Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Users might experience few discrepancies in Search results. We are working on this on our side. We apologize for the inconvenience it may have caused.
New Member

CSA explorer.exe

I'm allowing explorer.exe to read or write to any DLL or OCX files. I did this after I saw explorer.exe was trying to access various .exe's & dll's in different locations. Is the allow action okay or is it a vulnerability?

Here are a few sample logs after I allowed this action:

The process 'C:\WINNT\explorer.exe' (as user lcaster\lcaster) attempted to access 'C:\Novell\GroupWise\GWNFY1US.DLL'. The attempted access was a read (operation = OPEN/READ). The operation was allowed.

The process 'C:\WINNT\explorer.exe' (as user xp_machine_warehouse\rak) attempted to access 'C:\WINNT\system32\shell32.dll'. The attempted access was a read (operation = OPEN/READ). The operation was allowed.

The process 'C:\WINDOWS\explorer.exe' (as user JOHN\john) attempted to access 'C:\WINDOWS\system32\MFC42.DLL'. The attempted access was a read (operation = OPEN/READ). The operation was allowed.

1 REPLY
Blue

Re: CSA explorer.exe

Yes it's OK, this is normal behavior. You'll get those messages because Windows explorer.exe is the user shell (note the 2nd message) so it is involved in just about everything a user does.

Try closing explorer.exe in task manager sometime and see what happens. Basically the user interface goes away.

Tom S

96
Views
4
Helpful
1
Replies
CreatePlease to create content