You are right thinking that explorer.exe is a risky process, there are
several viruses that affect or inject code to the Windows shell ensuring
that always de malware will be running on the affected systems. But, I
think of the access slow down on zip or iso files are caused by the AV
software. You should ensure maximum setting of "compressed files"
related configuration, such as "maximum decompress ratio" or "maximum
decompress files count"
Regards,
Maximiliano Cittadini
Team Leader Servicios Enterprise
Trend Argentina
Talcahuano 758 planta baja oficina A
Tel: 4370-6000 / 4371-8036
Fax: 4373-8950
-----Original Message-----
From: listbounce@securityfocus.com [mailto:listbounce@securityfocus.com]
On Behalf Of sergelessard76@hotmail.com
Sent: Jueves, 14 de Diciembre de 2006 10:51 a.m.
To: focus-ms@securityfocus.com
Subject: Is explorer.exe (XP) a high risk process
Quick questions for the IT security community. We have a 2000
workstation being centrally managed by McAfee ePO. All of those stations
are being scanned / protected based on a single predefined policy. In
that policy we have a list of highrisk processes which we want to ensure
are clean and some we want to block instantly from running. One of those
processes is explorer.exe . Alot of viruses are targeting thise process
therefore we wanted to eleviate our level of pretection by doing so. But
for 2 individuals it is causing a considerable slowdown when accessing
local drive where large zip and iso files reside. Of course our first
recommendation was to move those files on a network share but to back
this recommendation I wanted to get your opinion of our strategy. Should
explorer.exe be considered a highrisk process or not?? thank you
------------------------------------------------------------------------
---
------------------------------------------------------------------------
---
---------------------------------------------------------------------------
---------------------------------------------------------------------------
