×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

CSA explorer.exe

Unanswered Question
Oct 25th, 2006
User Badges:

I'm allowing explorer.exe to read or write to any DLL or OCX files. I did this after I saw explorer.exe was trying to access various .exe's & dll's in different locations. Is the allow action okay or is it a vulnerability?


Here are a few sample logs after I allowed this action:


The process 'C:\WINNT\explorer.exe' (as user lcaster\lcaster) attempted to access 'C:\Novell\GroupWise\GWNFY1US.DLL'. The attempted access was a read (operation = OPEN/READ). The operation was allowed.


The process 'C:\WINNT\explorer.exe' (as user xp_machine_warehouse\rak) attempted to access 'C:\WINNT\system32\shell32.dll'. The attempted access was a read (operation = OPEN/READ). The operation was allowed.


The process 'C:\WINDOWS\explorer.exe' (as user JOHN\john) attempted to access 'C:\WINDOWS\system32\MFC42.DLL'. The attempted access was a read (operation = OPEN/READ). The operation was allowed.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Loading.
tsteger1 Thu, 10/26/2006 - 08:23
User Badges:
  • Red, 2250 points or more

Yes it's OK, this is normal behavior. You'll get those messages because Windows explorer.exe is the user shell (note the 2nd message) so it is involved in just about everything a user does.


Try closing explorer.exe in task manager sometime and see what happens. Basically the user interface goes away.


Tom S

Actions

This Discussion