25

In VS2015 there was various stuff running in the background, like "VsHub", etc. It connected to MS servers, and possibly leaked stuff. So the common approach was to delete those files.

In VS2017 there is even more weird stuff running in the background. However I've read that it performs more out-of-process stuff, so deleting it may not be feasible.

I have running:

  • ServiceHub.Host.CLR.x86.exe
  • ServiceHub.IdentityHost.exe
  • ServiceHub.SettingsHost.exe
  • ServiceHub.VsDetouredHost.exe

...and I've seen other stuff pop in and out of my task manager.

I don't care about the resource/memory usage, as others have complained about. In our case it is an issue of privacy/security - we don't connect to any online service from our IDE, and we take privacy VERY seriously. Our code is our product and livelihood, so letting the tooling communicate with other servers, for who knows what reason, is downright idiotic. We don't want VS communicating with any outside service, ever.

Are any of you deleting these files like before? Does it cause problems? Anything in VS stop working?

Improve this question
3
  • 2
    @HansPassant Yeah good points.Renaming was what we did in VS2015 as well. But then again it was mostly "telemetry" so there were no bad consequences by doing so. With VS2017 it's more complex like you explained, and they don't say whether they separate the "core" stuff from the "telemetry". :-(
    – grokky
    Commented May 4, 2017 at 9:24
  • 1
    Check this answer. It is relevant: serviceHub.Host.CLR.x86 taking a lot of memory and CPC
    – Marlon Assef
    Commented Jul 11, 2018 at 21:04
  • Side note, other background telemetry may also be on. VS Customer Experience is ON by default. It can be disabled in Help -> Send Feedback -> Settings.
    – tinmac
    Commented Jan 29, 2019 at 8:47

3 Answers 3

Reset to default
13

I use Glasswire free edition* (https://www.glasswire.com/) to monitor outgoing network traffic. The free version is not 100% ideal as it only reports connections as they happen, where the paid for version has an "ask first" option, but costs $50 per pc! If you want to flog the money to buy the full version it has some firewall tools to pre-emptively block outgoing traffic, which might be good enough to give you peace of mind that VS isn't sending data off into the unknown.

Today it caught VS (d:\program files (x86)\microsoft visual studio\2017\community\common7\servicehub\hosts\servicehub.host.clr.x86\servicehub.host.clr.x86.exe) initiating traffic to cs9.wpc.v0cdn.net (v0cdn.net seems to be registered by Verizon when do a registrar lookup https://www.whois.com/whois/v0cdn.net) IP: 93.184.221.200

The best solution I could find was to add hosts file entries to block the communication and telemetry reporting. (granted, it's not a permanent fix)

Here's a list I compiled from various blogs - review it line-by-line for your own use as things like skype and windows updates might stop working due to the hosts file blocks.

# W10

0.0.0.0 cs1.wpc.v0cdn.net
0.0.0.0 df.telemetry.microsoft.com
0.0.0.0 i1.services.social.microsoft.com
0.0.0.0 i1.services.social.microsoft.com.nsatc.net
0.0.0.0 oca.telemetry.microsoft.com
0.0.0.0 oca.telemetry.microsoft.com.nsatc.net
0.0.0.0 pre.footprintpredict.com
0.0.0.0 reports.wes.df.telemetry.microsoft.com
0.0.0.0 sqm.telemetry.microsoft.com
0.0.0.0 sqm.telemetry.microsoft.com.nsatc.net 
0.0.0.0 statsfe1.ws.microsoft.com
0.0.0.0 telecommand.telemetry.microsoft.com
0.0.0.0 telecommand.telemetry.microsoft.com.nsatc.net
0.0.0.0 telemetry.appex.bing.net
0.0.0.0 telemetry.urs.microsoft.com
0.0.0.0 vortex-sandbox.data.microsoft.com
0.0.0.0 vortex-win.data.microsoft.com
0.0.0.0 vortex.data.microsoft.com

# http://www.dslreports.com/forum/r30676597-Complete-Win10-blocking-host-file

#0.0.0.0 fe2.update.microsoft.com.akadns.net
#0.0.0.0 sls.update.microsoft.com.akadns.net
0.0.0.0 134.170.30.202
0.0.0.0 137.116.81.24
0.0.0.0 204.79.197.200
0.0.0.0 23.218.212.69
0.0.0.0 65.39.117.230
0.0.0.0 65.55.108.23
0.0.0.0 a-0001.a-msedge.net
0.0.0.0 a-0002.a-msedge.net
0.0.0.0 a-0003.a-msedge.net
0.0.0.0 a-0004.a-msedge.net
0.0.0.0 a-0005.a-msedge.net
0.0.0.0 a-0006.a-msedge.net
0.0.0.0 a-0007.a-msedge.net
0.0.0.0 a-0008.a-msedge.net
0.0.0.0 a-0009.a-msedge.net
0.0.0.0 a-msedge.net
0.0.0.0 a.ads1.msn.com
0.0.0.0 a.ads2.msads.net
0.0.0.0 a.ads2.msn.com
0.0.0.0 a.rad.msn.com
0.0.0.0 ac3.msn.com
0.0.0.0 ad.doubleclick.net
0.0.0.0 adnexus.net
0.0.0.0 adnxs.com
0.0.0.0 ads.msn.com
0.0.0.0 ads1.msads.net
0.0.0.0 ads1.msn.com
0.0.0.0 aidps.atdmt.com
0.0.0.0 aka-cdn-ns.adtech.de
0.0.0.0 apps.skype.com
0.0.0.0 arc.msn.com
0.0.0.0 az361816.vo.msecnd.net
0.0.0.0 az512334.vo.msecnd.net
0.0.0.0 b.ads1.msn.com
0.0.0.0 b.ads2.msads.net
0.0.0.0 b.rad.msn.com
0.0.0.0 bingads.microsoft.com
0.0.0.0 bs.serving-sys.com
0.0.0.0 c.atdmt.com
0.0.0.0 c.msn.com
0.0.0.0 cdn.atdmt.com
0.0.0.0 cds26.ams9.msecn.net
0.0.0.0 choice.microsoft.com
0.0.0.0 choice.microsoft.com.nsatc.net
0.0.0.0 compatexchange.cloudapp.net
0.0.0.0 corp.sts.microsoft.com
0.0.0.0 corpext.msitadfs.glbdns2.microsoft.com
0.0.0.0 db3aqu.atdmt.com
0.0.0.0 df.telemetry.microsoft.com
0.0.0.0 diagnostics.support.microsoft.com
0.0.0.0 ec.atdmt.com
0.0.0.0 edge.quantserve.com
0.0.0.0 fe2.update.microsoft.com.akadns.net
0.0.0.0 feedback.microsoft-hohm.com
0.0.0.0 feedback.search.microsoft.com
0.0.0.0 feedback.windows.com
0.0.0.0 flex.msn.com
0.0.0.0 fpt.live-partner.com
0.0.0.0 g.msn.com
0.0.0.0 h1.msn.com
0.0.0.0 i1.services.social.microsoft.com
0.0.0.0 i1.services.social.microsoft.com.nsatc.net
0.0.0.0 lb1.www.ms.akadns.net
0.0.0.0 live.rads.msn.com
0.0.0.0 m.adnxs.com
0.0.0.0 m.hotmail.com
0.0.0.0 msedge.net
0.0.0.0 msftncsi.com
0.0.0.0 msnbot-65-55-108-23.search.msn.com
0.0.0.0 msntest.serving-sys.com
0.0.0.0 oca.telemetry.microsoft.com
0.0.0.0 oca.telemetry.microsoft.com.nsatc.net
0.0.0.0 onesettings-bn2.metron.live.com.nsatc.net
0.0.0.0 onesettings-cy2.metron.live.com.nsatc.net
0.0.0.0 onesettings-db5.metron.live.com.nsatc.net
0.0.0.0 onesettings-hk2.metron.live.com.nsatc.net
0.0.0.0 pre.footprintpredict.com
0.0.0.0 preview.msn.com
0.0.0.0 pricelist.skype.com
0.0.0.0 rad.live.com
0.0.0.0 rad.msn.com
0.0.0.0 redir.metaservices.microsoft.com
0.0.0.0 reports.wes.df.telemetry.microsoft.com
0.0.0.0 rpt.msn.com
0.0.0.0 s.gateway.messenger.live.com
0.0.0.0 s0.2mdn.net
0.0.0.0 sO.2mdn.net
0.0.0.0 schemas.microsoft.akadns.net
0.0.0.0 secure.adnxs.com
0.0.0.0 secure.flashtalking.com
0.0.0.0 services.wes.df.telemetry.microsoft.com
0.0.0.0 settings-sandbox.data.microsoft.com
0.0.0.0 settings-win.data.microsoft.com
0.0.0.0 settings.data.glbdns2.microsoft.com
0.0.0.0 sls.update.microsoft.com.akadns.net
0.0.0.0 sqm.df.telemetry.microsoft.com
0.0.0.0 sqm.telemetry.microsoft.com
0.0.0.0 sqm.telemetry.microsoft.com.nsatc.net
0.0.0.0 ssw.live.com
0.0.0.0 static.2mdn.net
0.0.0.0 statsfe1.ws.microsoft.com
0.0.0.0 statsfe2.update.microsoft.com.akadns.net
0.0.0.0 statsfe2.ws.microsoft.com
0.0.0.0 survey.watson.microsoft.com
0.0.0.0 telecommand.telemetry.microsoft.com
0.0.0.0 telecommand.telemetry.microsoft.com.nsat­c.net
0.0.0.0 telecommand.telemetry.microsoft.com.nsatc.net
0.0.0.0 telemetry.appex.bing.net
0.0.0.0 telemetry.appex.bing.net:443
0.0.0.0 telemetry.microsoft.com
0.0.0.0 telemetry.urs.microsoft.com
0.0.0.0 ui.skype.com
0.0.0.0 v10.vortex-win.data.metron.live.com.nsatc.net
0.0.0.0 v10.vortex-win.data.microsoft.com
0.0.0.0 view.atdmt.com
0.0.0.0 vortex-bn2.metron.live.com.nsatc.net
0.0.0.0 vortex-cy2.metron.live.com.nsatc.net
0.0.0.0 vortex-db5.metron.live.com.nsatc.net
0.0.0.0 vortex-hk2.metron.live.com.nsatc.net
0.0.0.0 vortex-sandbox.data.microsoft.com
0.0.0.0 vortex-win.data.metron.live.com.nsatc.net
0.0.0.0 vortex-win.data.microsoft.com
0.0.0.0 vortex.data.glbdns2.microsoft.com
0.0.0.0 vortex.data.metron.live.com.nsatc.net
0.0.0.0 vortex.data.microsoft.com
0.0.0.0 watson.live.com
0.0.0.0 watson.microsoft.com
0.0.0.0 watson.ppe.telemetry.microsoft.com
0.0.0.0 watson.telemetry.microsoft.com
0.0.0.0 watson.telemetry.microsoft.com.nsatc.net
0.0.0.0 wes.df.telemetry.microsoft.com
0.0.0.0 wes.df.telemetry.microsoft.comne
  • Disclaimer: I'm in no way affiliated or paid by Glasswire - It's just a tool I found at random and found useful over the years
Improve this answer
7
  • 1
    Excellent! PS why does it communicate online, if you opt out of telemetry sharing? This is exactly why I asked the question. MS spying is getting out of hand in general. But this is potentially spying on our code! Unbelievable... And criminal in some jurisdictions.
    – grokky
    Commented May 17, 2017 at 15:15
  • 2
    100%! I'm most paranoid about these things. At least M$ should be transparent about what gets sent where, but nooooo, it's left vague and we're at the mercy of tenacious smart people doing traffic analysis to point out this sort of nonsense going on in the background. And worst is: block one domain, M$ registers another; could become a game of whack-a-mole. Thus far my "patch" has kept stray comms at bay... for now.
    – Hivekey
    Commented May 18, 2017 at 15:25
  • 1
    I haven't marked this as the answer only because I want to see whether anyone has deleted those files successfully. But otherwise your technique is very helpful! Agree about the disclosure. If your app is gonna send anything to you (especially without permission), then be very clear about it. Our boss almost had a stroke when he found out about this. We're not allowed to upgrade to vs2017 because of it. In vs2015 at least the deleting spyware trick worked for us.
    – grokky
    Commented May 19, 2017 at 7:23
  • Sure thing - my "fix" is slightly off topic re deleting the files, so totally understood :)
    – Hivekey
    Commented May 25, 2017 at 9:47
  • I see your Glasswire free edition doesn't let you pre-emptively block outgoing traffic, FYI Comodo Firewall is free and allows you to do so (it's what I use, and how I caught ServiceHub.Host.CLR.x86.exe which got me here). But it seems to provide fewer details about in/out connections, so I guess it's a tradeoff
    – user14764
    Commented Aug 30, 2017 at 10:00
8

I turned off CodeLens and it instantly went down to 0%.

In VS: Tools->Options: TextEditor->AllLanguages->CodeLens

Uncheck Enable CodeLens

If you don't want to completely disable it you can try turning various things. TFS related things like Incoming changes would explain the Network activity as highlighted earlier.

Improve this answer
3
  • 2
    Interesting finding... however CodeLens is only in Pro but most users are on Community and there is still a leak. Good to know though if you're using pro.
    – grokky
    Commented Nov 23, 2017 at 4:31
  • 4
    "Most users are on Community". Do you have a reference to back-up that statement? Just curious if it's true.
    – Jazimov
    Commented Jan 6, 2018 at 15:21
  • CodeLens is disabled but ServiceHub.Host:CLR still talks a lot to IP 52.174.249.54
    – Klaus
    Commented Sep 2, 2020 at 15:05
7

Stumbled upon this question while looking for a similar fix myself. In my case ServiceHub.Host.CLR.x86.exe alone was consuming ~50% CPU even when Visual Studio was not running anything.

I was able to kill the process without any side effects, mid-running a project too, and was happy to note that it didn't come back up. ServiceHub.IdentityHost.exe appeared to be impervious to me trying to end the process, but it wasn't consuming any CPU.

The other processes listed above also did not consume much CPU (~0%), so I let them be.

Tl;dr: It may depend on what you're running on Visual Studio (I was running a C# project), but ServiceHub.Host.CLR.x86.exe can be killed without any side effects.

Improve this answer

Not the answer you're looking for? Browse other questions tagged or ask your own question.