Desktop Window Manager (dwm.exe) is a system process running in Windows, one of a big number of ones that are used in this operating system. It is a deeply-integrated process, because it has a very important role. However, there was several cases when malicious programs mimic that process in order to be ignored by the user who tries to detect the malware presence through checking the running processes in Task Manager. In this post, you will see how to distinguish the original process from the malicious one, as well as information about the dwm.exe purpose.
Desktop Window Manager process purpose
Dwm.exe process is an integrated system process that launches together with the operating system and stops only after the session ends. That process is responsible for correct rendering of the effects you can see while using Windows. Smooth animations, transparent frames of each window and 3D objects visualization – all these things are used everyday and by every user. Besides the graphical effects, Desktop Window Manager also takes care of correct support of high-resolution monitors – 2K/4K ones.
The rendering mechanism of separate elements that are under the dwm.exe responsibility is also interesting. Program windows can overlay each other, and it is harder to draw the correct effects of transparency. After all windows were established, the Desktop Window Manager collects the pictures of all windows, and then processes them to get the single picture of the desktop, i.e. the picture that the user will see on his monitor.
Can I disable dwm.exe?
No way. This process belongs to the system ones, so it is protected from any kind of external interruptions. And there is no need to do it – on modern versions of Windows 10, you will likely spectate a very low consumption for this process. If you see that Desktop Windows Manager takes more than 5% of your CPU/RAM resources, and you have ensured that there are no viruses onboard, try to perform troubleshooting.
The problems which may lead to high resources consumption of this process are usually related to the GPU that is used in the system. Update the drivers of all graphic processing units – Intel HD Graphics, AMD Radeon or Nvidia. If the problem is not solved, it is likely related not to the software, but to hardware. Unfortunately, you may be needed to repair or buy a new graphic card/processor.
The times when Windows processes may be disabled to increase the system performance have passed long ago. When Windows XP was the last actual OS version, computers were quite weak, and their upgrade was quite expensive, disabling several services could really make your PC faster without any significant problems. Nowadays, such tricks can make things even worse.
How can I detect that Desktop Windows Manager is a virus?
The easiest way to understand if the process you see is a malicious one is to check its source. System processes, that are launching independently from the startup and user’s processes, are listed in the separated thread, named “Windows processes”. If Desktop Window Manager, Windows Shell Experience Host or Service Host process are launched as a user’s tasks, they are likely fake and launched by malware.
Another way to check if the process is launched by a malicious program is to open its file location. Find the Desktop Windows Manager process in Task Manager, and click it with a right mouse button. Choose the “Open file location” option, and you will see the folder where the .exe file is located. If the dwm.exe source file is located in C:/Windows/System32, everything is ok, but any other location of the source file means that you have malware on your computer. To check your PC for viruses, I can offer you to use GridinSoft Anti-Malware.1.
Removing the viruses with GridinSoft Anti-Malware
Frequently Asked Questions
No. In case if the process belongs to the legitimate system element, you will not be able to edit the root directory of the system, where it is stored, without granting yourself permission for this action. And its deletion will surely lead to a system crash without a possibility of loading the system back, because the crucial component is absent.
That process consumes literally nothing, so you will likely see no occasions when there is a need to make it less greedy with resources. However, if you see that it takes more than 20-30% of your CPU and the same amount of RAM, it is likely a virus. Perform the guide I wrote above.
As it was mentioned in the previous question, the CPU/RAM consumption of the original process is very low. So, the dwm.exe that uses a lot of hardware capacity is definitely a virus. Another way to understand that this process belongs to a malicious program is its location inside of the Task Manager. System processes are listed in the corresponding thread, so the Windows Shell Experience Host application among the user’s background processes is a sign of malware presence.
User Review( votes)
- Reasons why I can recommend you to use GridinSoft Anti-Malware