Avast WEBforum
Business Products => Archive (Legacy) => Avast Business => Avast Server Protection => Topic started by: brettski1977 on November 26, 2009, 02:16:43 PM
-
I know that it's possible to get the On-Access scanner to ignore specific files etc, but is it possible to get it to ignore specific running processes. For instance, when ntbackup runs, it accesses every file on the drive and it seems that Avast therefore checks every file as well, slowing down the process.
-
I'm looking for this functionality too.
-
I'm just thinking this will be a security hole...
-
I know that it's possible to get the On-Access scanner to ignore specific files etc, but is it possible to get it to ignore specific running processes. For instance, when ntbackup runs, it accesses every file on the drive and it seems that Avast therefore checks every file as well, slowing down the process.
Just because it accesses every file on the drive, doesn't mean avast will scan every file that it accesses. If the Standard Shield sensitivity is set at Normal then only files which are at risk of infection and an immediate risk (like .exe or .dll, etc.) would be scanned.
It also depends on what the ntbackup access is, if it is read access rather than write access there would be less of a requirement to scan.
-
Many other antivirus solutions provide this functionality (even the free MSE). Presumably all these security companies could not have thought it was a security hole?
I found the following in the user manual, but it's a bit vague.
Scan files on open.
The extensions of the additional files to be scanned should be separated by a comma. You can use the wildcard "?" (e.g. if you want all .htm and .html opened files to be scanned, enter either "htm”, “html" or use the wildcard - "ht?"; in the latter case, however, all files with extensions starting with "ht", such as "htt", will be scanned).
> Always scan WSH-script files. This option ensures that all script files (Windows Scripting Host) will be
tested.
> Do not scan system libraries.
Trusted system libraries will not be scanned on opening, only a quick check will be performed to validate the authenticity. This option may speed up the system start a little.
Scan created/modified files.
If this box is checked, files will be scanned at the moment they are created
or modified. You can further specify whether this should be applied to:
> All files, or
> Only files with selected extensions
If the “Default extension set” box is checked, only those files with extensions that are generally considered "dangerous" will be scanned – click “Show” to see the list of default extensions. You can also specify additional extensions to be scanned.
The first option seems to indicate that files will be scanned on open (ie on READ which is what NTBACKUP would be doing). The second option which is also selectable says it's only going to check files only on create / modify (ie on WRITE). This would stop it checking files that NTBACKUP is reading, but that means it also wouldn't check an infected .exe as it's not being modified. Doesn't seem to make sense.