You are right thinking that explorer.exe is a risky process, there are several viruses that affect or inject code to the Windows shell ensuring that always de malware will be running on the affected systems. But, I think of the access slow down on zip or iso files are caused by the AV software. You should ensure maximum setting of "compressed files" related configuration, such as "maximum decompress ratio" or "maximum decompress files count"
Regards, Maximiliano Cittadini Team Leader Servicios Enterprise Trend Argentina Talcahuano 758 planta baja oficina A Tel: 4370-6000 / 4371-8036 Fax: 4373-8950 -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Jueves, 14 de Diciembre de 2006 10:51 a.m. To: [email protected] Subject: Is explorer.exe (XP) a high risk process Quick questions for the IT security community. We have a 2000 workstation being centrally managed by McAfee ePO. All of those stations are being scanned / protected based on a single predefined policy. In that policy we have a list of highrisk processes which we want to ensure are clean and some we want to block instantly from running. One of those processes is explorer.exe . Alot of viruses are targeting thise process therefore we wanted to eleviate our level of pretection by doing so. But for 2 individuals it is causing a considerable slowdown when accessing local drive where large zip and iso files reside. Of course our first recommendation was to move those files on a network share but to back this recommendation I wanted to get your opinion of our strategy. Should explorer.exe be considered a highrisk process or not?? thank you ------------------------------------------------------------------------ --- ------------------------------------------------------------------------ --- --------------------------------------------------------------------------- ---------------------------------------------------------------------------
