"WSHost.exe" Process on Windows 8

Q

What is the "WSHost.exe" process on windows 8? Is the "WSHost.exe" process a virus? Can I terminate the "WSHost.exe" process?

✍: FYIcenter.com

A

"WSHost.exe" process represents "COM Surrogate" program.

"WSHost.exe" process is normally running under the parent process "Boot" as shown in the process tree below:

Boot
   WSHost

On the Processes tab of "Task Manager", "WSHost.exe" process may be listed as:

Image Name                 Memory   Description
--------------------   ----------   -----------
WSHost.exe               10,592 K   COM Surrogate

Additional information about "WSHost.exe" process:

Command line:
   C:\Windows\WinStore\WSHost.exe -Embedding

Programe file information:
   Name: WSHost.exe
   Location: C:\Windows\WinStore\WSHost.exe
   Description: COM Surrogate
   Version: 6.2.9200.16384 (win8_rtm.120725-1247)
   Size: 26776 bytes
   Last modified: 7/26/2012 12:46:56 AM
   Company Name: Microsoft Corporation
   
Some data files used:
C:\Windows\System32
C:\Users\fyi\AppData\Local\Temp\winstore.log
C:\Windows\System32\en-US\esrb.rs.mui
C:\Users\fyi\AppData\Local\Microsoft\Windows\WindowsUpdate.log

Some registry keys used:
HKLM\SYSTEM\ControlSet001\Control\Nls\Sorting\Versions
HKLM\SYSTEM\ControlSet001\Control\SESSION MANAGER
HKLM\SOFTWARE\MICROSOFT\WindowsRuntime\CLSID
HKCR\ActivatableClasses\CLSID
HKLM\SYSTEM\ControlSet001\Control\Nls\Sorting\Ids
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer
HKLM\SOFTWARE\MICROSOFT\WindowsRuntime\ActivatableClassId

Some DLL libraries used:
C:\Windows\SYSTEM32\ntdll.dll
C:\Windows\system32\KERNEL32.DLL
C:\Windows\system32\KERNELBASE.dll
C:\Windows\system32\USER32.dll
C:\Windows\system32\msvcrt.dll
C:\Windows\SYSTEM32\combase.dll
C:\Windows\SYSTEM32\shcore.dll
C:\Windows\system32\GDI32.dll
C:\Windows\system32\RPCRT4.dll
C:\Windows\system32\IMM32.DLL

"WSHost.exe" process is not a virus. You should not terminate "WSHost.exe" process.

 

System Processes on Windows 8

⇒⇒Windows 8 Processes Tutorials

2017-01-05, 333👍, 0💬