We installed the new operating system on a clean, freshly formatted hard drive. We installed all possible and impossible drivers and updates, DirectX, and all other little things necessary for the computer and applications to work properly. How did it happen that the machine now and then chokes on the simplest tasks, freezing for ten seconds even with a simple access to a logical disk? Why do the pages in the browser open after one, and it is often impossible to watch some video at all? Maybe it’s some kind of virus – but where is the system fresh from?
Frustrated, we open the Task Manager, look at the processes – and we see: the svchost.exe process, which is responsible for the Cryptographic Services (in English-speaking systems – Cryptographic Services), consumes, say, 30% of disk resources. Maybe even more. He does this at seemingly random intervals, even with the complete idle system. If the process is “killed”, everything suddenly becomes good. But only until the next reboot or installation of any program. A stubborn service likes to turn on itself, and then quickly devours free computer resources.
This problem appears especially often on Windows 10 Pro systems. Let’s figure out how to disable the intrusive service and how you can try to fix the problem.
What is Cryptographic Service on Windows
The main task of the Cryptographic Service is to ensure the operation and authentication of the so-called TSL / SSL certificates. Most often, in practice, we come across such certificates when we view some Internet page via the HTTPS protocol. S here is short for Secure , “secure.” This protocol uses SSL transport mechanisms to authenticate the pages you visit and to protect against online fraudsters. In recent years, it has begun to become the standard for Internet security – about 25% of sites around the world operate on it. Indirectly, this also leads to the fact that problems with the certificate service in Windows can limit the availability of some Internet resources.
The digital signature is also used when installing programs, drivers, and Windows updates. The corresponding service is always turned on when using software that makes changes to the system (in practice, these are almost any programs – at least they need to somehow register themselves in the Windows System Registry).
Formally, the Cryptographic Service consists of three components:
- the catalog database service verifies the digital signatures of Windows items;
- the key service allows you to enroll your own certificates;
- The Trusted Root Certificate Service provides interaction with trusted, “control” certificate stores.
The Cryptography Service can be disabled, but any processes, even remotely related to this functionality, most likely will not work (or will, but will try to restart the Service). This will be especially noticeable when interacting with the Google Chrome browser or with any video broadcasting services (twitch.tv, YouTube).
Cryptographic service is loading Windows disk
Let’s say we went through all the possible variants of the problem, and we see that it is the Cryptography Service that loads the disk on our brand new Windows 10. What should we do?
Open the Services application:
- in Windows 7, click “Start” => Run => services.msc, click OK;
- in Windows 10, just enter the word “Services” ( Services for English-speaking systems) in the search bar .
In the list that appears, we are looking for our Cryptography Service. Left-click on it twice – a window will open with all sorts of properties of the CryptSvc service. We are interested in the line ” Startup type ” (in English-speaking systems – Startup type ): select Disabled / Disabled. To disconnect the current session of the service, just below, click the “Stop” button. Click “Apply” and OK to close the window.
We open the system registry editor, similar to the previous service:
- in Windows 7, click “Start” => Run => regedit => OK;
- in Windows 10, enter regedit in the search bar.
On the left in the editor, you can see the directory tree of the system registry. The contents of these directories will open on the right.
You will need to get to the following address:
HKEY_CURRENT_USER Software Microsoft SystemCertificates Root
Right-click on Root and select the “Export” option. We save it to any place convenient for you. By doing this, we create a copy of this particular registry key, which can later be added back by double-clicking if something goes wrong.
Then we find the ProtectedRoots subdirectory at our address.
The full address will look like HKEY_CURRENT_USER Software Microsoft SystemCertificates Root ProtectedRoots
Right-click on it, select “Permissions”. In the window that opens, select the user on whose behalf the registry is being edited, and put a tick in front of the “Allow” option for the “Full Control” permission type. Click OK.
After that, delete (right button => Delete, or Del key), the Root directory with all the contents, and only it. We close the registry editor, restart the computer. The operating system will create new values for the registry, after which the problem with the incorrect allocation of resources for the Cryptographic Service processes will be resolved, and the service, if it has not yet turned on, can be tried to start again.
Did the solution in this article help you? Maybe something is missing here or there are some questions? Leave your comments and suggestions and do not forget to share your way of solving the problem if something else helped you!