected by this situation?

    Competition in this market is fierce and image is important.  However, company integrity is more important.  If customer loyalty is an important company goal then it is better kept with honesty than subterfuge.

    Savor Life, and Smile.
    Friday, May 16, 2008 2:50 PM
  •  MoosieAZ2 wrote:
    Anyone who believes that excluding the msi and msp file extensions from the CA A/V scanner is an acceptable solution is delusional, and asking for trouble.  Exclude installer files?  Come on people!

    Identifying the cause of this problem was very important, as is finding a permanent, secure solution.  Anyone who experiences the problem would be far better off disabling the windows update service for a time rather than crippling their antivirus protection -  there aren't daily updates from Microsoft anyway, so what do they think they would be missing?

    Having said that, let me add that I am grossly disappointed with CA.  This is not the first issue I have experienced because of their A/V product; I'm still waiting for a resolution to that 8 month old problem.  My disappointment extends to their attitude regarding disclosure and accepting responsibility.  Once identified, this problem should have been more prominently addressed by CA, at least by way of public notification.  Even after they started to provide a risky circumvention, they were mum on an expected target date for a more permanent solution.  Savvy users hit the forums in search of answers, and eventually started to piece together the situation.  What about the not so savvy users - the millions of trusting CA customers potentially affected by this situation?

    Competition in this market is fierce and image is important.  However, company integrity is more important.  If customer loyalty is an important company goal then it is better kept with honesty than subterfuge.

    Savor Life, and Smile.

     

    I agree that CA has let down a lot of people in regards to this.  A few days after I posted the original temporary solution provided to me by our "trusted" friends at CA I began to rethink having *.msi and *.msp files excluded and to also rethink on my customer loyalty to CA.  

     

    I had oringally purchased the VET anti virus software about 10 years ago when the company that developed it wasn't under CA's control and have never had a problem with it until this event.  I was also disappointed by the speed at which I was shuffled off the online help call without them waiting until I had asked questions and tested what they had suggested, not that it was exactly the best solution.

     

    Nonetheless I turned everything back to normal today as it appears that CA has finally put a fix in place.

    Saturday, May 17, 2008 3:18 AM
  •  

    As long as the update fix does not exclude *.msi *.msp in the CA updates, then yes this is reassuring.
    Sunday, May 18, 2008 3:17 AM
  • this is a CA bug - update CA signatures, the fix is in there...then boot....no more CPU at 50-100%

    Wednesday, May 21, 2008 3:26 PM
  •  

    So what is the solution.  I am still facing the same problem
    Friday, May 23, 2008 3:15 PM
  • Dear teetu, did you read the previous posts?  What was it you did not understand?

    The overwhelming majority of reported problems indicate and conflict between Windows update and CA Antivirus engine 31.4.
    Reread the prior posts.....
    Friday, May 23, 2008 3:41 PM
  • Thanks I read the posts.. The last one says its fixed by updating the signatures.. Which does not work for me... Is there anyone else who is facing the same problem even after updating their signatures?

     

    Regards

    Friday, May 23, 2008 5:19 PM
  • It is not the signatures, but the Engine.  Version 31.4 had the issue, version 31.5 eliminated it.  Go into CA A/V and manually run the update, then check the version of the engine [click the 

    to the right of the help button, then click About..].  If you are still having the problem, you may have a different one than what is described in this thread.

    Friday, May 23, 2008 7:28 PM
  • I am having the exact same problem, 100% cpu utilizzation to the detriment of everything else on the PC, only I have no CA products running. 

    I had this FIXED with the 927891 microsoft fix, but then as soon as I installed SP3, it came back...and now the 927891 fix will NOT install over SP3. 

    If anyone finds a solution to this, please post.  I have turned automatic updates off to see if that works, and set an outlook reminder to check for updates once a week.  Thanks.
    Friday, May 23, 2008 7:31 PM
  • I had a similar issue with a laptop after the SP3 upgrade.  In that situation, I found a post somewhere that suggested deleting the entire C:\WINDOWS\SoftwareDistribution folder.  In order to delete that folder structure you first have to stop the Windows Automatic Update Service, then delete the folder structure, then reboot.  I was cautious so I just renamed the folder rather than deleting it.  After a reboot, I noticed that a new structure had been created and the system was running normally again. 

    Note that you should let the system run for a while after the reboot because it does have to perform some work, which may appear to be running at high CPU, but it does not last very long.  When things settled down I did delete the structure I renamed earlier.
    Friday, May 23, 2008 7:52 PM
  • Hi all, 
     I got similar problem with svchost.exe using about 50% of cpu just today sep 17 2008 ,with win xp prof. sp3 installed on aug 13 , i.e ~ 1month ago. With Bitdefender internet security 2008(Bdis2008) , it started when i installed the newer Bdis 2009, about 2dayes ago.
    And like every body said here it resoled temporarly with rebooting but not to turnig off Real time protection, and when i tried to exclude *.msi ,*.msp  i couldn't cz the av setting lacks the adding of extention to exclusions. Instead Bdis 2009 had add directory and files should directly added.
    fortunately, there was only 1 msi file in folder system32  -  C:\windows/system32/webfldrs.msi , and one *.msp in the framework in    "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"..........    u can find it by surching.

    also exclude the   C:\WINDOWS\system32\svchost.exe
                                 C:\WINDOWS\system32\services.exe
                               C:\WINDOWS\system32\winlogon.exe

    after that click ok then close the program , then it worked.
    i hope to be of benefit, and i pray it will keep working.
    Wednesday, September 17, 2008 9:33 AM
  • I had the same problem with one of my clients running Trend Micro. It seems this problem isn't related to a specific Anti Virus program. Exluding the files as CA suggests isn't realy a solution. Excluding winlogon and stuff mentioned causes a real security issue. Since im running Trend Micro all the CA "solutions" didnt apply for me so i didnt even bother trying all the solutions and went for the one that makes the most sence.

    Stopped the Update Service
    Renamed the C:\WINDOWS\SoftwareDistribution folder
    Restarted the Client

    Issue solved.

    Seems to me that something in this folder causes AV software to scan it and keeping svchost.exe from duing its job. Causing high cpu values. By Renaming/Deleting the folder all the files are refreshed including the one(s) that caused the problem. What the exact problem is? I dont think w'll ever know. But hey, whats new.

    Thanks all for the posts, really helped me out here.


    Friday, October 24, 2008 10:06 AM
  • Hello,

    3 years later, I was having the same problem on my XP desktops. 

    I have no CA software installed.  FreakyEnzo's solution worked perfectly.

    Thanks, BobM

    Wednesday, August 10, 2011 7:44 PM
  • Hi, Eric.  This is an old thread, but I just had to do a clean install of Server 2003 R2 (SP2), and ran into this issue.  The various fixes in this thread and on other sites (e.g. re-registering WUA DLLs, etc.).  Had no effect.  What finally seems to have at least gotten things to work (time will tell) was to copy the SoftwareDistribution folder from a working Server 2003 R2 system, and that seems to have bootstrapped the new WUA into at least downloading updates and I was able to use /UpdateNow to install them (typically, the UI would hang as well).

    In my case, the last lines in the WindowsUpdate.log file would always be:

    2013-09-13 12:45:30:109 812 cc4 PT +++++++++++  PT: Synchronizing extended update info  +++++++++++
    2013-09-13 12:45:30:109 812 cc4 PT  + ServiceId = {9482F4B4-E343-43B6-B170-9A65BC822C77}, Server URL = https://update.microsoft.com/v6/ClientWebService/client.asmx

    ...and svchost.exe burning 100% of a CPU doing virtually no I/O.

    I don't get the sense that Microsoft has any real answer to this issue - clearly, people are still having issues, despite the fixes to MSI and WUA.  I would love to not have to use old OS's, but out here in the real world, ISV's have to support our customers, and our customers use old OS's.

    Thanks, and I hope this helps someone who's in similar shape.

    P.S. Actually, this didn't quite do it, but installing IE7 (R2 ships with IE6) seems to have done so.


