Actually, explorer.exe is the program "that controls lots of things including the graphical shell and start menu and desktop and file manager." It will run a multiple process instances of it as you open multiple windows etc... You can kill the process process and the computer will not shut down. If you kill the process handling the GUI, it will just die and then in most cases restart the process, sometimes you have to launch it again through task manager.
That being said, we are talking about %systemroot%\explorer.exe, correct? An one could create an execuatable called explorer.exe in a different folder. This would surprise in the case of malware, as it's author was trying to avoid detection by the those looking the running processes. Seen this many times before. Brady McClenon Administrative Computer Services State University College at Oneonta Oneonta, NY 13820 (607) 436-3203 > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Murda Mcloud > Sent: Thursday, December 14, 2006 5:39 PM > To: [EMAIL PROTECTED]; [email protected] > Subject: RE: Is explorer.exe (XP) a high risk process > > There could be a joke here from linux or /. users about how > if you have explorer.exe running then your machine is > infected with Windows(TM). > Explorer.exe is the windows process that controls lots of > things including the graphical shell and start menu and > desktop and file manager. > If you stop it your machine tends to want to shut down. Well, > if you shut all instances of it. > > It is essential. Are you sure the process was spelt > explorer.exe and not some bastardized version of such? > > I can imagine lots of viruses would target it because of how > important it is. > The slowdown could well be to do with it being damaged or > with some other weird seemingly unrelated problem needing to > be fixed-ie drivers. I remember once, (at band camp) fixing > two machines which had driver issues(yellow exclamation marks > in device manager). Reinstall of the drivers fixed the > browsing problem. > > However, sometimes you'll get browsing issues if mapped > drives are not available or if SMB signing is not setup > correctly(see the earlier question I posted here). > How did you work out that viruses are targeting this process? > When you say local drive-do you mean a partition? > > > > > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of > [EMAIL PROTECTED] > Sent: Thursday, December 14, 2006 11:51 PM > To: [email protected] > Subject: Is explorer.exe (XP) a high risk process > > Quick questions for the IT security community. We have a 2000 > workstation being centrally managed by McAfee ePO. All of > those stations are being scanned / protected based on a > single predefined policy. In that policy we have a list of > highrisk processes which we want to ensure are clean and some > we want to block instantly from running. One of those > processes is explorer.exe . Alot of viruses are targeting > thise process therefore we wanted to eleviate our level of > pretection by doing so. But for 2 individuals it is causing a > considerable slowdown when accessing local drive where large > zip and iso files reside. Of course our first recommendation > was to move those files on a network share but to back this > recommendation I wanted to get your opinion of our strategy. > Should explorer.exe be considered a highrisk process or not?? > thank you > > -------------------------------------------------------------- > ------------- > -------------------------------------------------------------- > ------------- > > > > > -------------------------------------------------------------- > ------------- > -------------------------------------------------------------- > ------------- > > --------------------------------------------------------------------------- ---------------------------------------------------------------------------
