Explorer.exe is a high risk process. but if your problem is just with only 2 clients, my suggestion is isolate this 2 machines in epo directory (create a group), and create optimized policies for this 2 machines like, exclude some file extensions or some folders. You can create some alerts with alert manager to manage this clients and create tasks to scan this machines.
Optimized agent policies and block connection if machine are infected it can be a good idea too. Its only my suggestion. Sorry about my English ;-) Regards Charbel -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Thursday, December 14, 2006 7:21 PM To: [email protected] Subject: Is explorer.exe (XP) a high risk process Quick questions for the IT security community. We have a 2000 workstation being centrally managed by McAfee ePO. All of those stations are being scanned / protected based on a single predefined policy. In that policy we have a list of highrisk processes which we want to ensure are clean and some we want to block instantly from running. One of those processes is explorer.exe . Alot of viruses are targeting thise process therefore we wanted to eleviate our level of pretection by doing so. But for 2 individuals it is causing a considerable slowdown when accessing local drive where large zip and iso files reside. Of course our first recommendation was to move those files on a network share but to back this recommendation I wanted to get your opinion of our strategy. Should explorer.exe be considered a highrisk process or not?? thank you --------------------------------------------------------------------------- --------------------------------------------------------------------------- --------------------------------------------------------------------------- --------------------------------------------------------------------------- --------------------------------------------------------------------------- ---------------------------------------------------------------------------
