The Session Manager process is responsible for creating new sessions. The first instance creates a child instance for each new session. Once the child instance initializes the new session by starting the Windows subsystem (csrss.exe) and wininit.exe for Session 0 or winlogon.exe for Session 1 and higher, the child instance exits.
Executable’s image path.
%SystemRoot%\System32\smss.exeA process which spawned the analyzed process.
SystemExpected number of processes running which may normally run on Windows.
One master instance and another child instance per session. Children exit after creating their session.Windows account with which the process was launched. This defines what privileges given process has.
Local SystemExpected time of process to be launched.
Within seconds of boot time for the master instance