If you are someone who is very curious about the internals of the Windows operating system, you might have noticed “COM Surrogate” processes running in the task manager of your Windows PC. You will find these on Windows 10, Windows 8, Windows 7 and even in the older versions of Windows. If you inspect more by right-clicking on “COM Surrogate” -> Open file location, you’ll see “dllhost.exe” file available under System32 folder as the host of these processes.
Today, I will explain what these processes are all about and whether you can disable it or not. So, let’s get started..!!
What is COM Surrogate (dllhost.exe)?
First of all, I would like to make it clear that the COM Surrogate process is important of Windows operating system. It’s used by various applications to get their tasks done. In order to understand it better, let’s deep dive into it.
COM or Component Object Model is an independent and distributed object-oriented system for creating interactive binary software components. Microsoft introduced this interface long back in 1993 and allowed developers to create “COM objects” using various programming languages. These objects can be used by other applications to extend their functionalities.
If I talk about Windows File Explorer, it utilizes COM objects for handling the processing of thumbnails whenever you open a folder that contains images, videos, etc. However, there was a big problem with these objects. If a COM object got crashed, it leads to the crashing of its host process also. And as a result, the entire Windows File explorer get down and becomes unusable.
Then, Microsoft came up with a beautiful solution called COM Surrogate process to fix this crashing issue. The COM Surrogate process allowed the operating system to run COM objects outside the parent process that requested it. In case the COM object crashes for any reason, it won’t affect the host process.
Taking the same example again, if Windows File Explorer requires to generate thumbnail files, it can now start a COM Surrogate process, which hosts the COM object for doing the job. Now, even if the COM object process crashes, it will only affect the COM Surrogate process. The File Explorer, which is the host application, won’t be affected and will keep on running.
Lastly, COM Surrogate is also known as dllhost.exe because the COM objects it hosts are .dll (dynamic link library) files.
How to Know More About the COM Object a COM Surrogate is Hosting?
If you want to know more about the COM Surrogate processes running in your Windows Task Manager, you will need a special tool for that. I recommend installing Process Explorer from Microsoft’s website. Once everything ready, you can just hover your mouse over the dllhost.exe and see more details about the COM objects and related DLL files.
Can I Disable COM Surrogate?
No, you cannot disable COM Surrogate. It’s like a primary process used to run COM objects as required by other processes in your computer. It’s an important part of the operating system being utilized for tasks we can’t even think of.
In the example above, I have explained that Windows File Explorer need to create COM Surrogate process to generate thumbnail files whenever you open any folder. Similarly, all the other COM Surrogate processes are started by other programs to perform tasks required by them.
Is COM Surrogate a Virus?
COM Surrogate is not a virus. It’s an essential part of the Windows operating system. However, there are cases in the past where some malware have used dllhost.exe process to fulfil their bad intentions. Now, the question is how will you identify that malware is abusing COM Surrogate in your PC?
First, if you notice a large number of dllhost.exe processes running using a significant amount of CPU, this could be the indication that some malware is using the COM Surrogate processes in the wrong way.
Second, you also right-click on the dllhost.exe process and choose Open file location from the options to know the exact location of the file. If the location of dllhost.exe is not under C:\Windows\System32, then this may be a sign of malware.
In these cases, you should immediately scan your computer with anti-malware software and get your system cleaned. I hope this article gave you enough knowledge about COM Surrogate and its usage in Windows.