Using Microsoft's
Windows Defender to explore SvcHost.exe
Windows Defender provides detailed information about each instance of Svchost.exe running, and all the services therein.
In Windows Defender, click Tools, then choose Software Explorer. In the Category drop-down menu, choose "Currently Running Programs"
or "Network Connected Programs." In either or both of those categories, you'll probably find items called "Microsoft Generic Host Process for Win32 Services"
--- these are the Svchost.exe instances. By clicking on one instance in the left pane, you'll see details in the right.
You can match these individual "Microsoft Generic Host Process for Win32 Services" instances with Svchost.exe instances in the TASKLIST /SVC
list most easily by matching Process IDs. In the command prompt version, the services are abbreviated--- for example, you might see AudioSrv and BITS.
But when you look in the associated "Services" item in Windows Defender, those are spelled out--- Windows Audio and Background Intelligent Transfer Service."
Best of all, each "Host Process" in Defender is Classified as "Allowed" or "Not Yet Classified." Any process that's "not allowed"
will be blocked or terminated (one hopes) by Windows Defender.