Re: Why is Win Explorer accessing the Net?

From: David (
Date: 12/18/03

Date: Thu, 18 Dec 2003 04:52:26 GMT

Windows explorer is much more than a simple file manager. It is the user
shell when you log into windows. It can be difficult to decide which
core windows programs to allow to access the internet especially since
the application controls of the different personal firewalls all work a
little differently. Other firewalls for example may not indicate such
activity if they are using a different scheme to control ICMP traffic or
  can "monitor" activity at the dll level. I would tend to use protocol
and port filtering for such diverse applications as explorer.exe and
svchost.exe since they perform multiple functions. I'm not familiar with
Sygate, but you should check to see what other filtering is available.
For example, explorer in regards to being a shell can oversee file
transfers via netbios over tcp/ip, ftp, and has some responsibility as
seen in your case in regards to ICMP traffic. If you are not in a LAN
where you need to browse the resources of other LAN machines,if you do
not do ftp transfers via the explorer shell, and if you have a DHCP
assigned internet gateway address and no internal routers using routing
protocols, then you could probably block explorer access in Sygate
without adverse affects. Personally I would probably hack the registry
as Lars has pointed out, and leave the Sygate settings for explorer in a
state of flux so that other activity would generate an alert. This way
you would be dealing with the specific alerts you received, and will not
block explorer from doing something else you may want it to do or allow
it to do things you may not want. The next thing it tries will generate
an alert which will either be for valid traffic or perhaps give you a
hint that something malicious has made its way onto your machine.

> My QUESTION to the newsgroup is should I allow Windows Explorer
> access to the Net in order for it to go to that IP address?
> --------
> These are my own thoughts:
> (a) On one hand, I can not see why a simple file manager like Windows
> Explorer would need to access the Net.
> (b) On the other hand, Windows Explorer is deeply embedded in Win XP
> and may need to perform all sorts of function on behamf of XP.
> I have had some problems in being over-hasty in blocking
> comunications from XP to the Net (for example blocking NTOSKRNL.EXE,
> --------
> Can someone who understands what is taking place please advise me if
> I should allow to permit permanent access for Windows Explorer to the
> Net?

Relevant Pages

  • Re: Running Explorer App without loading the Explorer Shell
    ... > cmd window revealed it started the explorer shell. ... > the command line again brought up windows explorer. ... >>> I provide a way for users to launch windows explorer using the custom shell. ... >>> it actually loads windows explorer, which is what I want to happen to begin ...
  • Re: WINDOWS Explorer
    ... The shell app is determined in the registry, by the "shell" string value in ... I don't think the explorer shell places much load on the system anyway. ... Windows Explorer, will Windows Explorer still be running in the background ...
    ... It was definately windows explorer where I got the DEP alert [i ... While I have your attention perhaps you could tell me why I have a browser ... It is really important to distinguish between Windows Explorer and Internet ... install it for use with Mozilla Firefox ...
    ... It is really important to distinguish between Windows Explorer and Internet ... Add-ons (Browser Helper Objects / Browser Extensions) that you may have ... install it for use with Mozilla Firefox ...
  • Re: Need collective brain power of the many
    ... there have now been over 200 people reporting very similar problems ... Windows Explorer (Recycle bin, folder shortcuts, control panel, ... Restore point or doing a Repair Install of Windows or reformatting ...