should explorer.exe get access rights? (iexplorer.exe is IE)

(L)

as a general net user I am doing nothing but everyday basic stuff, email, news, blogs etc I use the administrator account

iexplorer.exe of course I push allow over the commodo firewall

how about explorer.exe should that access across comodo?

is it safe or exploitable?

I asked the same question months ago without a reply. There is no reason that I can see it being necessary, so I recommend to block it.

I usually click ALLOW but do not select to remember, so it is allowed or blocked on a per instance basis. There are times when you do want explorer.exe to access the internet (e.g. using Windows Explorer to browse an FTP site) and there are other times (OK, most of the time) that you don’t.

Hope this helps,
Ewen :slight_smile:

P.S. How do others handle explorer.exe accessing the internet? I’d be curious to see how do it.
e

There is little info on other uses of explorer.exe for net access other than being an IE browser clone, such as checking for digital certificates (re: post #11). This means zippity do da to me as I never have any use for it ;D. I even have an App Mon rule to block it.

AFAIK, I have never allowed explorer.exe to access the net as an application in and of itself. It has, of course, been the Parent for several, but I don’t think it’s ever tried to access on its own.

I don’t have a rule to block it, as it’s never offended me…

Just to throw a monkey wrench in the works, I have read on some security sites that “explorer.exe” is commonly used as a name for different malware, to try to fool the user…

LM

I can be a witness to that. Many moons ago I had spyware on my older pc and it showed signs of Windows Explorer connecting to the net everytime I searched for files. Sometimes it could just be Windows acting up and a few update patches here and there fixes it.

No, not unless you know for certain that you need it to connect.
some people claim that explorer.exe will phone home to Redmont every time
you use the search-function to do a local search. I havent bothered to verify
if it does it every time, the one time I performed a packet-capture and a search it did phone home.
But then, I generally don’t trust M$ and even block WMP from net-access.
Explorer.exe is also targeted by all kinds of ■■■■-ware .
For FTP I use a dedicated client ( FileZilla ) so I don’t need exploder.exe connecting to anything .

This is the #1 reason to have a firewall. To “see” what wants to connect.
I try to keep things simple on my machine. I never let ANY program decide to connect itself.
I also do not allow the windows to update itself. I retain full control over any connection.
Many times, things like winamp, or media player, or some other third party software tries to
connect even when I am not using it. The answer to that is simple…I clik “no” on Comodo when it asks me .
I always go by a basic rule:
If I am not using it, it has no business using my machine.
Be mindfull of updates. Be certain you know what the update is.
Example:
I have not allowed winamp to update due to the fact that the update was to include AOL usage.
I do not use AOL nor do I wish it on my system.
My winamp still works just fine with out the update.
Win updates are another spot of concern.
Most of the time, if you view what some of the updates are, you will realize that you do not need them. The only win updates that I would allow would be “critical” security updates.
Anything else to me is just not needed. Since my windows is working the way I want it to, there is no need to fix what is not broken.
Firewalls, like Comodo, make this a very easy problem to deal with.
You simply do not allow the connection, and then go about what you were doing.
(R)

“Anything else to me is just not needed. Since my windows is working the way I want it to, there is no need to fix what is not broken.
Firewalls, like Comodo, make this a very easy problem to deal with.
You simply do not allow the connection, and then go about what you were doing.”

Yahoo! a fellow (in)activist!

I block EVERYTHING I can. Especially if it is signed Microsoft or ACDSee! For those I open up my computer, make a tiny hole in the chip and put superglue inside so they can’t move.

Yes, explorer.exe does phone home when you search for files. It contacts sa.microsoft.com. The software responsible is what they call the “Personal Search Assistant”. Remember the white search box on win98 or 2000. It turned into a cute blue search box with XP and 2003… That is the culprit. Ostensibly to “Enhance your search experience” (MS talk for “make it harder to find things”), in its early days it may have sent back information, and the IP was recorded. Now, if you believe MS it only does that with Internet searches done from the Blue box. One journalist from the Register found an article where someone with an MSN account searched, and the PSA actually sent his email address unencrypted, with the search string he was using!

WTF!

If you want to know more use “personal search assistant” (with the quotes) and or “sa.microsoft.com”, in Google. But clear your cookies before you search if you use Gmail, otherwise Google will have a trace of your IP and your search string available that can easily be hooked back into your Gmail address so THEY know who you are and what you are looking for.

Hmm of course they wouldn’t do that would they? Errr…

My guess - MS had to back down on the original idea after a few nasty bits of PR, but maybe, just maybe, it isn’t that clear.
And it seems that if they want to then Google have another way to get the same information but stealthier? But they wouldn’t do that would they?

I have a block rule in AM, for all of the M$ apps installed on my PC. That includes all Office applications (I must install Open Office…), IE, WMP and Explorer.

The only MS service listed with any Internet access is svchost.exe and that’s only for ports 67 and 68.

Of course, as Little Mac pointed out, Explorer is set as a parent for a couple of apps, but with the explicit block rule, it shouldn’t be able to access the net…

Toggie

The poll at the top has left out the “Do you use explorer…” option…lol
Well, if you use ie as your browser, then you are gonna want to allow it to connect.
If you do not use ie, then the only reason I can think of for explorer to want to connect is to check
for system updates.
Since I am not a big fan of auto updates, (yes, I also check manually for comodo too), I generaly do
not allow a connection that I am not using. There simply is no reason to do so. :THNK

I still use iexplorer.exe for manual Windows Updates and other rare activities, but explorer.exe has absolutely no bearing on that; I’m still able to perform updates. Therefore we can safely agree and conclude explorer.exe is practically useless and should be blocked from having internet access.

http://en.wikipedia.org/wiki/Explorer.exe
http://www.auditmypc.com/process/explorer.asp

Ok, the above links explain what explorer.exe is suppose to be. Easy reading.
Understanding a little of what a file is helps you determine if it needs access rights.
In the case, I do agree that it does not. As the reader researches this process, he/she also learns
about trojans that mask themselves as explorer.exe. This of course would not be the correct file, but a dummy file that will access the net as a dialer, ad loader, ect.
The correct file is located in the win/sys area of the os. It really does not have a need to access the net. If you have one that is trying to gain access alot, I would suggest you do a scan on your system, look for trojans. Most of the research I have read says that the legitimate explorer.exe is needed for the stable operation of the windows desktop and should not be terminated. Remember, as a general rule the REAL file should be located in the win/sys folder.

Comodo Rocks!

How about a third option - sometimes…

As Panic said, there may be times when it’s necessary or needful, but these should be explicitly requested / approved on a per-instance basis.

I don’t know if I’d want to just lop it’s head off, (block always), but I’m just as sure I don’t want it to have absolutely un-hindered access to everything in the world.

Jim

Yeah, I can see the “sometimes” choice…lol.

I guess it is just knowing your system a little.
Sometimes programs you are using want to get on the net,
even if you are not.
An example of this:
I was using MS Word in the MS office suite. It was a simple .doc job for me,
just jotting down a few notes. I saved my file, and right after it saved,
MS Word tried to reach out to the net. I did not allow it, because it had nothing to do
with my activity. I did not ask for any updates, and as far as I know, I do not have the “auto” update
option active. While this was probably an innocent request, I did not need it. So I clicked deny
and went on with what I was doing.
Alot of legit programs do this, and with-out a firewall you probably would never know it.
Comodo is nice because it shows not just the request, but the parent program that made it.
IE might want to connect, but it was the parent program of MS Word that made the request.
It is just nice to have the choice. If you did not ask for it, then do not allow it.
Nice and simple (B)