ClientServer Runtime Process is an internal system process in Windows, another one through a big number of ones running in background. Some trojan viruses mimic it to stay in the system for more time. This post will show you how to distinguish the process launched by malware from a legit one, and also reveal the role of this process for the operating system.
What is the ClientServer Runtime Process?
Csrss.exe process has a very long history. Formerly (before Windows Vista) it was named csrss.exe, and bore much more tasks. At the moment of its appearance in Windows NT 3.1 (1993), it was responsible for graphic interface functionality, as well as for console calls from applications and saving data when the session closes. In Windows Vista, the graphic subsystem of the OS was separated from the OS core, so the old version of ClientServer Runtime Process has been substituted by Csrss.exe1. Besides the control of system graphics, this process also lost the ability to manage the console that was opened by the user – this task moved to the conhost.exe process.
In Windows 10, this process carries much less functions than it was long ago. Nowadays, the Csrss.exe process is used by programs to interact with Windows Console; it also manages the correct data saving at the moment of user logout or system shutdown.
Can I end the ClientServer Runtime Process?
No. This process belongs to the system ones, so it is protected from any kind of external interruptions. In contrast to winlogon.exe, that can be suspended if you have a specific privilege, Csrss.exe cannot be suspended in any methods. And there is no need to do it – its resource consumption is very low.
If you delete this file from the root directory, Windows will crash with 0xC000021A error, and will continue doing this after reboot. ClientServer Runtime Process is a vital thing for Windows, so its disabling is a very bad idea.
The times when Windows processes may be disabled to increase the system performance have passed long ago. When Windows XP was the last actual OS version, computers were quite weak, and their upgrade was quite expensive, disabling several services could really make your PC faster without any significant problems. Nowadays, such tricks can make things even worse.
Can the Csrss.exe process be malicious?
All legitimate system processes are listed in the Windows Processes category in Task Manager. If you see a duplicate of the process from Windows processes in the list of background processes, it may be malware. To check out the program the process belongs to, click it with a right mouse button, and choose the “Open file location” option.
If this file is stored somewhere in the Windows/System32 folder, it is 100% legit. Don’t be scared with a massive number of processes in the background – the majority of them are needed to decrease the time of programs opening.
However, if Csrss process is located among the user’s processes and “Open file location” leads to the unknown directory, it is recommended to check your PC with antimalware software. My choice for this case is GridinSoft Anti-Malware.
Removing the viruses with GridinSoft Anti-Malware
Frequently Asked Questions
Can I just delete the process from the root directory?
No. In case if the process belongs to the legitimate system element, you will not be able to edit the root directory of the system, where it is stored, without granting yourself permission for this action. And its deletion will surely lead to a system crash without a possibility of loading the system back, because the crucial component is absent.
Is it possible to decrease the hardware consumption of this process?
Csrss.exe consumes literally nothing, so you will likely see no occasions when there is a need to make it less greedy with resources. However, if you see that it takes more than 20-30% of your CPU and the same amount of RAM, it is likely a virus. Perform the steps I wrote above.
How can I know this process is malicious without checking its root directory?
As it was mentioned in the previous question, the CPU/RAM consumption of the original process is very low. So, the Csrss.exe that uses a lot of hardware capacity is definitely a virus. Another way to understand that this process belongs to a malicious program is its location inside of the Task Manager. System processes are listed in the corresponding thread, so the ClientServer Runtime Process among the user’s background processes is a sign of malware presence.
User Review( votes)
- Detailed history of ClientServer Runtime Subsystem on Wikipedia