<cory@invalid.com> wrote

| Why does explorer.exe need an internet connection?
|
| I have it blocked for now.
|
| I'm using Win XP with AVS firewall.

It shouldn't. I've never allowed it and I'm not sure what
it may try to go out for. But Explorer is closely tied to
IE, so it gets complicated. Explorer.exe vs iexplore.exe.
Iexplore.exe might be called by other software if it's set
to be the default browser. (I like to set it as default and
then block it at the firewall, so that I never go online
accidentally by opening a webpage locally.)

You could try looking at where it's trying to go, if you
have firewall logs that list IP addresses. That might tell
you something. Also, anything running under Explorer as
a shell extension is in the Explorer process. So an Explorer
Bar, Property Page, Drop Handler, etc could be trying to
call out. There could even be a sleazy context menu
extension, installed without asking, that's trying to call
home. For instance, crap installed by Adobe to "Open
with Acrobat". A lot of programs will install that kind of
thing without asking.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Why does explorer.exe need an internet connection?

I have it blocked for now.

I'm using Win XP with AVS firewall.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Wed, 12 May 2021 12:13:03 -0400, Mayayana wrote:

It shouldn't. I've never allowed it and I'm not sure what
it may try to go out for.

It's very likely that the one which initiate the network request, would be a Shell Extension. Even more so if it's a third party one, which has its own built in auto-update feature.

But Explorer is closely tied to IE, so it gets complicated.

Not really. Explorer (i.e. explorer.exe) does not use any MSIE's embedded
web browser component. Only third party shell extensions would do that. And mind you that, XP isn't as nosy as Windows Vista+, or as sneaky as Windows
8+.

Iexplore.exe might be called by other software if it's set
to be the default browser.

The firewall would show a confirmation for iexplore.exe, instead of explorer.exe.

There could even be a sleazy context menu
extension, installed without asking, that's trying to call
home. For instance, crap installed by Adobe to "Open
with Acrobat". A lot of programs will install that kind of
thing without asking.

Very true. Users should at least expect that for any software. Otherwise,
they might end up getting something worse.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 12/05/2021 17:03, cory@invalid.com wrote:

Why does explorer.exe need an internet connection?

I have it blocked for now.

I'm using Win XP with AVS firewall.

So it can access your NAS?

--
Brian Gregory (in England).

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

| > It shouldn't. I've never allowed it and I'm not sure what
| > it may try to go out for.
|
| It's very likely that the one which initiate the network request, would be
a
| Shell Extension. Even more so if it's a third party one, which has its own
| built in auto-update feature.
|

Yes. That's what Explorer Bars, Drop Handlers, etc are.
They run in the Explorer process. So I would expect to see
Explorer trying to go online if a shell extension were making the
attempt. Though I've never checked that.
I thought I remembered Explorer trying to go out on my
system, in the past, but a check of my firewall settings shows
no setting for Explorer either way, indicating it's never attempted.

| > But Explorer is closely tied to IE, so it gets complicated.
|
| Not really. Explorer (i.e. explorer.exe) does not use any MSIE's embedded
| web browser component. Only third party shell extensions would do that.

There's no longer a browser window in folder windows, but
that's only one aspect. They're still deeply tied in XP. And as
you said, 3rd-party extensions change the picture.

I wrote my own Explorer Bar for folder windows and found that
it wasn't possible to not include IE. I just had to code it to
ignore IE. That is, the way it works is that your extension
gets notified of both IE and Explorer events. IE is also still
tied, nominally, into ShellFolderView. The browser window
is gone but the object model remains. And MS conflates IE
with networking functionality. So it's Explorer, but programmatically
it's often both. The naming is also confusing. I didn't want
to assume the OP knows the difference between iexplore
and explorer.

So can Explorer decide to go online of itself? I don't know
of a case where that would happen, but I wouldn't rule it out.
Personally I wouldn't allow either Explorer or IE to go online.
I love the power of IE and I love the Active Desktop tie-in,
but that rendered IE unsafe for online use.

There used to be debates about this in the VB group. People
were using functions like URLDownloadToFile and believed that
was not IE. But cookies will get saved in the Cookies folder!
Then people claimed those are "Windows" cookies, not IE
cookies. So even programmers didn't get the tie-in.

Until they finally came out with winhttp I was using straight
winsock to download files, in order to keep IE/Windows out
of it.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Thu, 13 May 2021 12:30:57 +0100, Brian Gregory <void-invalid-dead-dontuse@email.invalid> wrote:

On 12/05/2021 17:03, cory@invalid.com wrote:

Why does explorer.exe need an internet connection?

