Have you ever noticed the COM Surrogate process in Windows 10 Task Manager? I was looking through the list of processes and noticed that two of them are running on my system.
Understanding the various processes in Task Manager can be quite challenging. I already wrote a detailed post about svchost.exe, the process that hosts various Windows services. At any given time, from 10 to 15 such devices can be running on your system.
In this article, I will briefly explain what COM Surrogate is in Windows 10 and whether you need to worry about it or not.
What is COM surrogate?
COM Surrogate is one of those processes that when you look at it you really have no idea what it is doing. It doesn’t have a dedicated badge, and it sits there without giving details of what it does.
Sometimes multiple COM Surrogate processes are running concurrently. If you go to the task manager, you will usually see two of them working.
If you right click on any of them and select “Go to Details”, you will see that the process name is actually dllhost.exe. You will also notice that the process runs under your username, not under system, local, or network service accounts.
Fortunately, COM Surrogate is not a virus (in most cases). This is a legitimate Windows 10 process running in the background. It is called dllhost because the DLL files are located in this process. It probably doesn’t make sense, so let’s explain it in more detail.
Essentially, Microsoft created an interface for developers to create program extensions called COM objects. This is also used for some programs in Windows 10. For example, there is a COM object in Windows Explorer that allows you to create thumbnails of images and videos in a folder.
However, the big problem with these COM objects was that they crashed and caused the Explorer process to stop working. This meant that your entire system would crash if the COM object crashed for any reason.
To fix this issue, Microsoft came up with the COM Surrogate process that basically started the COM object in a separate process, not the one that requested it. So, in the explorer example, the COM object will not run in the explorer.exe process, but will run in this newly created surrogate COM process.
Now, if the COM object crashes, it will only stop the COM Surrogate process and Explorer will continue running. Pretty smart, right?
In fact, if you load Process Explorer, you will see the COM object I am talking about above.
If you hover over the dllhost.exe entry, you can see that the COM class is Microsoft Thumbnail Cache, which is the extension used to create thumbnails in Explorer.
Could COM Surrogate be a virus?
In the past, there have been cases when trojans and viruses lurked in the Windows operating system, disguising themselves as a COM surrogate and other Windows processes.
If you open Task Manager, right-click the process and select “Open File Location”, you can find the original location for the process.
If the COM Surrogate process results in a file named “dllhost” in the C: Windows System32 folder, it is unlikely to be a virus. If this leads to something else, you should run a virus scan immediately.
Typically, a COM surrogate uses very little memory and CPU, and only one or two instances of it are running. If there are many dllhosts.exe processes, or the process is taking up 1 to 2 percent of your CPU, I would suggest doing an offline virus scan, which can better detect sneaky hidden viruses.
Hope that reading this article has taught you a thing or two about COM Surrogate and Windows 10 background processes. In the future, you should worry less about such processes running in the background.
If you still have questions, please leave a comment and we will try to help. Enjoy!