It's more mundane than you think
Looking through the list of processes on a Windows computer using Task Manager is a recipe for paranoia. There are plenty of strange-sounding programs running and usually no way for you to know what’s good or bad for your PC. The COM surrogate dllhost.exe is just one such process, but it’s much more mundane than you may think.
What Is COM Surrogate (dllhost.exe)?
COM is short for Component Object Model. This is something Microsoft introduced in the early 90s to make it easy for programmers to extend the functionality of existing software. In other words, it’s somewhat like a plugin system that lets you add new functions to existing programs such as Windows Explorer.
This is great for dynamically improving what a program can do, but there’s a downside. If a COM module is badly coded or crashes for some reason, it also crashes the program that it plugs into. That’s because both the COM and main program are running as one process.
That’s where COM surrogates come in. This approach lets the COM run in its own separate process, as if it were its own program. The main program and COM surrogate processes speak to each other as needed. But if the COM surrogate crashes for any reason, it doesn’t cause anything but its own process to crash. That makes for a much more stable system overall.
Is COM Surrogate (dllhost.exe) Safe?
Whether dllhost.exe is safe is a tricky question to answer, because it will depend on the specific COM that’s running. Usually they host benign processes that do useful things, but it’s not outside the realm of possibility that a badly-coded COM or malware piggybacking on the COM surrogate framework could cause damage or execute malicious code.
Finding COM Surrogate’s Location
There’s only one legitimate location for the dllhost.exe file, and that’s inside the System32 folder within the Windows folder. The default path is Windows > System32 on the system drive. The system drive is usually the C drive. If you find this file anywhere else, it’s possibly a virus. So be sure to scan it!
Checking COM Surrogate’s Legitimacy
As mentioned above, the COM surrogate you’re seeing in Task manager isn’t a specific application, it’s just a shell for another process. Since we can’t easily get insight into what’s actually running within a specific COM surrogate process, the only real way to check for suspicious behavior is by using an antivirus program.
Of course, you should run your antivirus program at regular intervals anyway, but if you see a COM surrogate that is using up a lot of resources or causes system instability, that may be one explanation.
Then again, the COM surrogate process in question may just be buggy, rather than malicious. If you’ve saved all your documents, you can try forcibly ending a given COM surrogate process to figure out what it’s doing. Whatever crashes or hangs directly after killing the process is probably the associated program. Once you’ve got the most likely culprit identified, you’ll want to reboot your computer.
Fixing COM Surrogate Errors
COM surrogate errors happen from time to time and are probably the most common reason people search for the name of the process in the first place. The error “COM surrogate has stopped working” may seem cryptic at first. Now that you know what COM surrogate does, it’s obvious that the process is actually doing its job.
COM surrogate is meant to protect program extensions from crashing the main process they extend, so the cause of this error can be traced back to whatever COM module was running within the surrogate.
There’s no easy way to know which COM it was, since the surrogate itself masks the specific COM inside it. There are several likely suspects:
- Third-party video codecs are out of date. If you have any, either remove them or update them.
- Your antivirus program may be interfering with the COM surrogate. Disable it temporarily. If that does seem to be the problem, switch to a different antivirus or try updating yours to the latest version if applicable.
- Check your disk for errors using a utility such as CHKDSK.
- Check system files for corruption with the System File Checker.
- Roll back recent driver updates or update display and printer drivers in particular. Try both the standard manufacturer GPU driver and the OEM version, if that applies to your computer.
If you do want to know how to diagnose exactly which COM is running within the surrogate, there’s a more technical solution.
Checking Inside a COM Surrogate Process With Process Explorer
Microsoft has an optional utility known as Process Explorer. It’s useful for a variety of things. For example, if you’ve been told you can delete a folder because a program has it open, you can use Process Explorer to see which program that is and force it to close without having to restart the entire computer.
Simply download and run Process Explorer and you’ll see a Window like this:
Remember that COM Surrogate is actually called dllhost.exe. So look for that and hover the mouse pointer over the entry. In the little popup, you’ll see which DLL file is being hosted. Usually this gives you enough information to know which program is connected to it. If it’s not obvious from the DLL name, you can Google it for a more definite answer.
COM On Over for a Party
To recap, you now know what COMs are, what a COM surrogate does, how to fix the most common issues and how to figure out which COM you’re dealing with. Which, hopefully, has cleared your COM-related problems up for good.