Windows 10 has a Runtime Broker process that sometimes loads up system resources such as the CPU, causing various errors. When a user discovers that his computer is downloading Runtime Broker, the logical question arises - what is it? In this article we will answer it and determine why we need this process.
Runtime Broker on Windows 10
Runtime Broker appeared in version 8 of the operating system, but not everyone knows what this process is. Usually the process does not take up much physical memory space and has not yet been associated with viruses. Its function is to manage permissions of UWP programs on Windows from the store. The process runs throughout the operating system session. But there are times when it is precisely this that causes system failures, which entail loading the computer’s central microprocessor.
May be useful for you: Windows Modules Installer Worker loads Windows 10 CPU.
Solving the problem with CPU usage by the Runtime Broker process
The Runtime Broker process is a background process in the System32 directory that runs with your administrator account. If you have a situation where the RuntimeBroker.exe process significantly loads the computer's processor or RAM, the first thing you need to do is check the digital signature of this process. It must be from Microsoft Windows, for this:
- Open the task manager by pressing the key combination ESC+CTRL+SHIFT;
- Hover over the process and right-click;
Task Manager in Windows 10
- From the items, select “Open file location”;
- In the system folder window that opens, point to Runtime Broker and right-click again and select “Properties” from the list;
- Select the “Digital Signatures” tab and make sure that “Signer Name” is “Microsoft Windows.”
This means that everything is in order, the file has the correct digital signature. Verifying the digital signature of a file
Sometimes the Runtime Broker process takes up most of the RAM, according to users. Many people think that this is not normal. In this situation, you can check whether the process is running normally or has crashed. To do this, pay attention to which process is taking up memory. Then close the program that was consuming memory. If there are several of them, close them all. And if memory consumption drops to 0 in the task manager, then everything is in order, stopped programs simply require too many resources for their work.
Other problems
The Store Broker service (wshost.exe) can also consume resources.
As shown earlier, kill the process in Task Manager, then rename the "Cache" directory located in the "%userprofile%\AppData\Local\Packages\WinStore_cw3n1h3txyexy\LocalState" folder and create a new directory named "Cache".
On a note! After “WinStore_” there will be a different combination of letters and symbols, do not copy the path, but go through the directories sequentially.
Another service that consumes system resources is atbroker.exe; we’ll figure out what it is and how to get rid of it further. Atbroker is a system file used by magnifier and keyboard.
To solve the problem, disable them:
- In Settings, visit Accessibility.
- In the Magnifier section, move the first trigger to the Off position. to deactivate the tool.
- In the "Keyboard" section (located at the bottom), do the same for the on-screen keyboard.
Together with Runtime Broker, the System Guard runtime monitoring broker service starts. This is an annoying service that regularly checks the integrity of system files and also consumes a lot of hardware resources.
To disable:
- Call the system registry editor with the “regedit” command, for example, through search.
- In the HKLM branch, go to the path: “SYSTEM\CurrentControlSet\Services\SgrmBroker”.
- Double-click on the “Start” entry, enter the value “4” and save the settings.
- Restart your PC.
Checking Runtime Broker for viruses
Run your current or download a portable antivirus program and scan your PC for viruses. Immediately run a scan of the RAM, then the “C:\Windows\system32” directory.
You can also send the document “RuntimeBroker.exe” for verification to an online service, for example, VirusTotal.
- Follow this link.
- Click "Choose File".
- Specify the object “C:\Windows\System32\RuntimeBroker.exe” and send for analysis.
After a couple of seconds, you will see the result of scanning with about 70 antivirus programs.
Stopping the Runtime Broker process
In some cases, when a process loads computer resources, you can try to restart the process or turn it off altogether. For this:
- Open the task manager – CTRL+SHIFT+ESC or right-click on the “Start” icon and select “Task Manager”;
- We find the process, click the mouse to call up the options and select “End task” from the list;
Remove Runtime Broker task - Restart the computer (you need to reboot, not turn off and then turn on).
If problems with the process began after downloading any files or installing new software on the disk, then try removing it. It is possible that it caused a failure and errors in the system, which is why the process began to work incorrectly. You can remove any installed application in Windows through the Control Panel, “Applications” section. Select the application and click the "Delete" button.
Eliminate excess resource consumption
The method of simply rebooting the process is the simplest and is recommended by the developers.
The process in question is not one of the most important functions in the system and there is no significant harm from turning it off. If a reboot does not solve the problem, you can simply disable the function.
Removal
The crash may occur after installing an application from the store. If there is such a malfunction, you should uninstall the program, and if the problem is resolved, you can try to reinstall it.
To delete you need to use:
After eliminating the faulty application, the system should work normally.
Deactivating the function
To eliminate increased load on the system, you can disable individual functions that have an impact on this process.
If the technique helped to achieve a positive result, then you need to activate processes one at a time until a malfunction is detected.
The following area that affects the operation of Runtime Broker:
For both manipulations to work, you need to restart the PC.
There is a risk that previous manipulations do not help due to the appearance of a virus in the system masquerading as this process.
Disabling via the registry
The service can be deactivated through the registry:
Runtime Broker is a virus
To determine the process and identify the virus, you need to take a few basic steps:
The easiest way to identify viruses on a computer is with anti-virus scanners; they are still effective and can detect a variety of malicious files, including Runtime, if it is a virus. The most commonly used free Dr. Web, but it is better to have constant anti-virus protection.
