Should I clean *.vshost.exe and *.vshost.exe.config from release directories?

Question

I have found a number of vshost files in production deployment folders. I know what these are for and that they don't belong here. My question is, do they do any harm? Is it worth me spending the time checking all of the deployment folders for 100+ applications to make sure that they are removed, or is this a waste of time?

I would have to change a fair number of deployment scripts as well.

They were included in deployment build scripts by developers who, thankfully are long gone. I know they are not meant to be there. What I want to know is whether there is any danger in leaving them there.

Answer 1

They should not be in production deployment folders in the first place. They should only be run by Visual Studio (from the development folders). How did they get deployed anyway?

They set up a partial trust environment for debugging. See here for more about what they do. I don't see any big danger in them staying in the deployment folders.

Answer 2

They don't do any harm sitting there, and are pretty much useless to any average user.

However, it is possible that they could be used to increase the attack surface of your application - for example, if a permission escalation exploit is found in the vshost files, you probably don't want to be the person responsible for deploying those to your customers.

Answer 3

Uncheck the 'Enable Visual Studio hosting process' from Project Properties - > Debug tab. as there is no harm but if you dont want it then do as stated above. Generally it sits with debug build...