    -- Bill


    • Edited by MushyMiddle Friday, September 13, 2013 7:26 PM
    Friday, September 13, 2013 6:33 PM
  • In my case, the last lines in the WindowsUpdate.log file would always be:

    Server URL = https://update.microsoft.com/v6/ClientWebService/client.asmx

    This client isn't even configured to use a WSUS Server, and copying over the "SoftwareDistribution" folder won't change that. There's no practical value in copying over a "SoftwareDistribution" folder from one computer to another, since the WUAgent will rebuild it from scratch if it needs to (which is exactly what it was trying to do when you misdiagnosed the CPU utilization in this particular scenario).

    Furthermore, it could actually complicate things by providing BAD information about the state of the machine to the WUAgent.

    I don't get the sense that Microsoft has any real answer to this issue - clearly, people are still having issues, despite the fixes to MSI and WUA.

    This comment almost makes no sense. You've posted to a five year old thread discussing a completely different version of WSUS and WUA, that hasn't been active in over two years, and short of these legacy issues which were long-ago resolved completely, nobody has reported any issue with SVCHOST CPU utilization issues in a very long time.

    In your case though, I suspect the CPU utilization was solely the impact of having reinstalled the server OS and needing to obtain several years of updates and working on obtaining them via Automatic Updates.


    Lawrence Garvin, M.S., MCITP:EA, MCDBA, MCSA
    SolarWinds Head Geek
    Microsoft MVP - Software Packaging, Deployment & Servicing (2005-2013)
    My MVP Profile: http://mvp.support.microsoft.com/profile/Lawrence.Garvin
    http://www.solarwinds.com/gotmicrosoft
    The views expressed on this post are mine and do not necessarily reflect the views of SolarWinds.


    Wednesday, September 18, 2013 3:31 PM
    Moderator
  • Help! I have been combing the forums and have tried just about all recommendations to fix this issue. This is a clean install of WinXP. Everything works fine until I install SP3. No virus scanner installed yet. Automatic Updates disabled, everything is fine until I go to do a manual update. When I run manual update the svchost.exe kicks up to 100% CPU usage. Updates never install, I have tried both types 'express' and 'custom' but nothing ever happens. I walked away for 2 hours, came back and still says its updating with CPU usage always at or close to 100%. I usually reformat my hard drive twice a year and reload XP. Never had this problem before and nothing has changed on my machine. Any ideas?
    Wednesday, October 23, 2013 1:43 AM
  • This is a clean install of WinXP. Everything works fine until I install SP3.

    everything is fine until I go to do a manual update. When I run manual update the svchost.exe kicks up to 100% CPU usage. Updates never install, I have tried both types 'express' and 'custom' but nothing ever happens. I walked away for 2 hours, came back and still says its updating with CPU usage always at or close to 100%.

    Any ideas?

    When did a clean install of Windows XP, was that perchance Windows XP Service Pack 2, to which you then added Service Pack 3? If so, please see KB943144 for further guidance.

    Alternatively, if it was XP RTM or XP SP1, to which you then applied SP3, you'd have a different collection of considerations:

    - That scenario implies that you're using Internet Explorer 6. Upgrade it to IE8 and install the latest Cumulative Security Update for IE8 before doing anything else. I've heard that this has a notable positive impact on the interface with the WU website.

    - In addition, the Windows Update Agent will be selfupdating. You should check the WindowsUpdate.log and see if that actually did occur.

    - Once you have a current (and patched) instance of a browser working, consider also that Service Pack 3 was released in April, 2008, which means you still have five and a half years of updates to scan through and evaluate. That process IS going to take some time. (And whether doing this twice a year is worth the effort may be another question to consider. Personally, I have an XP SP3 machine that was originally installed in 2006, and it's never been rebuilt. Earlier this year I did a P2V conversion on it, just so I could retain the instance.)

    - If  you choose an Express Install, it's going to take a Very Long Time to actually download and install those five and a half years of updates.


    Lawrence Garvin, M.S., MCITP:EA, MCDBA, MCSA
    SolarWinds Head Geek
    Microsoft MVP - Software Packaging, Deployment & Servicing (2005-2013)
    My MVP Profile: http://mvp.microsoft.com/en-us/mvp/Lawrence R Garvin
    http://www.solarwinds.com/gotmicrosoft
    The views expressed on this post are mine and do not necessarily reflect the views of SolarWinds.

