I worked in one of the largest university in my country.
Our computer labs are currently using Trend Micro Office Scan 10.
Recently when we run SPSS 18, it took about 5 minutes 30 seconds for spss to start on a Pentium 4 HT PC with 512 MB ram and 80GB hard disk.
With the help of TrendMicro ESO service, they were able to determine the cause of delay was due to the extensive scan on JAR files used by SPSS 18's start up process.
It seems Trend Micro is decompressing each of JAR files and scan when user launch SPSS 18.
The current workaround that Trend Micro ESO is suggesting is to put JAR file in the exclusion list in the real-protection configuration.
It let SPSS run very fast (becuase officescan isn't scanning the jar files). It used to take 5 mins to launch SPSS now it only takes about 20 second or less.
But this configuration does open a big security hole for the entire university.
As we are close to the time to renew our anti-virus contract with Trend Micro, I am evaluating alternatives.
We might keep Trend Micro if we can't find anything better.
The reason I am looking into real-time protection scan log is because when I installed SEP 11 on the same hardware, same software.
I have being told by several tech/rep from symantec, and our sales rep, that JAR file is being scan by SEP.
But it is hard to convince me when I looked at my timer, the SPSS 18 launch time is same as if a machine did not install any anti-virus program.
I wonder how SEP were able to scan JAR files yet, keep the launch time so short? If I can't find proof, I would have a difficult time answering if SPSS problem is asked by my boss, since SPSS problem is being around and all over the campus for a while.
I looked at Avira, Kaspersky and Symantec.
Avira were able to show me real time protection scan log if i choose to.
However, I wish to have a more detailed log files, now it only tells me it's being processed and if the file is good or bad.
2010/5/17,16:27:35 小紅傘個人免費體驗版 - 僅供非商業使用已掃描下列的檔案:
C:\Program Files\SPSSInc\PASWStatistics18\JRE\lib\rt.jar
Requesting PID = 936
Engine Scan Time = 55 ms
[使用者] 405-4-02\USER <----- which computer
[資訊] 此檔案將不會採取任何動作。<-------it shows what Avira is doing in this case, Avira isn't doing anything
2010/5/17,16:27:35 小紅傘個人免費體驗版 - 僅供非商業使用已掃描下列的檔案:
C:\Program Files\SPSSInc\PASWStatistics18\JRE\lib\charsets.jar
Requesting PID = 936
Engine Scan Time = 33 ms
[使用者] 405-4-02\USER <----- which computer
[資訊] 此檔案將不會採取任何動作。<-------it shows what Avira is doing in this case, Avira isn't doing anything
Kaspersky is able to shows me real time scan log if i want to see, and if the file is scanned already, kaspersky would tell me the file isn't changed, thus the performance degration associated with the detail logging isn't that big of a issue.
2010/5/12 上午 11:57:34 C:\Program Files\SPSSInc\PASWStatistics18\activation.jar/META-INF/SUN_MICR.SF 正常 已掃瞄 405-4-01\USER localhost
2010/5/12 上午 11:57:34 C:\Program Files\SPSSInc\PASWStatistics18\activation.jar/META-INF/SUN_MICR.RSA 正常 已掃瞄 405-4-01\USER localhost
2010/5/12 上午 11:57:34 C:\Program Files\SPSSInc\PASWStatistics18\activation.jar/META-INF/mailcap.default 正常 已掃瞄 405-4-01\USER localhost
2010/5/12 上午 11:57:34 C:\Program Files\SPSSInc\PASWStatistics18\activation.jar/META-INF/mimetypes.default 正常 已掃瞄 405-4-01\USER localhost
2010/5/12 上午 11:57:34 C:\Program Files\SPSSInc\PASWStatistics18\activation.jar/javax/activation/SecuritySupport12.class 正常 已掃瞄 405-4-01\USER localhost
2010/5/12 上午 11:57:34 C:\Program Files\SPSSInc\PASWStatistics18\activation.jar/javax/activation/SecuritySupport12$1.class 正常 已掃瞄 405-4-01\USER localhost
2010/5/12 上午 11:57:34 C:\Program Files\SPSSInc\PASWStatistics18\activation.jar/javax/activation/SecuritySupport12$2.class 正常 已掃瞄 405-4-01\USER localhost
2010/5/12 上午 11:57:34 C:\Program Files\SPSSInc\PASWStatistics18\activation.jar/javax/activation/SecuritySupport12$3.class 正常 已掃瞄 405-4-01\USER localhost
2010/5/12 上午 11:57:34 C:\Program Files\SPSSInc\PASWStatistics18\activation.jar/javax/activation/SecuritySupport12$4.class 正常 已掃瞄 405-4-01\USER localhost
I wish to find symantec's real-time protection log files to help my evaluation process.
thanks in advance,
Shigeru