How to Troubleshoot COM Surrogate Issues in Windows 10

Ben Stegner 11-12-2017

Have you ever opened up the Windows Task Manager and wondered what half of the entries are How to Handle Suspicious Windows Task Manager Processes CTRL + ALT + DEL aka three-finger salute is the quickest way to add to your confusion. Sorting through Task Manager Processes, you may notice something like svchost.exe using 99% of your CPU. So now... Read More ? While newer versions of Windows have friendlier names How Windows Has Become More User-Friendly, 5 Examples Over time, Windows has smoothed rough edges and created a more user-friendly experience, especially for novice users. Here are five big reasons that Windows is easier to use than ever before. Read More for most processes, finding out exactly what they do is tough.


One process you might have seen is COM Surrogate, also called dllhost.exe. What is this process for, why does it run, and does it mean you have a virus? Read on to find out.

What Is COM Surrogate?

According to Microsoft, COM Surrogate “is a fancy name for [s]acrificial process for a COM object that is run outside of the process that requested it.” That’s not clear at all, so let’s break that definition down and look at a few examples.

COM Surrogate Process in Windows Task Manager

First, a COM (which stands for Component Object Model) object is essentially a Microsoft-designed standard for software created so that processes can easily talk to each other. For example, say you have an Excel spreadsheet embedded in a Word document 8 Surprising Ways You Can Import Data into Microsoft Word Knowing how to import data into Microsoft Word from any source, including Excel, PDF files, or other Word documents, can save you a lot of time. We'll show you all the tricks. Read More . Seeing the changes you make in Excel automatically update the Word spreadsheet is possible thanks to these shared objects.

These COM objects, as is evident from the process name, are really DLL files. These reside in protected Windows folders 5 Default Windows Files and Folders You Should Never Touch Windows contains countless default files and folders, many of which the average user shouldn't touch. Here are five folders you should leave alone to avoid damaging your system. Read More and let the operating system (OS) function as it’s supposed to.


What’s the Sacrifice?

Next, we should examine what “sacrificial process” means. For that, we turn to another example.

A common use for COM Surrogate is the File Explorer building thumbnails. In older versions of Windows, the Explorer process would try to generate thumbnails under itself. This often resulted in crashes because thumbnail extractors aren’t always reliable.

You may have seen this behavior yourself: opening a folder with hundreds of images or a file type that Windows didn’t expect would sometimes cause Explorer to crash in the old days.

So, whenever File Explorer thinks that a crash may soon occur, it creates a COM Surrogate process to handle the risky behavior. In this case, when you open a folder that has a lot of thumbnails to generate, File Explorer passes the job off to COM Surrogate. That way, if the thumbnail loading crashes, the Explorer process doesn’t go down with it.


Can I Kill This Process?

Unlike some other important Windows processes 7 Windows Task Manager Processes You Should Never Kill Some Windows processes can freeze or crash your system if terminated. We'll show you which Task Manager processes you should leave alone. Read More , you can open the Task Manager (Ctrl + Shift + Esc) and kill any COM Surrogate processes you see. However, doing so usually isn’t a good idea. Programs create these processes whenever they need them to perform some action, so killing them will stop whatever they’re working on.

You can’t disable COM Surrogate, as it only runs when another program requests it.

How Do I See Which Process Started It?

The Task Manager, basic as it is, doesn’t let you see detailed info about COM Surrogate processes. Since you’ll often see multiple copies of it running, you might wonder which programs started them. For that, you’ll need to download Process Explorer, one of the best Task Manager alternatives 5 Powerful Alternatives to the Windows Task Manager The Windows Task Manager is good, but it lacks a few features. Try these alternative task managers for Windows instead! Read More .

Process Explorer gives loads of details about what’s running on your computer, and it can tell you what process started a COM Surrogate. Look through the list for a dllhost.exe process — they have COM Surrogate in the Description field. Mouse over it, and you’ll see some info about what’s responsible for it.


If you can’t find any dllhost processes, press Ctrl + F to open the search bar. Enter dllhost.exe to easily find all instances of it. If you don’t see any, it’s possible that no programs are using COM Surrogates at the moment.

In the below example, we’ve found that this COM Surrogate is handling thumbnails.

COM Surrogate Process Origin in Process Explorer

How Can I Fix a COM Surrogate Crash?

You likely haven’t ever noticed COM Surrogate unless you’ve seen an error that lets you know it stopped working and affects your Windows 10 performance 14 Ways to Make Windows 10 Faster and Improve Performance It's not hard to make Windows 10 faster. Here are several methods to improve the speed and performance of Windows 10. Read More . Most of the time, a particular file will cause this error, usually related to thumbnails. If you see COM Surrogate errors regularly, here are a few solutions you can try:


Windows 10 Disk Cleanup

  • Identify the problematic file. Use the Process Explorer, as discussed above, to see what file dllhost is trying to access. If it points to a specific file, that’s almost certainly your problem. Delete that file and see if the problems subside.
  • Remove COM Surrogate from the Data Execution Prevention list. Windows uses something called Data Execution Prevention (DEP) to prevent malicious code from running on your system. You can exclude certain processes from this list, and doing so for COM Surrogate could stop the error.
    • Type advanced system into the Start Menu and select View advanced system settings. Click the Settings button under the Performance tab, then select the Data Execution Prevention tab.
    • Choose the second option, Turn on DEP for all programs… and click the Add button.
    • Browse to C:\Windows\System32\dllhost.exe on a 32-bit system, or C:\Windows\SysWOW64\dllhost.exe on 64-bit Windows. Click OK to save your changes.

Data Execution Prevention

Can This Signify a Virus?

The normal COM Surrogate process is a normal part of Windows and isn’t malicious. However, some malware has been known to use dllhost processes for nefarious purposes. Seeing a large number of COM Surrogate entries in the Task Manager using a lot of the CPU How to Fix High CPU Usage in Windows Does your PC suffer from high CPU usage up to 100%? Here's how to fix high CPU usage in Windows 10. Read More is a sign that you could have an infection.

Because this type of malware mimics important system processes and files, we don’t recommend trying to remove it on your own. You might end up deleting a critical file by mistake. Instead, run a scan with your installed antivirus The Best Antivirus Software for Windows 10 Want to tighten security on your PC? Here are the best antivirus software options for Windows 10. Read More and then try a second one to make sure you’re clean.

Consult our list of the best nag-free antivirus programs Top Free Antivirus Apps Without Nag Screens and Bloatware Nagging antivirus apps are a huge pain. You don't have to put up with them, even for free. Here are the best antivirus programs that don't come with popups or bundled junk. Read More if you need a recommendation. Don’t forget that you can run a scan with Windows Defender even if you don’t use it all the time (though you probably should 4 Reasons to Use Windows Defender in Windows 10 In the past, Windows Defender was overshadowed by other options, but now it's quite a contender. Here are a few reasons why you should consider dropping your security suite in favor of Windows Defender. Read More ).

Type defender into the Start Menu and open Windows Defender Security Center. Select Virus & threat protection, then click the Quick scan button to run a scan.

Windows Defender Security Center Virus and Threat Protection

No matter which antivirus you use, getting a second opinion from the venerable Malwarebytes is smart too.

That’s All for COM Surrogate

We’ve covered everything you should know about the COM Surrogate process. As it turns out, this process is a helper that another program can create when it wants to outsource some task. Because of this, you’ll see various numbers of COM Surrogate running at different times. You know what to do to troubleshoot crashes, and what to look for to detect a virus.

For more Windows knowledge, check out our newcomer’s guide to PC troubleshooting Windows Troubleshooting for Dummies Windows takes a lot of crap for problems outside of its control. Learn about the biggest issues people incorrectly pin on Windows and how to actually troubleshoot them. Read More .

Have you ever noticed the COM Surrogate process running on your PC? Has it had issues with crashing, and what fixed it for you? Share with us in the comments!

Image Credit: Jeanette.Dietl/Depositphotos

Related topics: File Explorer, Troubleshooting, Windows 10, Windows Task Manager.

Affiliate Disclosure: By buying the products we recommend, you help keep the site alive. Read more.

Whatsapp Pinterest

Leave a Reply

Your email address will not be published. Required fields are marked *