Tuesday, 6 September 2016

What Is “Runtime Broker” and Why Is It Running on My PC?




If you’re reading this article, then you probably spotted the Runtime Broker process in your Task Manager window and wondered what it was–and maybe even why it spikes CPU usage sometimes. We’ve got the answer for you.
This article is part of our ongoing series explaining various processes found in Task Manager, like svchost.exedwm.exe, ctfmon.exemDNSResponder.exe, conhost.exe, rundll32.exeAdobe_Updater.exe, and many others. Don’t know what those services are? Better start reading!

So What Is It?
Runtime Broker is an official Microsoft core process that debuted in Windows 8 and continues in Windows 10. It is used to determine whether universal apps you got from the Windows Store–which were called Metro apps in Windows 8–are declaring all of their permissions, like being able to access your location or microphone. Though it runs in the background all the time, you will likely see its activity rise when you launch a universal app. You can think of it like a middleman hooking your universal apps with the trust and privacy settings you’ve configured.

Why Is It Using Memory?

When it’s not active, Runtime Broker maintains a very low memory profile, typically taking up around 20-40 MB. When you launch a universal app, you will likely see the memory usage rise to anywhere from 500-700 MB.


Launching additional universal apps should not cause Runtime Broker to consume additional memory. And when you close all open universal apps, Runtime Broker’s memory usage should drop back down to the 20-40 MB range.

Why Is It Spiking My CPU Usage?

When its just running in the background, Runtime Broker usually consumes 0% of your CPU. When you launch a universal app, that usage should briefly rise to 25-30% and then settle back down. That’s normal behavior. If you notice that Runtime Broker is consistently consuming 30% or more of your CPU, showing higher than expected memory usage, or spiking the usage even when you don’t have a universal app running, there are a couple of potential explanations.

If you’ve recently upgraded to Windows 10, you may have noticed that Windows likes to show you the occasional tip via notifications. For whatever reason, this activity behaves like a universal app and engages the Runtime Broker process. You can fix this by turning off tips. Head to Settings > System > Notifications & Actions, and then turn off the “Get tips, tricks, and suggestions as you use Windows” option.
It’s also possible that you have a misbehaving app that’s causing Runtime Broker to use more resources than it should. If that’s the case, you’ll have to narrow down the app that’s causing the problem. Make sure the app is updated to the latest version. If that doesn’t work, try uninstalling and reinstalling the app. And if that fails, make sure you let the developer know about the problem (and, if you don’t need it, uninstall it in the meantime).

Can I Disable It?
No, you can’t disable Runtime Broker. And you shouldn’t anyway. It’s vital for protecting your security and privacy when running universal apps. It’s also very lightweight when it’s running properly, so there’s not much reason to disable it. If you think it’s misbehaving, you could always kill the Runtime Broker process by right-clicking it in Task Manager and then choosing End Task.

After a few moments, Runtime Broker will launch again automatically. Just be warned that for the few moments until it relaunches, universal apps won’t be able to successfully access trust settings and may not run at all.
Could This Process Be a Virus?

The process itself is an official Windows component. While it’s possible that a virus has replaced the real Runtime Broker with an executable of its own, it’s very unlikely. We’ve seen no reports of viruses that hijack this process. If you’d like to be sure, you can check out Runtime Broker’s underlying file location. In Task Manager, right-click Runtime Broker and choose the “Option File Location” option.

If the file is stored in your Windows\System32 folder, then you can be fairly certain you are not dealing with a virus.




No comments: