Outlook Express parent application has changed???

Forgive me for being a newbie but what could this alert possibly mean? I’ve looked but can’t seem to figure it out. Tell me not evidence of a hacker.

Thanks for responding. I really appreciate it.

Sorry one of the volunteers on this user forum hasn’t answered you within 24 hours, these being your first two posts and all. :wink:

What this alert means is that a different parent application is trying to start Outlook Express, compared to the parent that started it last time, when it was approved.

In plain english, when you double click on the Outlook Express shortcut on your desktop, you are actually telling EXPLORER.EXE (the shell program that you and I see as the Windows Desktop) to start the Outlook Express application. In this case, Outlook’s parent is EXPLORER.EXE, as it was the application that caused it to start.

Now, imagine we open Internet Explorer and went to a website. This website had a link we can click on to send them an email. If we click on this link, IEXPLORE.EXE (Internet Explorer) is being told to start Outlook Express and would be a different parent to the previous example.

Outlook Express can have more than one parent. As explained above, both EXPLORER.EXE and IEXPLORE.EXE are valid parents of Outlook Express, under the circumstances described above. All we would need to do is to click the “Remember” option and click ALLOW for each valid parent-to-executable alert.

In both of the above examples, it is fairly obvious, regardless of how much “newbieness” you have, what is going on. We double clicked the Outlook shortcut and the firewall was prompting about EXPLORER.EXE starting Outlook Express. In the second example, we clicked on a mail link on a web page and the firewall was prompting us about a different parent (IEXPLORE.EXE) for Outlook Express. Neither of these examples should too hard to work out.

Where it can get a bit trickier is when you get an alert that says (for example) QS23ESD.EXE is the new parent for Outlook Express and you weren’t doing anything even vaguely related to Outlook and have no idea what QS23ESD.EXE is. Something like this CAN indicate malware-like activity taking place and is one of the strongest reasons for using CFP as part of a layered security system on your PC.

Sometimes you have to read between the lines. Sometimes you may have to google to find out what QS23ESD.EXE is. Sometimes you may have to post a query here.

The trick is staying alert and not just clicking ALLOW - ALLOW - ALLOW - ALLOW - ALLOW - ALLOW to every pop-up you get. CFP will only display a pop-up when something has happened that contravenes one of the rules or has never taken place before.

Hope this helps,
Ewen :slight_smile:

edit : typos - ■■■■ you “s” key!

Panic gave you part of the answer where different programs start (are the parent of) another program. The message you gave in your first post indicates that the parent has changed. This can occur when an update has been made to a program that has previously been approved as a parent. Firewall prompts about changed applications often occur after the second Tuesday of the month when Microsoft releases their scheduled monthly updates.

Thanks Jim, I forgot to add that the firewall will also pop an alert if the cryptographic signature of the application changes (like after an update).

Cheers,
Ewen :slight_smile: