If you dig into your Task Manager , chances are you will see one or more processes "COM Surrogate " run on a Windows PC. These processes have the filename "dllhost.exe and are part of the Windows operating system. You'll see them on Windows 10, Windows 8, Windows 7 and even versions aWindows interior.
RELATED: What is this process and why is it running on my PC?
This article is part of our current series explaining various processes found in Task Manager, such as Runtime Broker , svchost.exe , dwm.exe , ctfmon.exe , rundll32.exe , Adobe_Updater.exe , and many others . Don't know what these services are? Better start reading!
What is what COM Surrogate (dllhost.exe)?
COM means Component object model . This is an interface that Microsoft introduced in 1993 that allows developers to create" COM objects using a variety of different programming languages, basically these COM objects connect to and extend other applications.
For example, Windows File Manager uses COM objects to create thumbnails of images and other files when it opens a folder. The COM object manages the processing of images, videos and other files to generate the thumbnails. This allows File Explorer to be extended with support for new video codecs, for example.
However, this can cause problems. If a COM object hangs, it will kill its host process. At some point, it was common for these COM objects generating thumbnails to hang and stop the whole Windows Explorer process with them.
To resolve this type of problem, Microsoft created the COM substitution process. The COM substitution process executes a COM object outside the original process that requested it. If the COM object hangs, it will only kill the COM Surrogate process and the original host process will not hang. For example, the ExplWindows Speaker (now called File Explorer) starts a COM substitution process whenever it needs to generate thumbnail images. The COM substitution process hosts the COM object that does the work. If the COM object hangs, only the COM Surrogate hangs and the original File Explorer process will continue to work.
"In other words ", like the official Microsoft blog The Old New Thing says it, " the COM substitution is the I don't feel good with this code, so I'm going to ask COM to host it in another process. That way, if it crashes, it's the COM Surrogate sacrificial process that crashes for me. . "
And, as you have it perhaps guessed, COM Surrogate is named "dllhost.exe " because the COM objects it hosts are .dll files .
How to find out whichCOM object a substitute COM hosts?
The standard Windows task manager does not give you more information about the COM object or the DLL file hosted by a COM substitution process. If you wish to see this information, we recommend the Process Explorer tool. Microsoft. Download it and you can just hover over a dllhost.exe process in Process Explorer to see which COM object or DLL file it hosts.
As we can see in the screenshot below, this particular dllhost.exe process hosts the CortanaMapiHelper.dll object.
Can I deactivate it?
You cannot deactivate the COM substitution process, because it is a necessary part of Windows. It is really just a container process used to run COM objects that other processes want to run. For example, Windows Explorer (or Windows Explorer files) regularly creates a COM surrogate process to generate thumbnails when you open a folder. Other programs you use can also create their own COM Surrogate processes. All dllhost.exe processes on your system have been started by a other program to do whateverthing the program wants to do.
Is it a virus?
The COM substitution process itself is not a virus and is an integral part of Windows. However, it can be used by malware. For example, the malware Trojan.Poweliks uses dllhost. exe process to do your dirty work. If you see a large number of dllhost.exe processes running and they are using a noticeable amount of CPU, this could indicate that the COM Surrogate process is being abused by a virus or other malicious application.
RELATED: What is the best antivirus for Windows 10? (Is Windows Defender enough?)
If you suspect that malware is abusing the dllhost.exe or COM Surrogate process, you should run a scan with your ant programivirus preferred to scan for and remove malware from your system. If the antivirus program of your choice indicates that all is well but you are wary, run a scan with another antivirus tool to get a second opinion.