We recently had a virus outbreak that was causing superhidden to be enacted, causing a vast number of files to "disappear" We set a rule at the advice of mcafee support to block registry writing. I am getting many threat events where Explorer.exe is blocked from writing to the registry. Would it be wise to add Explorer.exe to the exluded processes list or would that simply invite viruses to change the registry?
Again, to simplify. can Explorer.exe be "hijacked" by viruses to cause problems?
Just ignore the rules. Filter them with reports if you need. Consdier that Explorer.exe is effectively the user doing something. I would not exclude it.
Also, you can and should purge Access Protection rules after a month or so anyways. They have no value after a couple weeks.