If all else fails, you'll have to turn off spyware and notifications. By completely eliminating the functions for which the process is responsible, you can deactivate it and not have to search for the cause of the high load.
Article rating 5 / 5. Votes: 2
No votes yet! Be the first to rate this post.
Source
Disable some Store app features in Windows 10
This option will help you avoid high CPU load from Runtime Broker.
- Open Windows Settings. To do this, use the hot keys WIN + I or click “Start” and select “Settings”.
- Select the "Privacy" section.
- Next, “Background applications” and disable their functions.
Disable background process features
If this option has eliminated the process load, start enabling apps to run in the background one at a time. This way you can determine which one is causing the system failure. Once the problematic application is identified, the others can be enabled again.
- If the problem persists, go to the settings again and select the “System” section.
- Open Notifications & Actions. Uncheck the "Show tips" box.
- After completing these steps, reboot your computer.
Disabling tips and tricks from applications
What is this process?
Runtime Broker - a runtime broker - is an internal process of the personal computer operating system, which first appeared in Windows version eight. The functionality allows you to adjust the permissions of certain PC applications that can be run on all devices running Windows operating systems.
These include:
- microphones, cameras;
- geolocation services;
- interaction between file blocks and others.
The tool is constantly active, the action mode is background. This means that the functionality does not need to be launched independently; Runtime Broker is resumed after turning on the personal device in the standard way.
Attention! The process uses the RAM of a computer (desktop, laptop). If several applications are running on your PC at the same time, it may begin to slow down, and some programs will stop working.
If the utility operates in sleep mode, no more than 40 Megabytes of RAM are consumed, which does not affect the overall load. When activated, the size of the interaction can grow to 500-700 Megabytes.
Virus check
Try checking your computer for viruses. If you find that the Runtime Broker process is overloading your microprocessor or RAM, run your antivirus software and scan your hard drive for malicious code.
Very often, viruses take the form of system processes, masquerading as them. In this case, it is difficult to notice the substitution. To check a specific process, you need to open it in the task manager, right-click it and click “File location”. Then go to the folder, select it, right-click and select "Scan for viruses" from the context menu. This way you can tell Runtime Broker that it is a virus or a genuine system process in Windwos 10.
List of file versions
File name RuntimeBroker.exe
Windows 10 system
File size 67720 bytes
Date 2017-03-18
Download
| File details | |
| MD5 | 75b58c1fa0326d46ce85c72a35db3225 |
| SHA1 | 92d937f911204a62b3a775eecfbef04c41c619b8 |
| SHA256 | 48f653fbed997b6d60fc1a735d97a8818d756d0f884b2e5d0453d973b920aab3 |
| CRC32 | c037a554 |
| Example file location | C:\Windows\System32\ |
File name RuntimeBroker.exe
Windows 8.1 system
File size 29888 bytes
Date 2014-11-21
Download
| File details | |
| MD5 | fb96fc6491ff602ccfa2d38ed1da5b5e |
| SHA1 | 5fd4a3e073da12caa4410bde06126b7c4c3e8097 |
| SHA256 | 14033cebb6c250c22a62a38cfd46a5286fe11a83a7228afd01e8e215546f2494 |
| CRC32 | 9009086a |
| Example file location | C:\Windows\System32\ |
File name RuntimeBroker.exe
Windows 8 system
File size 29808 bytes
Date 2012-07-26
Download
| File details | |
| MD5 | ad3a07febb3b9f0110c90c26fc95e029 |
| SHA1 | 770b34a807327268aefc5d4cd200cb5d0a40c196 |
| SHA256 | 51928ed31b5cd5363db452dcb76354f8eec4169632d230365aab40c419c3315c |
| CRC32 | 9bf00137 |
| Example file location | 1: C:\Windows\System32\ |
What is SgrmBroker.exe?
The System Guard Runtime Monitor Broker (SgrmBroker) is a running Windows service that is included with Windows System Defender. It's easy to mistake it for a RuntimeBroker that handles generic applications, but they're different processes and both are safe.
System Guard Runtime Monitor Broker is responsible for monitoring and confirming the integrity of the Windows platform. The service has three key areas that it controls:
- Protect and maintain system integrity at startup.
- Protect and maintain the integrity of the system after it goes live.
- Verification of system integrity was indeed maintained through local and remote attestation.
This is a fairly general explanation of what the SgrmBroker.exe service is responsible for, so let's dive into each area.
1- Protect and maintain system integrity at startup
This ensures that no unauthorized firmware or software can be launched before the Windows boot loader. This will include firmware, often called a bootkit or rootkit - nasty things.
Only properly signed and protected Windows files and drivers can run on the device during startup.
It should be noted that for the most advanced features to work properly, you will need a computer with a modern chipset that supports TPM 2.0. It must also be enabled in the UEFI BIOS.
What is TPM 2.0?
Trusted Platform Module (TPM) exists in version 1.2 and later 2.0. Another standard for a secure crypto processor, a kind of hardware chip in your computer.
2 – protect and maintain the integrity of the system after it is launched
Windows 10 hardware isolates the most important Windows services and data. In short, this means that if an attacker gains SYSTEM level privilege or turns on the kernel itself, they cannot control or bypass the security of all your systems.
The TPM 2.0 chip helps measure the integrity of your device by isolating top-level processes and data from Windows.
It measures, for example, device firmware, hardware configuration status, and Windows boot-related components.
Remote attestation will require enterprise systems such as Intune or System Center Configuration Manager.
