Is it really safe to add “csrss.exe” as an exception at D+, Computer Security Policy–>CIS–>Application System Activity Control–>Protection Settings–>Process Terminations? (allowing “csrss.exe” to terminate CIS?)
If I don’t create this exception, logviewer shows a new entry everytime I shutdown my PC, and, without this rule created, shutdown procedure slows-down a little bit (not enough to bother).
csrss.exe, if it’s the legitimate Microsoft version it’s a critical system file and one of it’s functions is to control the shut-down of the GUI, it also interacts with many of the user mode functions that are in turn passed to kernel mode components.
if you are satisfied this is the real deal, then it should be given whatever rights it requires
I did a previous check before posting, csrss in question is the legit one and my machine is clean.
Maybe I didn’t ask in the right way.
I was thinking about some nasty malware or other bacteria using the rights of csrss to terminate CIS while in normal use (not at shutdown procedure).
Reading your answers, I see that it is ok to give the permission (to have clean shutdown).
If some nasty attempts to access csrss (or use its rights) I will be prompted, anyway.