This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

In general, Why do some exe files get scanned and some don't?

I am trying to understand why do some files get scanned all the time and some files don't, does it have to do with digitally sign applications or code signing ?
Are exception the only way around this ongoing scanning of exe file ,  is there something a software developer has to do so their exe files so they don't need to be scanned by avp.
I work in cadcam and there are a lot of exe file being scanned in the cadcam software all the time, it really slows down the computing process 25-50%
Generally speaking, can a software developer do anything to their software so the avp sees it as something safe and does not scan it anymore.



This thread was automatically locked due to age.
Parents
  • Hello Daniel Hayes1,

    I'm not Sophos staff, just my two cents

    there are a lot of exe file being scanned in the cadcam software all the time
    how did you arrive at this assessment? Files are only scanned in response to an open or close and only if they haven't been scanned before. Of course some evaluation is always necessary to assure the file has indeed not (been) changed.
    digitally sign
    is a good idea. Naturally the signatures have to be verified.
    is there something a software developer has to do
    I think it's not has to do but rather should avoid. Most software has no problems with AV thus it's more likely that "unfortunate design" is the cause.
    sees it as something safe and does not scan it anymore
    does not scan is not possible. At least a file's integrity must be checked each time it is opened.

    Summary:
    It's likely something in the architecture of the cadcam software that triggers this excessive scanning. If so there's no short-term solution other than setting exclusions. This shouldn't be done lightly. The "classic" scanning  is becoming a thing of the past though and this problem should disappear but there's no guarantee that this cadcam and whatever security software go well together.

    Christian

Reply
  • Hello Daniel Hayes1,

    I'm not Sophos staff, just my two cents

    there are a lot of exe file being scanned in the cadcam software all the time
    how did you arrive at this assessment? Files are only scanned in response to an open or close and only if they haven't been scanned before. Of course some evaluation is always necessary to assure the file has indeed not (been) changed.
    digitally sign
    is a good idea. Naturally the signatures have to be verified.
    is there something a software developer has to do
    I think it's not has to do but rather should avoid. Most software has no problems with AV thus it's more likely that "unfortunate design" is the cause.
    sees it as something safe and does not scan it anymore
    does not scan is not possible. At least a file's integrity must be checked each time it is opened.

    Summary:
    It's likely something in the architecture of the cadcam software that triggers this excessive scanning. If so there's no short-term solution other than setting exclusions. This shouldn't be done lightly. The "classic" scanning  is becoming a thing of the past though and this problem should disappear but there's no guarantee that this cadcam and whatever security software go well together.

    Christian

Children
  • How did you arrive at this assessment?

    The problem is on the Cam Side of things 99% of the time . when we make a tool path in cam software this can take many exe file to make this 1 tool path, each tool path creates 10 - 20 new files , I may have to make 10 , 30, 300 tool paths you just never know how many it will take to process a job.
    and on top of that, we use multi-core CPU processing, meaning we can compute up to 4 tool paths simultaneously. Now you can understand how many files are actively being created simultaneously.

    We have run test to check the processing time with AVP on and then Off, With AVP on No exceptions it was 1.5 Hr , re computing the same project with AVP on with exceptions set. The time was 45 minutes.

    People don’t want to set exceptions because it makes holes in their systems, so this is why I am asking about files being scanned all the time.  

     

  • Hello Daniel Hayes1,

    I see. The number of files isn't that high I'd say, that is, if each is written in one go. If several open-write-close cycles are needed to create an exe the slowdown is not really surprise. The other reason I could think of is a resource (e.g. CPU) contention.

    People don’t want to set exceptions
    Normally the scanning overhead is not high, often not even perceptible. In situations like this one adjustments are necessary and if you can't change the workflow or tune the system exclusions might be necessary. A process exclusion could be suitable. The name is perhaps misleading, what it does it that it exempts those files from scanning that the specified process accesses.

    Christian