Author Topic: Exclude On-Access scanner from monitoring a specific process  (Read 7708 times)

0 Members and 1 Guest are viewing this topic.

brettski1977

  • Guest
Exclude On-Access scanner from monitoring a specific process
« on: November 26, 2009, 02:16:43 PM »
I know that it's possible to get the On-Access scanner to ignore specific files etc, but is it possible to get it to ignore specific running processes. For instance, when ntbackup runs, it accesses every file on the drive and it seems that Avast therefore checks every file as well, slowing down the process.

Holling

  • Guest
Re: Exclude On-Access scanner from monitoring a specific process
« Reply #1 on: January 09, 2010, 08:17:35 PM »
I'm looking for this functionality too.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67197
Re: Exclude On-Access scanner from monitoring a specific process
« Reply #2 on: January 09, 2010, 08:59:07 PM »
I'm just thinking this will be a security hole...
The best things in life are free.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88854
  • No support PMs thanks
Re: Exclude On-Access scanner from monitoring a specific process
« Reply #3 on: January 09, 2010, 09:13:23 PM »
I know that it's possible to get the On-Access scanner to ignore specific files etc, but is it possible to get it to ignore specific running processes. For instance, when ntbackup runs, it accesses every file on the drive and it seems that Avast therefore checks every file as well, slowing down the process.

Just because it accesses every file on the drive, doesn't mean avast will scan every file that it accesses. If the Standard Shield sensitivity is set at Normal then only files which are at risk of infection and an immediate risk (like .exe or .dll, etc.) would be scanned.

It also depends on what the ntbackup access is, if it is read access rather than write access there would be less of a requirement to scan.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

brettski1977

  • Guest
Re: Exclude On-Access scanner from monitoring a specific process
« Reply #4 on: January 10, 2010, 03:05:56 PM »
Many other antivirus solutions provide this functionality (even the free MSE). Presumably all these security companies could not have thought it was a security hole?

I found the following in the user manual, but it's a bit vague.

Scan files on open.
The extensions of the additional files to be scanned should be separated by a comma. You can use the wildcard "?" (e.g. if you want all .htm and .html opened files to be scanned, enter either "htm”, “html" or use the wildcard - "ht?"; in the latter case, however, all files with extensions starting with "ht", such as "htt", will be scanned).
>   Always scan WSH-script files. This option ensures that all script files (Windows Scripting Host) will be
tested.
>   Do not scan system libraries.
Trusted system libraries will not be scanned on opening, only a quick check will be performed to validate the authenticity. This option may speed up the system start a little.

Scan created/modified files.
If this box is checked, files will be scanned at the moment they are created
or modified. You can further specify whether this should be applied to:
>   All files, or
>   Only files with selected extensions
If the “Default extension set” box is checked, only those files with extensions that are generally considered "dangerous" will be scanned – click “Show” to see the list of default extensions. You can also specify additional extensions to be scanned.


The first option seems to indicate that files will be scanned on open (ie on READ which is what NTBACKUP would be doing). The second option which is also selectable says it's only going to check files only on create / modify (ie on WRITE). This would stop it checking files that NTBACKUP is reading, but that means it also wouldn't check an infected .exe as it's not being modified. Doesn't seem to make sense.