你有没有注意到Windows 10任务管理器中的COM Surrogate进程?我正在浏览进程列表,并注意到其中两个在我的系统上运行。
了解任务管理器中的不同进程可能是一个相当大的挑战。我已经在svchost.ex e 上写了一篇详细的文章,这是一个托管不同Windows服务的进程。在任何给定时间,您的系统上都可以轻松运行 10 到 15 个。
在本文中,我将让您快速了解Windows 10中的(Windows 10)COM 代理(COM Surrogate),以及您是否需要担心它。
什么是 COM 代理?
COM Surrogate是其中一个你真的不知道它做了什么的过程。它没有自定义图标,并且没有提供太多关于它的功能的信息。
有时,同时运行多个COM 代理进程。(COM Surrogate)如果你去任务管理器,你通常会看到其中两个正在运行。
如果您右键单击其中一个并选择Go to Details,您将看到进程名称实际上是 dllhost.exe。您还会注意到该进程在您的用户名下运行,而不是在系统(System)或本地服务(Local Service)或网络服务( Network Servic)帐户下运行。
值得庆幸的是,COM Surrogate不是病毒(大多数情况下)。这是在后台运行的合法Windows 10进程。(Windows 10)之所以称为 dllhost,是因为该进程托管DLL文件。这可能没有意义,所以让我们更详细地解释一下。
基本上,Microsoft为开发人员创建了一个接口来创建名为COM Objects的程序的扩展。这也用于Windows 10中的某些程序。例如,Windows Explorer有一个COM对象,允许它为文件夹中的图像和视频创建缩略图。
然而,这些COM对象的一个大问题是它们会崩溃并导致Explorer进程也随之崩溃。这意味着如果COM(COM)对象因任何原因失败,您的整个系统都会崩溃。
为了解决这个问题,Microsoft提出了COM 代理(COM Surrogate)进程,该进程基本上在与请求它的进程不同的进程中运行COM对象。因此,在Explorer示例中,COM对象不会在 explorer.exe 进程中运行,而是在这个新创建的COM代理进程中运行。
现在,如果COM对象崩溃,它只会取出COM Surrogate进程,而Explorer将继续运行。很(Pretty)聪明,对吧?
实际上,如果你下载Process Explorer,你可以看到我上面提到的COM对象。(COM)
如果将鼠标悬停在 dllhost.exe 条目上,您可以看到COM类是Microsoft Thumbnail Cache,它是用于在Explorer中创建缩略图的扩展名。
COM 代理可以是病毒吗?
过去曾发生过木马和病毒通过将自身伪装成COM 代理(COM Surrogate)和其他Windows进程而隐藏在Windows操作系统中的实例。
如果您打开任务管理器,右键单击该进程并选择Open file location,您将能够找到该进程的源位置。
如果COM Surrogate进程导致C:\Windows\System3 2 文件夹中有一个名为“dllhost”的文件,则它不太可能是病毒。如果它导致其他地方,您应该立即运行病毒扫描。
通常,COM代理使用很少的内存和CPU,并且只有一两个实例在运行。如果有许多 dllhosts.exe 进程或进程占用超过 1% 到 2% 的CPU,我建议执行脱机病毒扫描,它可以更好地检测棘手的隐藏病毒。
希望(Hopefully)通读这篇文章能够教会您有关COM 代理(COM Surrogate)和Windows 10后台进程的一两件事。展望未来,您应该不再担心看到这样的进程在后台运行。
如果您仍有任何问题,请发表评论,我们会尽力提供帮助。享受!
What is COM Surrogate in Windows 10 and Is It a Virus?
Have you ever noticed the COM Surrogate process in the Windows 10 task manager? I was browsing through the list of processes and noticed two of them running on my system.
Understanding the different processes in task manager can be quite a challenge. I already wrote a detailed post on svchost.exe, which is a process that hosts different Windows services. There can easily be 10 to 15 of these running on your system at any given time.
In this article, I’ll give you a quick look at what COM Surrogate is in Windows 10 and whether you have to worry about it or not.
What is COM Surrogate?
COM Surrogate is one of those processes where you really have no idea of what it does by looking at it. It doesn’t have a custom icon and sits there without providing much information about what it does.
Sometimes, there are multiple COM Surrogate processes running at once. If you go to task manager, you’ll normally see two of them running.
If you right-click on either and choose Go to Details, you’ll see that the process name is actually dllhost.exe. You’ll also notice that the process runs under your username and not the System or Local Service or Network Service accounts.
Thankfully, COM Surrogate is not a virus (most of the time). It’s a legitimate Windows 10 process that runs in the background. It’s called dllhost because the process is hosting DLL files. That probably makes no sense, so let’s explain it in more detail.
Basically, Microsoft created an interface for developers to create extensions to programs called COM Objects. This is used for certain programs in Windows 10 also. For example, Windows Explorer has a COM object that allows it to create thumbnails for images and videos in a folder.
However, the big problem with these COM objects was that they would crash and bring the Explorer process down with it too. That meant your whole system would crash if a COM object failed for any reason.
To fix this issue, Microsoft came up with the COM Surrogate process that basically ran the COM object in a separate process than the one that requested it. So, in the Explorer example, the COM object would not run in the explorer.exe process, but instead in this newly created COM surrogate process.
Now, if the COM object crashed, it would only take out the COM Surrogate process and Explorer would continue running. Pretty smart, right?
Actually, if you download Process Explorer, you can see the COM object I am referring to above.
If you hover your mouse over the dllhost.exe entry, you can see the COM class is Microsoft Thumbnail Cache, which is the extension used to create the thumbnails in Explorer.
Can COM Surrogate Be a Virus?
There have been instances in the past where trojans and viruses have hidden in the Windows operating system by masking themselves as COM Surrogate and other Windows processes.
If you open task manager, right-click on the process and choose Open file location, you’ll be able to find the source location for the process.
If COM Surrogate process leads to a file called ‘dllhost’ in the C:\Windows\System32 folder, it’s unlikely to be a virus. If it leads elsewhere, you should run a virus scan immediately.
Usually, COM surrogate uses very little memory and CPU and there are only one or two instances of it running. If there are numerous dllhosts.exe processes or the process is eating up more than 1 to 2 percent of your CPU, I would suggest performing an offline virus scan, which can better detect tricky hidden viruses.
Hopefully, reading through this article has taught you a thing or two about COM Surrogate and Windows 10 background processes. Going forward, you should be less worried about seeing processes like this running in the background.
If you still have any questions, leave a comment and we’ll try to help. Enjoy!
