Browseui.dll is a component of Windows; it resides in c:\Windows\System32…
It is an Approved Shell Extension. As such, it may interact with browser, the Windows shell, and various applications regarding:
Most Recently Used
And the list probably goes on and on, but that should give you an idea. It exists, and is part of Windows.
Now as to why you’re seeing these alerts that are sending your WTFometer thru the roof…
This is a “behind the scenes” activity that the user is not normally aware of, but is quite normal. The downside is that because it is so normal, some malware utilize the same type of interprocess communication to hijack a computer, gain internet access, etc.
CFP does not distinguish between “good” and “bad” other than by use of its encrypted safelist (which at present is not all that large; it will very large once v3 goes final release); if both applications/components are on that safelist (and you have not disabled the safelist) then you should not see these alerts (no, I don’t know what’s there).
That said, if either application (or both) are not on the safelist, CFP simply notifies the user that an action has occurred which is similar to that used by malware. If you know and trust the application, it is safe to Allow w/Remember and you should not see that specific combination alert again. If you do not know and trust the application, you Deny and start looking for what it is…
If you Deny or Allow without Remember, this will be for the current session/instance only. A Deny will block both applications (which could also mean your browser) for that session, as CFP presumes your system to be compromised if you are Denying the alert (typically, restarting the “innocent” application - such as the browser - will clear the memory).
Please note that these alerts do not necessarily mean the “offending” application (ie, browseui.dll) is actually connecting to the internet. They only mean that the application is communicating with another application, where the 2nd application is connected to the internet; this could give access to the 1st application, if its intent were malicious.
Hope that makes sense, and helps reduce your WTFometer level…