The generic host process for Windows Tasks. Upon initialization, taskhostw.exe runs a continuous loop listening for trigger events. Example trigger events that can initiate a task include a defined schedule, user logon, system startup, idle CPU time, a Windows log event, workstation lock, or workstation unlock. There are more than 160 tasks preconfigured on a default installation of Windows 10 Enterprise (though many are disabled). All executable files (DLLs & EXEs) used by the default Windows 10 scheduled tasks are signed by Microsoft.
Executable’s image path.
%SystemRoot%\System32\taskhostw.exeA process which spawned the analyzed process.
svchost.exeExpected number of processes running which may normally run on Windows.
One or moreWindows account with which the process was launched. This defines what privileges given process has.
Multiple taskhostw.exe processes are normal. One or more may be owned by logged-on users and/or by local service accounts.Expected time of process to be launched.
Start times vary greatly