Have you ever opened up the Windows Task Manager and wondered what half of the entries are? While newer versions of Windows have friendlier names for most processes, finding out exactly what they do is tough.
One process you might have seen is COM Surrogate, also called dllhost.exe. What is this process for, why does it run, and does it mean you have a virus? Read on to find out.
What Is COM Surrogate?
According to Microsoft, COM Surrogate “is a fancy name for [s]acrificial process for a COM object that is run outside of the process that requested it.” That’s not clear at all, so let’s break that definition down and look at a few examples.
First, a COM (which stands for Component Object Model) object is essentially a Microsoft-designed standard for software created so that processes can easily talk to each other. For example, say you have an Excel spreadsheet embedded in a Word document. Seeing the changes you make in Excel automatically update the Word spreadsheet is possible thanks to these shared objects.
These COM objects, as is evident from the process name, are really DLL files. These reside in protected Windows folders and let the operating system (OS) function as it’s supposed to.
What’s the Sacrifice?
Next, we should examine what “sacrificial process” means. For that, we turn to another example.
A common use for COM Surrogate is the File Explorer building thumbnails. In older versions of Windows, the Explorer process would try to generate thumbnails under itself. This often resulted in crashes because thumbnail extractors aren’t always reliable.
You may have seen this behavior yourself: opening a folder with hundreds of images or a file type that Windows didn’t expect would sometimes cause Explorer to crash in the old days.
So, whenever File Explorer thinks that a crash may soon occur, it creates a COM Surrogate process to handle the risky behavior. In this case, when you open a folder that has a lot of thumbnails to generate, File Explorer passes the job off to COM Surrogate. That way, if the thumbnail loading crashes, the Explorer process doesn’t go down with it.
Can I Kill This Process?
Unlike some other important Windows processes, you can open the Task Manager (Ctrl + Shift + Esc) and kill any COM Surrogate processes you see. However, doing so usually isn’t a good idea. Programs create these processes whenever they need them to perform some action, so killing them will stop whatever they’re working on.
You can’t disable COM Surrogate, as it only runs when another program requests it.
How Do I See Which Process Started It?
The Task Manager, basic as it is, doesn’t let you see detailed info about COM Surrogate processes. Since you’ll often see multiple copies of it running, you might wonder which programs started them. For that, you’ll need to download Process Explorer, one of the best Task Manager alternatives.
Process Explorer gives loads of details about what’s running on your computer, and it can tell you what process started a COM Surrogate. Look through the list for a dllhost.exe process — they have COM Surrogate in the Description field. Mouse over it, and you’ll see some info about what’s responsible for it.
If you can’t find any dllhost processes, press Ctrl + F to open the search bar. Enter dllhost.exe to easily find all instances of it. If you don’t see any, it’s possible that no programs are using COM Surrogates at the moment.
In the below example, we’ve found that this COM Surrogate is handling thumbnails.
How Can I Fix a COM Surrogate Crash?
You likely haven’t ever noticed COM Surrogate unless you’ve seen an error that lets you know it stopped working and affects your Windows 10 performance. Most of the time, a particular file will cause this error, usually related to thumbnails. If you see COM Surrogate errors regularly, here are a few solutions you can try:
- Update/uninstall any codec packs and media software. If you use software like the K-Lite codec pack, or media tools such as DivX or Nero, something with them could cause this problem. Consider uninstalling them, as you really don’t need these codec packs anymore since VLC plays everything, and Nero has plenty of free alternatives.
- Install Windows Updates. Some people have reported that installing the latest updates solves this issue. It’s not always the solution, but it’s an easy first step. Perhaps there’s some small hiccup with a particular file type that Microsoft fixed with the latest patches.
- Delete existing thumbnails. If a corrupted thumbnail is causing COM Surrogate to crash, you can remove it using the Disk Cleanup tool. This will force Windows to rebuild the thumbnail cache, which could clear up the problem.
- Identify the problematic file. Use the Process Explorer, as discussed above, to see what file dllhost is trying to access. If it points to a specific file, that’s almost certainly your problem. Delete that file and see if the problems subside.
- Remove COM Surrogate from the Data Execution Prevention list. Windows uses something called Data Execution Prevention (DEP) to prevent malicious code from running on your system. You can exclude certain processes from this list, and doing so for COM Surrogate could stop the error.
- Type advanced system into the Start Menu and select View advanced system settings. Click the Settings button under the Performance tab, then select the Data Execution Prevention tab.
- Choose the second option, Turn on DEP for all programs… and click the Add button.
- Browse to C:\Windows\System32\dllhost.exe on a 32-bit system, or C:\Windows\SysWOW64\dllhost.exe on 64-bit Windows. Click OK to save your changes.
- Scan your hard drive for problems. If this problem occurs with no patterns, you should run a few scans on your computer. At the Command prompt, use the SFC command to repair Windows files and the CHKDSK command to check for hard drive errors.
- Re-register a few DLL files in the Command Prompt. In the Command Prompt, running the commands regsvr32 vbscript.dll and regsvr32 jscript.dll will re-register two DLLs that could fix the COM Surrogate crash.
- Check your antivirus. Some have reported that Kaspersky antivirus conflicts can cause this issue. Try disabling antivirus protection and see if accessing that file/folder still results in an error.
- If you don’t use them, you can disable thumbnails completely.
Can This Signify a Virus?
The normal COM Surrogate process is a normal part of Windows and isn’t malicious. However, some malware has been known to use dllhost processes for nefarious purposes. Seeing a large number of COM Surrogate entries in the Task Manager using a lot of the CPU is a sign that you could have an infection.
Because this type of malware mimics important system processes and files, we don’t recommend trying to remove it on your own. You might end up deleting a critical file by mistake. Instead, run a scan with your installed antivirus and then try a second one to make sure you’re clean.
Consult our list of the best nag-free antivirus programs if you need a recommendation. Don’t forget that you can run a scan with Windows Defender even if you don’t use it all the time (though you probably should).
Type defender into the Start Menu and open Windows Defender Security Center. Select Virus & threat protection, then click the Quick scan button to run a scan.
No matter which antivirus you use, getting a second opinion from the venerable Malwarebytes is smart too.
That’s All for COM Surrogate
We’ve covered everything you should know about the COM Surrogate process. As it turns out, this process is a helper that another program can create when it wants to outsource some task. Because of this, you’ll see various numbers of COM Surrogate running at different times. You know what to do to troubleshoot crashes, and what to look for to detect a virus.
For more Windows knowledge, check out our newcomer’s guide to PC troubleshooting.
Have you ever noticed the COM Surrogate process running on your PC? Has it had issues with crashing, and what fixed it for you? Share with us in the comments!
Image Credit: Jeanette.Dietl/Depositphotos