In this article, I’ll share my experience with the functioning of explorer.exe, and introduce the common features of the explorer.exe based programs developed by me. (Windows 11 is currently not supported!)
The explorer.exe process performs various tasks, e.g. Windows shell, File Explorer, etc. These tasks might as well be performed by individual processes. They were probably incorporated into a single combined process due to compatibility reasons.
The operating system generally runs only one explorer process. Sometimes this is not the case though. No explorer process is running:
- The user has manually ended the explorer process, e.g. Task Manager - End task (not Restart).
- At registry AutoRestartShell, the automatic restart of the explorer process is disabled.
Multiple explorer (or similarly looking) processes can be created in several ways. The following list contains the most common cases whose combination is also frequent:
- Due to system settings, Microsoft File Explorer starts as a new process.
- Some software starts a File Explorer as a new process.
- The 2nd case includes a start explorer process (which stops after the final explorer process is created).
- A process related to a File Explorer window with an individual explorer process can still be present for a short time (up to 1 minute).
- There is a fake explorer process which pretends to be an explorer process.
The explorer.exe process can only be launched directly if the system runs no explorer process upon startup. The launched explorer.exe starts another final explorer.exe process configured by the system. Then the originally launched explorer process stops. The cases detailed above and explorer processes can be monitored with the Restart and Monitor explorer.exe software.
Restart and Monitor explorer.exe
By default, explorer.exe can be accessed in the following location:
c:\Windows\explorer.exe. In case of a 64-bit system, the location might be
c:\Windows\SysWOW64\explorer.exe. Any other location is most likely a fake process.
The process command line parameter indicates the function of the given explorer process. So an explorer process is valid if the given process.exe has a valid access path. In case of a valid explorer process, the function of the given process can be determined based on the command line parameter: System explorer process or File Explorer explorer process.
