Explorer.exe is a high risk process. but if your problem is just with only 2
clients, my suggestion is isolate this 2 machines in epo directory (create a
group), and create optimized policies for this 2 machines like, exclude some
file extensions or some folders. You can create some alerts with alert
manager to manage this clients and create tasks to scan this machines.

Optimized agent policies and block connection if machine are infected it can
be a good idea too. 

Its only my suggestion. Sorry about my English ;-)


Regards

Charbel 

-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
Behalf Of [EMAIL PROTECTED]
Sent: Thursday, December 14, 2006 7:21 PM
To: [email protected]
Subject: Is explorer.exe (XP) a high risk process

Quick questions for the IT security community. We have a 2000 workstation
being centrally managed by McAfee ePO. All of those stations are being
scanned / protected based on a single predefined policy. In that policy we
have a list of highrisk processes which we want to ensure are clean and some
we want to block instantly from running. One of those processes is
explorer.exe . Alot of viruses are targeting thise process therefore we
wanted to eleviate our level of pretection by doing so. But for 2
individuals it is causing a considerable slowdown when accessing local drive
where large zip and iso files reside. Of course our first recommendation was
to move those files on a network share but to back this recommendation I
wanted to get your opinion of our strategy. Should explorer.exe be
considered a highrisk process or not?? thank you

---------------------------------------------------------------------------
---------------------------------------------------------------------------


---------------------------------------------------------------------------
---------------------------------------------------------------------------



---------------------------------------------------------------------------
---------------------------------------------------------------------------

Reply via email to