You find something called rpcsvchost while using Activity Monitor to see what’s running on your Mac. What is this process, and should you be worried? In a word, no: rpcsvhost is a core part of macOS.
This article is part of our ongoing series explaining various processes found in Activity Monitor, like kernel_task, hidd, mdsworker, installd, WindowServer, blued, launchd, backup, opendirectoryd, and many others. Don’t know what those services are? Better start reading!
Today’s process, rpcsvchost, is a tool used to connect with certain kinds of networks, particularly Microsoft ones. To quote the man page for rpcsvchost:
rpcsvchost is a very simple environment for hosting DCE/RPC services. It loads DCE/RPC services from the list of plugins given as arguments, binds to an appropriate set of endpoints and listens for protocol requests.
So now we know this is a process that helps coordinate networking, but that doesn’t clarify things because we don’t know what DCE/RPC is. It turns out this stands for Distributed Computing Environment / Remote Procedure Calls.
All sorts of network services use DCE/RPC, perhaps most notably Microsoft Exchange. Apple added DCE/RPC support back in 2010 as part of Mac OS X Lion 10.7. Apple’s implementation of DCE/RPC is available on macOS Forge, which is where Apple hosts the source code for its open source projects.
DCE/RPC is an implementation of the Remote Procedure Call technology developed by the Open Group as part of the Distributed Computing Environment. DCE/RPC is most commonly used to interact with Windows network services.
Apple provides a list of links to further documentation for the truly curious, but for the most part, all you need to know is that rpcsvchost enables your Mac to connect with certain kinds of networks.
If rpcsvchost is using up a lot of CPU power, you might be having trouble connecting to a Microsoft Exchange server, or some other networking service that uses DCE/RPC. If this is the case, those apps are probably also using a lot of CPU power, so force quit them and see if that helps.
It’s also possible, though not probable that a piece of malware is using DCE/RPC to phone home. Here’s how to remove malware from your Mac, just in case.