COM Surrogate (dllhost.exe) Explained: Is it Dangerous?

The “COM Surrogate” process is a staple feature in your Task Manager. Just open it, and you will see a couple of them there. They are labeled as “dllhost.exe,” and they form a part of your Windows OS.

Most Windows versions have them (10, 8 and 7), and you can even find them in the earlier versions as well.

What is This Strange Process?

COM is short for Component Object Model. Microsoft first introduced this interface in 1993, and its purpose is to help developers create “COM objects.” They can do that by using various programming languages. In a nutshell, these objects can extend other applications when they plug into them.

People also call it the “dllhost.exe” process because it hosts .dill files (those are the COM objects).

If this all sounds strange, then don’t worry. We’ll use an example to explain it further.

COM Objects & Windows File Manager

Windows File Manager uses these objects to generate thumbnails in folders. When you select that view option, the images and the folders will appear in thumbnail size. The COM object does this by processing different videos, pictures, and files. Thus, File Explorer can then support new video codecs.

Possible Problems

Nevertheless, that can also result in certain issues. The host process can disappear if the COM object crashes. That problem was not uncommon at one point. What’s more, COM objects (the ones that generate thumbnails) regularly crashed and took down the whole Windows Explorer process at the same time.

Is There a Way to Fix This Problem?

To solve this issue, Microsoft introduced the COM Surrogate process. When implemented, the COM object takes down only this particular process – and the original host process (for example, Windows Explorer) stays intact. Essentially, the COM Surrogate process takes the hit for the original one because it can run a COM object outside of it.

The COM Surrogate process is the martyr. Whenever you feel like the code is not that great, you can tell COM to use another process for it. Hence, if it does crash, only the COM Surrogate goes down – not the original.

How to Get More Information About COM Objects

Your regular Windows Task Manager won’t help find out which COM object (or .dill file) the process is hosting. Therefore, you will need to download a specific tool – for example, the Process Explorer Tool from Microsoft.

Once you download it, you can then hover over the process with your mouse and find out which DLL file or COM object it’s hosting. In this particular screenshot, the object in question is CortanaMapiHelper.dll

COM Surrogate Process

Should I Disable It?

Well, even if you want to, you cannot disable it. Windows needs it to function correctly. Think about it this way – all of the dllhost.exe processes were started by programs you use. They have to create them so that the processes can do what the program tells them to do.

Take Windows Explorer (also known as File Explorer), for example. To generate thumbnails, it needs to create this process. That way, once you go into the folder, you can clearly see the thumbnails.

Should I be Scared of It?

You can rest assured – the COM Surrogate process is an essential part of your OS. Nevertheless, even though it’s not a virus, malware can sometimes use it to harm your computer. An example of this type of malware would be the Trojan.Poweliks.

How Will I Know if There’s a Problem?

A clear indicator is high CPU usage. If you notice that there are many of these dllhost.exe processes running, then you will also spot the extreme CPU usage. That could mean that a type of malware is abusing the COM Surrogate process.

If you are worried about it, you can always scan your computer with an antivirus program. If a result pops up, you can then safely remove it. Of course, if there are no results, but you’re still worried, you can use other antivirus tools as well to confirm it.


Please enter your comment!
Please enter your name here