I've been trying to get answers to this for years. I think one of the primary uses is for preparing and deploying images. However, I found a video that shows how it is used to move images across a network also. This sounds dangerous to me, so I wanted to shut it down. Then I realized that the reason it activates on this system is that Comodo Programs Manager is invoking it for some reason. Think it has something to do with a feature that doesn't work any more in CPM.Should i whitehelist dismhost.exe?
If you can determine what invokes dismhost.exe, you can get to the bottom of why. Apart from image deployment, I believe it is also associated with various repair tasks in newer versions of Windows. It worries me having it blocked, so I have set it in Private Firewall to ask, and the I choose not to remember when I allow it to run. So far so good as it only runs when CPM opens.
Here you can see the video on YT about this process if you have an opportunity:
Seems to me something a hacker could use, but I would like to hear from someone who knows more about the process.