Two running versions of IE8 in Sandbox

Probably a very stupid question…

I’m trying to learn what ‘normal’ behaviour should look like in Defense+. (Running CIS 5 Firewall and Defense+ both in Safe Mode on Windows 7 x64, with CIS’s Proactive Security configuration).

Noticed IE8 32 bit showed up as two running services in ProcExplorer etc, so I sandboxed it to learn more.

Active Process List (Sandboxed) picked up the second IE8 PID version (see attached)

In Defense+ Events found flagged events for IE8 including keyboard access (see attached). Never had this amount of info before so no idea if it is normal!

CIS 5 Help says: "A ‘Defense+ Event’ is triggered whenever an application makes an attempt to access memory, other programs, the registry etc. that contravenes your Computer Security Policy. "

Is IE8 being a very naughty boy or are these flagged events just because I sandboxed it?

I guess my question is… are two running versions of IE8 normal with one browser tab open? It’s the same 32 bit version from the (x86) program folder.

Edit PS: Command paths for both processes are:

“C:\Program Files (x86)\Internet Explorer\iexplore.exe”
“C:\Program Files (x86)\Internet Explorer\iexplore.exe” SCODEF:2672 CREDAT:71937

Love to know what all that “SCODEF” stuff means just for knowledge…

[attachment deleted by admin]

Just found this msdn blog link

Opened a whole new world of knowledge for me. Sorry to have cluttered up your nice forum. :embarassed:

No prob. There may be other users who learn from this as well. :slight_smile: