BleepingComputer.com: TCPView

Hi there, I read here often but haven't posted before. I have been using TCPView to get a feel for the connections my computer makes but I don't understand a couple of things that are going on with it, can someone here give me the quick scoop? (I tried sysinternals but find that site *really* hard to understand.)

My question is, what are "system processes"? I notice I often have system processes connecting to various places, such as lately, paypal. I rarely ever use paypal and don't know why my computer would be connecting to it? is it perhaps something to do with a site I am on at the time? (but, if so, why is it "system process" and not "firefox" that is connecting?) or maybe paypal shares a server with something else? I don't think my computer is infected but I'm just curious what is going on and trying to learn. (I have Avira and Malwarebytes and scan often.) I tried ending one of these connections once and it shut down my computer.

TCPView tutorials are hard to come by and I'd like to understand more what it is telling me!
Thx!

Quote

Sysinternals Forum > Post #2: TCPView System Process

System Idle process is used for measuring how much idle time the CPU is having at any particular time (100% minus the sum of all tasks CPU usage). It accounts for processor time when the system is not processing other threads and will display how much CPU resources, as a percentage are 'idle' and available for use. One instance of this process operates per CPU, and runs to occupy the processor when other threads are not running. System Idle process also issues HLT commands which put unused parts of the CPU into a suspend mode, thereby cooling the processor. Normally this process should take up at least 90%+ of processor time on average (this is the value in the CPU column). In non-technical terms, this figure represents how much CPU time has not been requested by anything else on your system.

System is a process in NT "kernel mode" that contains most of the system threads and handles various basic system functions. When Windows loads, the Windows kernel starts and runs in kernel mode to set up paging and virtual memory. It then creates some system processes and allows them to run in "user mode" but restricts their access to critical areas of the operation system. The User mode processes must request use of the kernel by means of a system call in order to perform privileged operations on their behalf. Kernel mode has full access to system resources and controls scheduling, thread prioritization, interrupt handlers, memory management and the interaction with hardware. The system process cannot be terminated. For more detailed information, refer to:

• User Mode vs Kernel Mode
  
• Architecture of Windows NT
  
• Understanding System Call Execution

My 2 cents :

System:4 It is the NT kernel providing NetBIOS and MS Directory services. NetBIOS is used for connections over LAN. MS DS is used for file sharing over SMB port.

System Process:0 When an application (like Firefox) makes connection to a server over the internet and suddenly exits, then the connections to those addresses are active but the process is closed. So TCP View shows them under the [System Process:0] until the connections are closed.

Oh, ok, that makes sense! Thanks much for the reply!

You're welcome on behalf of the Bleeping Computer community.