I am a little confused. If you 'block' explorer.exe Windows will not work. Is it "I"explore.exe that you are referring too?
I use ePO too; ~5000 machines. My guess is that that within your VirusScan "On-Access Default Processes Policies" You have: Scan Files When writing to disk [x] When reading from disk [x] Turn off when reading from disk. Having this enabled is a HUGE performance hit and if you have daily full system scans scheduled, it is not necessary. On 14 Dec 2006 13:50:54 -0000, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
Quick questions for the IT security community. We have a 2000 workstation being centrally managed by McAfee ePO. All of those stations are being scanned / protected based on a single predefined policy. In that policy we have a list of highrisk processes which we want to ensure are clean and some we want to block instantly from running. One of those processes is explorer.exe . Alot of viruses are targeting thise process therefore we wanted to eleviate our level of pretection by doing so. But for 2 individuals it is causing a considerable slowdown when accessing local drive where large zip and iso files reside. Of course our first recommendation was to move those files on a network share but to back this recommendation I wanted to get your opinion of our strategy. Should explorer.exe be considered a highrisk process or not?? thank you --------------------------------------------------------------------------- ---------------------------------------------------------------------------
--------------------------------------------------------------------------- ---------------------------------------------------------------------------
