CSRSS.EXE terminating CIS. Is it safe?


Is it really safe to add “csrss.exe” as an exception at D+, Computer Security Policy–>CIS–>Application System Activity Control–>Protection Settings–>Process Terminations? (allowing “csrss.exe” to terminate CIS?)

If I don’t create this exception, logviewer shows a new entry everytime I shutdown my PC, and, without this rule created, shutdown procedure slows-down a little bit (not enough to bother).


Make sure it is the legit Windows file and not a trojan going by the same name. The legit file: csrss.exe Windows process - What is it? .

That’s not enough information.
Can you show me ‘hijackthis’ log?
And your CIS setting.(firewall, D+)

1.If it tries to kill CIS, CIS might be corrupted.-reinstall CIS.(clean install)
2.one of Aimbot worm.

Just created a thread and then :smiley: I came by this one :smiley:

Hi AeoniAn

csrss.exe, if it’s the legitimate Microsoft version it’s a critical system file and one of it’s functions is to control the shut-down of the GUI, it also interacts with many of the user mode functions that are in turn passed to kernel mode components.

if you are satisfied this is the real deal, then it should be given whatever rights it requires

Thanks for all of you guys.

I did a previous check before posting, csrss in question is the legit one and my machine is clean.
Maybe I didn’t ask in the right way.
I was thinking about some nasty malware or other bacteria using the rights of csrss to terminate CIS while in normal use (not at shutdown procedure).
Reading your answers, I see that it is ok to give the permission (to have clean shutdown).
If some nasty attempts to access csrss (or use its rights) I will be prompted, anyway.

Thanks. :-TU