Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 8 replies
  • Subscribers 3 subscribers
  • Views 20589 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Exclude a subdirectory in each user’s home directory from scanning

SamHocevar

Our local network users run an in-house application that downloads application builds (typically several gigabytes of executables and DLLs) to the user’s %AppData%\CacheDir directory. We use the Bittorrent protocol to speed up deployment over the LAN. However the Sophos scanner renders the performance abysmal; downloads are about 20 to 50 times slower when it’s active. I suppose this is caused by the files being changed regularly as new chunks are being downloaded, which is understandable behaviour from a virus scanner, but also the expected behaviour of a Bittorrent client.

Both our application and the binaries it downloads can be fully trusted, and we must absolutely avoid the overhead described above.

I could not find a way to exclude each user’s %AppData%\CacheDir directory and its subdirectories from scanning (except by adding the same line dozens of times, for each user, and maintaining the list each time we hire a new person…) . I understand that environment variables are not supported (and that the service can’t really evaluate them anyway). However we’re faced with this problem where the antivirus is just preventing everyone from working properly, and so far the only practical solution we’ve found is to exclude C:\Users from scanning (which kinda defeats the purpose of having a scanner at all).

Any suggestion on how to bypass the limitations?



This thread was automatically locked due to age.
Parents
  • 0
    Christian, That is what I was trying to work out. I was hoping there would be an actual log we could turn on of what on-access scanning interferes with but yes next port of call was going to be process monitor.

    I'll have a look with that actually as without exclusions of NSF, NTF, JAR, NDK and some others in place then we get slow downs with Lotus Notes client, also excluding the program and shared data dirs as recommended by IBM. It isn't set to "all files" of course but SOMETHING was getting in the way and causing whole machine to crawl - though oddly with little processor often showing for instance. This has got worse over last month or so which made me wonder if it ends up checking all files anyway to see if they match looking like a different type of file then ignoring them because they aren't on the extensions to scan list.

    Anyway when I am back on that site next week will remove the exclusions and look with process monitor if anything more obvious.

    Steve
Reply
  • 0
    Christian, That is what I was trying to work out. I was hoping there would be an actual log we could turn on of what on-access scanning interferes with but yes next port of call was going to be process monitor.

    I'll have a look with that actually as without exclusions of NSF, NTF, JAR, NDK and some others in place then we get slow downs with Lotus Notes client, also excluding the program and shared data dirs as recommended by IBM. It isn't set to "all files" of course but SOMETHING was getting in the way and causing whole machine to crawl - though oddly with little processor often showing for instance. This has got worse over last month or so which made me wonder if it ends up checking all files anyway to see if they match looking like a different type of file then ignoring them because they aren't on the extensions to scan list.

    Anyway when I am back on that site next week will remove the exclusions and look with process monitor if anything more obvious.

    Steve
Children
No Data
Unfiltered HTML