CIS & WinPatrol

Hey guys,
I wasn’t sure where to put this. But I have had CIS on my computer for a long time now, and I installed WinPatrol on my mothers computer quite a while ago and it works quie well as a startup control program, so now I installed it on mine along with CIS installed. Now there was a potential problem I think. After installing WinPatrol, Defence + popped up saying it had detected something happening with explorer.exe (unfortunatly I don’t rememeber exactly what it said) and it was going to disable explorer.exe or something along those lines. I have never heard any issue of WinPatrol being anything malicious but I do know that part of it’s functions is monitoring explorer.exe so it integrates with it. Now I’m not sure what might have happened if I had chosen to stop explorer.exe, but I’m quite sure it would have been serious as explorer.exe is the backbone of windows. I just believe this needs to be looked into. Maybe I am overblowing this but to me it seems quite important. Any thoughs or ideas?

If you would have blocked explorer, it would have locked you out of windows. (you would have needed to boot into Safe Mode to correct it).

It’s hard to tell what occurred without knowing the exact alert. CIS wouldn’t have blocked the real explorer.exe. The most it would have done is given an alert and it would have told you it was safe because it is on the COMODO safe list (assuming it was the legit windows explorer.exe) Is there anything in your logs?

Also, make sure explorer.exe is set to “Windows System Application” in Defense+ and you can safely set the Winpatrol executables as “Trusted Application”.

Well, this is definitely a legit version of windows as it is Windows 7 Beta that I downloaded from Microsoft. Is there so way I can find out if I somehow have a non legit explorer.exe running around on my comp? Because CIS isn’t showing it. Would another AV like Avast or Avira catch that? And last but not least, how would I go about making sure that explorer.exe is set to “Windows System Application”? I was looking around but couldn’t find where I could make sure of that. (CIS still needs a bit of GUI improovements).

Many ways:

D+ > View Active Processes. Right click explorer.exe and view full location. it should be in c:\windows
Or look in Task Manager, right click the explorer.exe process running and look at its details. It should say Microsoft. Or you could use something like Process Explorer

Like every other AV, only if it was in their database.

D+ > Advanced > Comp. Security Policy > Right click “explorer.exe”, edit, use predefined policy, windows system application. Apply.

New GUI on the way. :wink:

Well, all seems well. It’s all legit, and it is in fact a “Windows System Application”. Maybe I should uninstall WinPatrol and then see if it happens again. Sorry for wasting your time with this, but thanks so much for the help.

You can do that, but I’m sure everything is fine. :wink:

Your not wasting my time. Feel free to ask anything on the forums. We’re here to help. :slight_smile: