Is pwsh.exe Safe?
✔ NO - Safe
Must be in C:\Program Files\PowerShell\7\pwsh.exe or C:\Program Files (x86)\PowerShell\7\pwsh.exe. Any pwsh.exe elsewhere is suspicious.
Warning
Multiple pwsh.exe processes may run
PowerShell can spawn child processes for jobs, remoting, or pipelines; use Task Manager to identify which host is active.
Can I Disable?
✔ YES
Close shells when not in use; pwsh.exe is not normally auto‑started, but you can disable startup tasks if installed via a package manager.
What is pwsh.exe?
pwsh.exe is the PowerShell Core executable, Microsoft's modern cross‑platform automation and scripting shell. It runs commands and scripts, loads modules, and supports remoting and .NET integrations. It operates on Windows, macOS, and Linux, making repetitive admin tasks repeatable and auditable.
PowerShell Core runs as pwsh.exe using the .NET runtime. It hosts the PowerShell engine, executes cmdlets from modules, and streams objects through pipelines. It supports remote sessions, scripting, and automation across platforms.
Quick Fact: PowerShell Core introduced pwsh.exe to unify cross‑platform scripting; it runs on .NET Core and works on Windows, macOS, and Linux.
Types of PowerShell Processes
- Interactive PowerShell Process: Pwsh.exe running in an interactive session (CLI or Windows Terminal)
- Script Execution Process: Runs a .ps1 script file or a single command
- Remoting Process: Handles remote sessions via SSH/WinRM
- Background Job Process: Executes background jobs or scheduled tasks
- Module Loader Process: Loads and runs modules and cmdlets
- Utility / Daemon Process: Long‑running tasks or automation daemons
Is pwsh.exe Safe?
Yes, pwsh.exe is safe when it's the legitimate file from Microsoft downloaded from official sources.
Is pwsh.exe a Virus or Malware?
The real pwsh.exe is NOT a virus. However, malware can masquerade as pwsh.exe with deceptive paths.
How to Tell if pwsh.exe is Legitimate or Malware
- File Location: Must be in C:\Program Files\PowerShell\7\pwsh.exe or C:\Program Files (x86)\PowerShell\7\pwsh.exe. pwsh.exe elsewhere is suspicious.
- Digital Signature: Right-click pwsh.exe -> Properties -> Digital Signatures. Should show "Microsoft Corporation".
- Resource Usage: Normal idle CPU is low; sustained high usage while idle is suspicious.
- Behavior: Pwsh.exe should not start unexpected background tasks or remote sessions without user action.
Red Flags: If pwsh.exe is not signed by Microsoft, located in unusual folders (Temp, AppData, or System32), or runs without a user action, scan with antivirus and verify origin.
Why Is pwsh.exe Running on My PC?
pwsh.exe runs when you start a PowerShell session, execute a script, or run automation via scripts, tasks, or remoting. It may also appear in conjunction with developer tools and IDEs.
Reasons it's running:
- Active PowerShell Sessions: You have an interactive pwsh session open in Terminal, PowerShell ISE, or VS Code.
- Automation or Scheduling: Scheduled tasks, CI pipelines, or automation scripts launch pwsh.exe to perform jobs.
- Remoting and Remote Commands: PowerShell remoting (SSH/WinRM) starts pwsh.exe on remote targets or as part of remote jobs.
- Background Jobs: Long-running background jobs use pwsh.exe to process tasks asynchronously.
- Integrated Development Environments: VS Code, Windows Terminal, or other IDEs spawn pwsh.exe for integrated debugging and script execution.
Can I Disable or Remove pwsh.exe?
Yes, you can disable pwsh.exe. Close PowerShell windows when not in use and uninstall PowerShell 7 if needed. Legacy Windows PowerShell (powershell.exe) is separate.
How to Stop pwsh.exe
- Close Active Sessions: Close the PowerShell window or type Exit to end the session
- Terminate Background Jobs: In a running pwsh session, run Get-Job | Stop-Job or Remove-Job
- Prevent Startup: Task Manager > Startup tab > Disable PowerShell 7 (if installed via package manager)
- Uninstall PowerShell 7: Settings > Apps > Apps & Features > PowerShell 7 > Uninstall
- Disable Remoting / Scripts: Set-Item WSMan:\\localhost\Client\TrustedHosts -Value '*' or adjust execution policy to restrict scripts
How to Uninstall PowerShell 7
- ✔ Windows Settings → Apps → Apps & Features → PowerShell 7 → Uninstall
- ✔ Control Panel → Programs → Uninstall a program → PowerShell 7 → Uninstall
- ✔ If you rely on Windows PowerShell (5.1), consider leaving it installed; you can remove only the PowerShell 7 package.
Common Problems: High CPU or Memory Usage
If pwsh.exe is consuming excessive resources:
Common Causes & Solutions
- Too Many Active Sessions or Large Scripts: Close unused pwsh windows or split tasks into smaller scripts
- Heavy Modules or CMDlets: Disable unnecessary modules or optimize scripts; use -NoProfile for lean sessions
- Background Jobs Running Continuously: Get-Job | Remove-Job and review scheduled tasks
- Execution Policy Restrictions: Set-ExecutionPolicy -Scope CurrentUser -ExecutionPolicy RemoteSigned or Bypass (admin as needed)
- Outdated PowerShell Version: Update PowerShell to the latest release from github.com/PowerShell or the official installer
- Remoting or Network Activity: Ensure PSRemoting is properly configured and firewall allows necessary ports
Quick Fixes:
1. Close inactive pwsh windows and cancel long-running jobs
2. Launch pwsh with -NoProfile and -NoLogo for lighter startup
3. Update modules and PowerShell version to latest
4. Check for rogue scripts in startup tasks
5. Review remote sessions and disable if unnecessary
Frequently Asked Questions
Is pwsh.exe safe?
Yes, pwsh.exe from Microsoft is a legitimate PowerShell Core executable. Verify its location at C:\Program Files\PowerShell\7\pwsh.exe and that it is digitally signed by Microsoft.
Where is pwsh.exe located?
PowerShell Core pwsh.exe typically resides at C:\Program Files\PowerShell\7\pwsh.exe. If you find it elsewhere, verify the path and digital signature before running.
Can pwsh.exe be a virus?
Pwsh.exe itself is not a virus, but attackers can disguise malware under the same name. Always confirm the path and signature.
How do I disable pwsh.exe from starting automatically?
Disable any startup tasks or auto‑launch mechanisms in Task Manager or the process that started pwsh.exe (VS Code, Terminal profiles, etc.).
How do I uninstall PowerShell?
Uninstall PowerShell 7 from Settings > Apps > Apps & Features > PowerShell 7. Windows PowerShell 5.1 is built into Windows and cannot be uninstalled.
Why are there multiple pwsh.exe processes?
PowerShell runs in separate processes for different sessions, scripts, and remoting tasks. Each pwsh.exe may host a distinct runspace or job.