What is COM Surrogate in Windows 10 and is it a virus?

What is COM Surrogate in Windows 10 and is it a virus?

Have you ever noticed the process COM Surrogate in the Windows 10 task manager? I was looking through the list of processes and noticed two of them running on my system.

Understanding the different processes in the task manager can be a real challenge. I've already written a detailed post about svchost.exe, which is a process that hosts several Windows services. There can easily be 10 to 15 of these running on your system at any time.

In this article, you'll take a quick look at what COM Surrogate in Windows 10 and whether you need to worry or not.

What is COM Surrogate?

COM Surrogate one of those processes where you really have no idea what it looks like. It does not have a custom icon and is there without providing much information about what it does.

Sometimes, there are multiple COM Surrogate processes running simultaneously. If you go to the task manager, you will normally see two running.

If you right-click on both and choose Go to Details, you will see that the process name actually dllhost.exe. You will also notice that the process runs with your username and not with accounts System or Local Service or Network Servic .

Fortunately, COM Surrogate is not a virus (most often). a legitimate Windows 10 process that runs in the background. It is called dllhost because the process hosts DLL files. This probably doesn't make sense, so let's explain in more detail.

Basically, Microsoft has created an interface for developers to create extensions to programs called COM objects. This is also used for some programs in Windows 10. For example, in Windows Explorer there is a COM object that allows you to create thumbnails for images and videos in a folder.

However, the big problem with these COM objects was that they blocked and carried with them the Explorer process. This meant that the entire system crashed if a COM object failed for any reason.

To solve this problem, Microsoft approached the process COM Surrogate which basically executed the COM object in a separate process from the one that required it. Then in the Explorer example, the COM object would not run in the explorer.exe process, but in this newly created COM surrogate process.

Now, if the COM object crashes, it has only eliminated the COM surrogate process and Explorer will continue to work. Smart enough, right?

Actually, if you download Process Explorer, you can see the COM object I'm referring to above.

If you hover the mouse over the dllhost.exe entry, you can see the COM class Microsoft Thumbnail Cache, which the extension used to create thumbnails in Windows Explorer.

Can COM surrogate be a virus?

There have been cases in the past where Trojans and viruses have hidden themselves in the Windows operating system by masquerading as COM Surrogate and other Windows processes.

If you open the task manager, right-click on the process and choose Open file path, you will be able to find the source path for the process.

If the COM Surrogate process leads to a file called "dllhost" in the folder C: Windows System3 2, unlikely to be a virus. If it leads elsewhere, you must immediately run a virus scan.

Usually, the COM surrogate uses very little memory and CPU and there are only one or two instances running. If there are many dllhosts.exe processes or the process is consuming more than 1-2 percent of the CPU, I would suggest running an offline virus scan, which can better detect the most difficult hidden viruses.

It is hoped that reading this article has taught you one or two things about COM Surrogate and Windows 10 background processes. Going forward, you should be less worried about seeing processes like this running in the background.

If you still have questions, leave a comment and we'll try to help. To enjoy!