Windows 7 - COM Surrogate

Asked By mfs

23-Mar-07 01:47 PM

What is COM Surrogate?  I am using Zone Alarm firewall and I am being asked
if I want to allow COM Surrogate to acces the internet.  What is it and what
do I need it for?

Thanks

23-Mar-07 04:23 PM

COM dll's cannot be loaded directly.  They have to be called loaded by an
executable program.  the COM surrogate, dllhost.exe, allows COM objects to
be built in a dll and then exposed by dllhost.exe.  There are serious risks
in doing this and Microsoft should abandon the practice immediately.  I
really had hoped they would, given their stated interests in improving
security with Windows Vista.  When you allow access through your firewall to
dllhost.exe, you open your firewall to every single dllhost.exe instance in
your PC:

http://blogs.msdn.com/robgruen/archive/2004/08/18/216685.aspx

Dllhost, rundll32, and svchost are three system applications that, while
having legitimate system uses, can all be used to hide the process that is
really running on your PC.  They each host DLLs, allowing the DLLs to be run
as applications.  But when you use TaskManager to view running applications,
the actual DLL's running are not listed, only the hosts are listed.  Each of
them fail to display the real name or file location of the processes that
they hide.  And the risks outlined in the link above apply equally to
runndll32, svchost, and dllhost, though the article only refers to dllhost.

While there are tools by which you can determine what applications these
three hosts are hiding from you, those tools are generally considered
advanced tools.  That means that, for most users, all three of those hosts
are effective means of hiding programs.

Like I said, I wish Microsoft would drop all three of these tools
immediately.  There is no reason for an application to be built in a DLL
rather than in a real executable.


Dale

23-Mar-07 04:51 PM

Thank you so much!

14-Apr-07 04:18 PM

ok so should we allow it or not
do we need it or not and if so what do we need it for
faith

14-Apr-07 05:07 PM

Oh, definitely not, put it in the trash can.
Who comes up with this rubbish ? Sheesh.

Neil
------------------------------------------------
Digital Media MVP : 2004-2007
http://mvp.support.microsoft.com/mvpfaqs

14-Apr-07 09:16 PM

Unfortunately, you need it.  There are features in Windows that will break
if you delete it.  Do not throw it in the trash can.

But... Do not allow it to access the Internet through your firewall.  If you
have a program that requires it and then won't run after blocking it from
your firewall,  then replace the program.  Allowing Internet access to a
program like that, just as the MSDN blog article I referenced in my first
post states, is a serious security risk.

Just in case you missed it:

http://blogs.msdn.com/robgruen/archive/2004/08/18/216685.aspx

Dale

19-Jun-07 04:31 PM

Dale,

You helped me with another question in the past and I'm hoping you can help
again. My COM Surrogate error is not (at least I don't think it is) asking to
access the internet. About 3/4 of the time when I click on a video clip from
a web site that uses Media Player, after the clip I get the message "COM
Surrogate has encountered a problem and needs to close." Is this the same
problem that MFSI & Faith are talking about? Can you tell me how to stop this
from happening? I have XP and Media Player is version 11.0.5721.5145. Thanks
for your help
--
JLV412

19-Jun-07 05:36 PM

Are you using Nero with Vista?  If so, try uninstalling everything Nero for a
test.  If that solves the problem, get the latest version of Nero from their
website.

Dale
--
Dale Preston
MCAD C#
MCSE, MCDBA

19-Jun-07 05:45 PM

I have XP, not Vista and I do not have Nero and never had it on this computer.
The computer is 13 months old but the problem just started about a month ago.
--
JLV412

19-Jun-07 06:15 PM

Well, you have a much more challenging struggle ahead then that may take some
help from a local guru or high quality shop.  You can start with
http://www.microsoft.com/technet/sysinternals/ProcessesAndThreads/ProcessExplorer.mspx.
If you're lucky, you'll be able to figure out what program or process is
running the instance of the COM surrogate that is crashing.

You may also find some hints in your event log.  Right-click My Computer and
choose Manage from the menu.  Check the event log there right after the
problem occurs.

Dale
--
Dale Preston
MCAD C#
MCSE, MCDBA

19-Jun-07 06:23 PM

Thanks for trying. I will check that link you sent.
--
JLV412

26-Jun-07 12:53 PM

What is the crash information for that-
http://zachd.com/pss/pss.html#bucket
will help you look that up if you don't know how.

--
Speaking for myself only.
See http://zachd.com/pss/pss.html for some helpful WMP info.
This posting is provided "AS IS" with no warranties, and confers no rights.
--

26-Jun-07 02:04 PM

I didn't see my error on the web page you referenced. My warning displays
after I view a video. The message is "COM Surrogate has encountered a problem
and needs to close." It happens most but not all of the time and I have to
decide to send a report or not. It's not a terrible inconvienence but enough
to be annoying. I appreciate any direction you can provide. Thanks John
--
JLV412

26-Jun-07 02:10 PM

I could not find my warning on the web page you recommended. The message
displays after I view a video. It says "COM Surrogate has encountered a
problem and needs to close." It doesn't happen every time but enough times to
be annoying. Any direction you can provide would be appreciated. I have WM
version 11. I tried uninstalling it and reinstalling which I saw on your link
that that procedure does nothing and is not recommended and I can now concur
with that statement. Thanks for trying to help. John
--
JLV412

26-Jun-07 11:52 PM

Your warning isn't on the web page.  The web page I referred you to simply
points you to get the fault information from your Problem Reports and
Solutions center on your PC.  What's that data?

--
Speaking for myself only.
See http://zachd.com/pss/pss.html for some helpful WMP info.
This posting is provided "AS IS" with no warranties, and confers no rights.
--