    Friday, October 25, 2013 10:16 PM
    Moderator
  • Sorry to resurrect an old thread, but I hit this same issue today trying to install updates on XP Pro SP3 which was a clean installation of XP Mode on a clean install of Windows 7 Professional. svhost.exe in the XP virtual machine would hit 100% CPU and Windows Update would make no progress whatsoever even after running for half an hour.

    No antivirus running on either machine (it's a clean install and not even been on the internet for anything yet) and the machine is behind the router's firewall, so no chance of infection. I'm posting this here in case anyone else who stumbles here with the same issue can try what worked for me in case it helps them also.

    After battling with it for a few hours, I thought on a hunch to update the IE6 that comes with XP Mode to something newer. So I downloaded and installed IE8 from the MS website. Once that was installed and the machine rebooted. Windows Update went through and installed all XP updates successfully.

    I reckon there's something in Windows Update that doesn't like IE6 anymore.

    Problem solved for me. Hope it helps someone else too. Moving on.

    Wednesday, December 04, 2013 7:57 PM
  • After battling with it for a few hours, I thought on a hunch to update the IE6 that comes with XP Mode to something newer. So I downloaded and installed IE8 from the MS website. Once that was installed and the machine rebooted. Windows Update went through and installed all XP updates successfully.

    I reckon there's something in Windows Update that doesn't like IE6 anymore.

    This is a known remediation, discussed in another thread (or maybe another forum?).

    It's caused by some legacy IE6 Cumulative Security Updates that were not properly superseded (expired) and it's causing excessive overhead on the client side trying to traverse the supersession chain -- given that there are a few dozen of those released since 2002.

    Upgrading IE before connecting to the Internet should be a standard practice anyway. Why would you go browse the web with a 10-year-old browser? ;-)


    Lawrence Garvin, M.S., MCITP:EA, MCDBA, MCSA
    SolarWinds Head Geek
    Microsoft MVP - Software Packaging, Deployment & Servicing (2005-2013)
    My MVP Profile: http://mvp.microsoft.com/en-us/mvp/Lawrence R Garvin
    http://www.solarwinds.com/gotmicrosoft
    The views expressed on this post are mine and do not necessarily reflect the views of SolarWinds.

    Thursday, December 05, 2013 11:05 PM
    Moderator
  • There are amazing things and this is one of them.

    Only at 5 months from the Death of XP is a solution/understanding of this problem found! And it ws found by a user, not Microsoft.

    For years there was no answer to this and people have been complainting since 2007 (the earliest mention to this problem that I found).

    Meantime I've read all sort of dismissals from Microsoft's MVPs: from having no clue about it, suggesting virus infection on a no internet connection PC that had a fresh install of WinXP, from blaming an antivirus or even blaming the users for resurrecting "such an old thread"! Why don't we just shut up, huh? One of them even questioned our "desire" to update our machines! Yeah, why should we keep Windows up to date? Hum...

    It's awsome, my chin is flat on the floor. Here we are, only at five months from the death of XP and this is still a problem!

    Well THANKS to the user KSB1972 FINALLY I have an idea of what may be causing this problem! It's using IE6 to go to the windows Update website! Isn't it ironic?!

    I mean, because the Update Agent (a.k.a. Yellow Shield) takes over 3 days to kick in after I install XP, I would (stupid me) use IE6 to go to the WWW.MICROSOFT in order to download IE8 myself! And this behaviour triggered that behemoth fail in XP: making svchost use up 100% of my processor thus rendering the PC useless (at one time I waited for a whole week with a 2.19 GHz PC running Auto Update and it never went beyond Downloading 0%).

    At this very instant I have a machine with a fresh install of XP, already have SP3 installed, and have not yet connected to the www USING A BROWSER (I only stick the ethernet cable in and wait). NO UPDATE HAS BEEN DOWNLOADED in 2 DAYS (yes it is connected - 100 Mbps)! And I know that, if I connect to the WindowsUpdate site using IE6 (the only I've got) the SVCHOST problem comes back!

    So, I just sit back and connect the machine every 3 hours to see if finally it starts updating. 2 days -> 0 updates. No point in doing wuauclt.exe /detectnow or other tricks of the kind, it's "latent". Just like an Alien in a person's belly, comes out when it wants.

