Is it advisable to exclude the "Program Files" folder in RT Scans?
Updated: 21 May 2010 | 13 comments
This issue has been solved. See solution.
In SEP and SAV? I would like to exclude this to potentially get speed back, but I am apprehensive on this. Maybe I should just exclude the microsoft office programs?
Advice please.
Thank you.
discussion Filed Under:
Comments
NO
I would say not to exclude any folders but in real world its not possible we would like to exclude few beause of compatibiltiy or performance issues.
when it comes to folder exclusion you should narrow down to the particlar folder and not the one in the top hierarchy...which is a high potential risk.
viruses always attack
C:\Program Files\Common Files
all the antivirus or most of the programs reside under program files folder until you do a custom install..
narrow down to the folder and do not exclude the entire program files folder..
Please don't forget to mark your thread solved with whatever answer helped you : ) Rafeeq
Also some true viruses attack
Also some true viruses attack EXE files, meaning WORD.EXE, EXCEL.EXE and so on, and exluding program files folder would mean the biggest targets of the old style infectors would be unchecked.
I've seen the old-style viruses (they still exist) triggered and they'll scan the hard drive for anything with an EXE or COM type extension and make them targets.
My sites - http://theamcpages.com & http://antique-engines.com
Toy:
Shadow:
You definetely shouldn't
You definetely shouldn't exclude program files. Was there a particular reason you thought that you needed to exclude it? You mentioned that you have seen a slowdown lately, but is this narrowed down to a particular program or has it just been slow in general. For instace we had an issue where a customer saw a slowdown when compiling programs in Microsoft Visual Studio, but by excluding the files of the program he was compiling helped.
Cheers
Grant
Please don't forget to mark your thread solved with whatever answer helped you : )
The reason I ask is because Outlook is through the roof on...
...memory usage, and right behind outlook is the runner up, RTVScan. I know this was not a good idea, but I would like to get those processes under control.
what version of
What version of outlook?
What patch level is it?
What addins? I would recommend testing on a machine disabling all outlook plug in's and see what that does for outlook usage then turn them back on one at a time if it made a big impact. High Outlook usage from my experince is typically caused by a poorly written add in.
What build of SEP?
What are the system specs. Outlook 2007 definatly works alot better with 2 gig of memory
One RT change I would be okay with is to have it only scan files on creation or when they are modified. This drops the usage down alot but you also need to have regular scans to pick up anything that got in since it came in prior to definition updates. You may also want to turn off the def watch scan but that also depends on how frequently you do scheduled scans.
Then AS A TEST for a short
Then AS A TEST for a short time, exclude OUTLOOK.EXE and observe.
My guess, there's something else causing it.
RTVSCAN also shouldn't be hammering you like that. Makes me think someting is amiss.
However, one DOES need to test, and I'd pick on a couple of test machines, put them in a group by themselves, and exclude ONLY outlook.exe for those machines and observe them...........
My sites - http://theamcpages.com & http://antique-engines.com
Toy:
Shadow:
Well maybe instead of
Well maybe instead of excluding the Program Files you should try to temporarily disable Outlook's autoprotect to see if that is the problem. A guide to configuring outlook autoprotect is here http://seer.entsupport.symantec.com/docs/331119.htm. Also if you are a person who recieves a lot of attachments OR large attachments then you might want to try just exluding those specific file types from the Outlook Autoprotect option. That way they are not scanned right when you recieve them. In reality this is not a huge problem since the files get stored in a Temp folder when you open them, and that Temp folder will get scanned by the regular system auto protect anyway.
Also you can check out this guide for improving performance on a SEP client. http://service1.symantec.com/SUPPORT/ent-security....
Cheers
Grant
Please don't forget to mark your thread solved with whatever answer helped you : )
I won't recomend this as this
I won't recomend this as this folder can also get infected.
As tempted as it may sound,
As tempted as it may sound, NO as well.
Program Files is just too broad to exclude and as the above say, many,. many virus look to infilitrate files in the sibfolders of program files, not just C:\doc & Settings or C:\Windows ..etc.
Are these clients or certain servers? What issues arer you experiencing?
There are some best practices or directoories you can exclude for certain types of server e.g. File and Print\Citrix/TS server, Exchange (although would haver mail security flavor of AV.
As tempted as it may sound,
As tempted as it may sound, NO as well.
Program Files is just too broad to exclude and as the above say, many,. many virus look to infilitrate files in the sibfolders of program files, not just C:\doc & Settings or C:\Windows ..etc.
Are these clients or certain servers? What issues arer you experiencing?
There are some best practices or directoories you can exclude for certain types of server e.g. File and Print\Citrix/TS server, Exchange (although would haver mail security flavor of AV.
I agree
I agree this would be a very bad idea. Think of the malware you could miss. Just off the top of my head the mywebsearch bar comes to mind. Now if there was a particular program that need it excluded for performance reasons that I would be okay with but only if that was the recommendation of that vendors support and they were willing to put it in writing.
I have several vendors here that insist that we should not run AV on the servers their product is on. Funny how when I ask them to put that in writing so that I can go back to it if that server gets infected and comprimised and managment wants to know why they suddenly come up with documentation on how to make it work with AV installed.
I'd also like to know why you where thinking of doing this was there a particular reason for wanting to do it.
I knew this was a silly question...
...but I was attempting to get better performance from some PC's with high memory usage on Outlook.exe and RTVScan.
Did you know that the
Did you know that the performance of SEP MR3 and higher is better than SAV ever was? RU5 is the latest SEP version, and is the most efficient.
If you are having performance issues, it could be a bug or improper config, you should troubleshoot that further.
There is an online portal, save yourself the long hold times. Create ticket online, then call in with ticket # in hand :-) http://mysupport.symantec.com "We backup data to restore, we don't backup data just to back it up."
Would you like to reply?
Login or Register to post your comment.