Of course u should consider explorer.exe a high risk process. Not only viruses attack it but rootkits also. They modify the existing explorer.exe.
See also, http://www.security.nnov.ru/docs4852.html http://securitydot.net/vuln/exploits/vulnerabilities/articles/17949/vuln.htm l -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Thursday, December 14, 2006 7:21 PM To: [email protected] Subject: Is explorer.exe (XP) a high risk process Quick questions for the IT security community. We have a 2000 workstation being centrally managed by McAfee ePO. All of those stations are being scanned / protected based on a single predefined policy. In that policy we have a list of highrisk processes which we want to ensure are clean and some we want to block instantly from running. One of those processes is explorer.exe . Alot of viruses are targeting thise process therefore we wanted to eleviate our level of pretection by doing so. But for 2 individuals it is causing a considerable slowdown when accessing local drive where large zip and iso files reside. Of course our first recommendation was to move those files on a network share but to back this recommendation I wanted to get your opinion of our strategy. Should explorer.exe be considered a highrisk process or not?? thank you --------------------------------------------------------------------------- --------------------------------------------------------------------------- --------------------------------------------------------------------------- ---------------------------------------------------------------------------