    This is why I made up my mind and am not going to recommend Windows 8.1. It simply doesn't make any sense after so many problems, after days, DAYS, of waiting and having people coming to me and asking for their machines with windows.

    That is why, on my counter, I have a MacBook Air in exhibition. When someone comes in with a problem in their Windows afflicted machines I just keep'em entertained for some time with that computer. So many of them are amazed to find out there is actually such a nice alternative to microsoft. Just as I was, 2 years ago when I tried an apple machine for the first time.

    No more Windows or microsoft for me or my familly, ever again. You cannot imagine the days I spent trying to solve problems in our machines and the personal problems that it caused.

    Thank god for Steve Jobs, may he rest in peace.

    Tuesday, December 10, 2013 10:59 AM
  • There are amazing things and this is one of them.

    Only at 5 months from the Death of XP is a solution/understanding of this problem found! And it ws found by a user, not Microsoft.

    For years there was no answer to this and people have been complainting since 2007 (the earliest mention to this problem that I found).

    You make way too many assumptions here, and most of them are flawed. First, since 2007, there are numerous known causes for high CPU utilization in the WUAgent's SVCHOST.EXE instance. Current issues which are EXCLUSIVE to scenarios involving fresh installations of Service Pack 3 (from rebuilt systems) and the native (unpatched) instance of IE6 are the only ones related to this particular scenario involving the legacy updates. And, to be sure, the information came direct from a Microsoft employee, and has been known for about a month now.

    This particular thread dates all the way back to April, 2008, and if you were to have actually read the thread, you would have encountered several of those known causes and resolutions that have occurred over the past six years.

    Well THANKS to the user KSB1972 FINALLY I have an idea of what may be causing this problem! It's using IE6 to go to the windows Update website! Isn't it ironic?!

    While it's certainly good that you call attention to the post of KSB1972, and that success with upgrading from IE6 to IE8, I'll also point out that I made that very same suggestion last October! There's No Good Reason that anybody should be browsing the Internet with Internet Explorer v6. (And in four more months there's no good reason anybody should be browsing the Internet with Windows XP!)


    Lawrence Garvin, M.S., MCITP:EA, MCDBA, MCSA
    SolarWinds Head Geek
    Microsoft MVP - Software Packaging, Deployment & Servicing (2005-2013)
    My MVP Profile: http://mvp.microsoft.com/en-us/mvp/Lawrence R Garvin
    http://www.solarwinds.com/gotmicrosoft
    The views expressed on this post are mine and do not necessarily reflect the views of SolarWinds.

    • Proposed as answer by Anuj Nandwana Thursday, December 12, 2013 12:59 AM
    • Unproposed as answer by Anuj Nandwana Thursday, December 12, 2013 12:59 AM
    Tuesday, December 10, 2013 10:43 PM
    Moderator
  • Found some info online that worked for me... running latest updates on xp pro. Sorry for no clickable links, new account doesn't allow this yet.

    Info at:
    http://www.infoworld.com/t/microsoft-windows/windows-xp-update-locks-machines-svchost-redlined-100-fix-it-kb-2879017-230733

    I Used Dougcuk's dec. 10 2013 answer from this page:
    http://www.bleepingcomputer.com/forums/t/514140/svchostexe-using-100-cpu/

    You can also search for the latest cumulative I.E. security update from the microsoft download center.

    Good Luck.
    Thursday, December 12, 2013 6:59 PM
  • The following post was made to the PatchManagement.org mailing list today (Dec 13) by Doug Neal [MSFT] regarding the ongoing efforts in attempting to resolve the current issues impacted by legacy IE updates.

    http://marc.info/?l=patchmanagement&m=138696900324972&w=2


    Lawrence Garvin, M.S., MCITP:EA, MCDBA, MCSA
    SolarWinds Head Geek
    Microsoft MVP - Software Packaging, Deployment & Servicing (2005-2013)
    My MVP Profile: http://mvp.microsoft.com/en-us/mvp/Lawrence R Garvin
    http://www.solarwinds.com/gotmicrosoft
    The views expressed on this post are mine and do not necessarily reflect the views of SolarWinds.

    Friday, December 13, 2013 10:49 PM
    Moderator