There could be a joke here from linux or /. users about how if you have explorer.exe running then your machine is infected with Windows(TM). Explorer.exe is the windows process that controls lots of things including the graphical shell and start menu and desktop and file manager. If you stop it your machine tends to want to shut down. Well, if you shut all instances of it.
It is essential. Are you sure the process was spelt explorer.exe and not some bastardized version of such? I can imagine lots of viruses would target it because of how important it is. The slowdown could well be to do with it being damaged or with some other weird seemingly unrelated problem needing to be fixed-ie drivers. I remember once, (at band camp) fixing two machines which had driver issues(yellow exclamation marks in device manager). Reinstall of the drivers fixed the browsing problem. However, sometimes you'll get browsing issues if mapped drives are not available or if SMB signing is not setup correctly(see the earlier question I posted here). How did you work out that viruses are targeting this process? When you say local drive-do you mean a partition? -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Thursday, December 14, 2006 11:51 PM To: [email protected] Subject: Is explorer.exe (XP) a high risk process Quick questions for the IT security community. We have a 2000 workstation being centrally managed by McAfee ePO. All of those stations are being scanned / protected based on a single predefined policy. In that policy we have a list of highrisk processes which we want to ensure are clean and some we want to block instantly from running. One of those processes is explorer.exe . Alot of viruses are targeting thise process therefore we wanted to eleviate our level of pretection by doing so. But for 2 individuals it is causing a considerable slowdown when accessing local drive where large zip and iso files reside. Of course our first recommendation was to move those files on a network share but to back this recommendation I wanted to get your opinion of our strategy. Should explorer.exe be considered a highrisk process or not?? thank you --------------------------------------------------------------------------- --------------------------------------------------------------------------- --------------------------------------------------------------------------- ---------------------------------------------------------------------------