I have it blocked for now.

I'm using Win XP with AVS firewall.

So it can access your NAS?

No, I don't file share anything. I guess what you're saying could be
one reason for allowing explore.exe access to the network. I ain't a
tech. I just have an easy to use firewall to keep things from phoning
home. That's about it. But I do have my Win XP firewall still on and
keeping things from sneaking in. It doesn't seem to conflict with the
AVS firewall at all - so far. I was using the freebie Ashampoo
firewall for some months, but my machine would go bonkers every month
or so and I traced it's problems to the Ashampoo firewall. I don't use
one of those more (in)famous ones like Comodo because that dang thing
itself seems to be spyware according to articles I've read. Besides,
as I said, I just want simple to keep stuff from contacting Home.

Anyway, I also operate with a sandbox. The freebie Time Freeze. It
also helps to keep my machine safe. Anything gets snuck onto the C:
goes bye-bye with a reboot.

Thanks for answering with an actual 'answer'. I was beginning to
think that the sole reason for Usenet still being around was for the
jerks who simply want to argue all the time. : o)

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Thu, 13 May 2021 09:37:19 -0400, Mayayana wrote:

So can Explorer decide to go online of itself? I don't know
of a case where that would happen, but I wouldn't rule it out.
Personally I wouldn't allow either Explorer or IE to go online.
I love the power of IE and I love the Active Desktop tie-in,
but that rendered IE unsafe for online use.

There used to be debates about this in the VB group. People
were using functions like URLDownloadToFile and believed that
was not IE. But cookies will get saved in the Cookies folder!
Then people claimed those are "Windows" cookies, not IE
cookies. So even programmers didn't get the tie-in.

I forgot XP's Explorer still has Web View. THAT requires the embedded MSIE browser component. However, by default, none of Explorer's Web View HTMLs
has any reference to remote resource. But third party Shell Extension can
use their own HTML which has references to remote resource; or a malware has changed the setting to use HTMLs which use remote resource. So, this add
more possibilities to the root of the cause.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

"JJ" <jj4public@gmail.com> wrote

| I forgot XP's Explorer still has Web View. THAT requires the embedded MSIE
| browser component.

Actually, XP doesn't have the embedded IE window.
I think that ended with WinME. In that case the window
content actually was a webpage, with folders/files being
a listview component on the webpage. (Lots of fun. By
editing the folder.htt file I was able to have folders be
whatever I wanted, simply by coding HTML and script.)

But the tie-in continued. Shell extensions hook into both
IE and Explorer. The ShellFolderView object model is still there.
Both folders and IE instances show up as "InternetExplorer"
objects. You have to check the TypeName of the document
object to tell them apart. I assume that's for backward
compatibility. It may still work in Win10. The following lists
file names in open folders and address of open IE instances.
(Don't open a folder with a lot of files if you want to test it.)

'--------------- vbscript--------------------
Set Shl = CreateObject("Shell.Application")
Set Wins = Shl.windows

'On Error Resume Next

For Each Win in Wins
s = ""
Set SFV = Win.document 'ShellFolderView
SFVName = UCase(TypeName(SFV))
If InStr(SFVName, "SHELLFOLDERVIEW") > 0 Then
Set oFol = SFV.Folder 'ShellFolder
Set FIs = oFol.Items ' FIs is a FolderItems collection.
For Each FI in FIs ' FI is a FolderItem
'-- watch out for wordwrap here
s = s & FI.Name & " - " & FI.Size & " bytes" & " - Last Mod.:
" & FI.ModifyDate & vbCrLf
Next
Set FIs = Nothing
Set oFol = Nothing
Else
s = "IE instance: " & Win.LocationURL
End If
Set SFV = Nothing
MsgBox s
Next
Set Wins = Nothing
Set Shl = Nothing
'----------- end vbscript ----------------


| However, by default, none of Explorer's Web View HTMLs
| has any reference to remote resource.

I don't remember all that very well. Remember there were
"Channels"? You could choose to pin ad webpages on your
Desktop. Of course, no one ever did. :) But MS was trying
to provide at least the illusion that the desktop was on
the Internet. That was the era of keyboards with buttons
to get email.

| But third party Shell Extension can
| use their own HTML which has references to remote resource;

Yes. Shell extensions can do whatever they like. They're executables.
The main difference is that they're running under Explorer/IE and thus
get access to events and objects.

I hadn't thought of file sharing as a culprit, though, as
Brian mentioned. I've never enabled file sharing, but I guess
if you share files on your home network then Explorer might be
involved?

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)