I am trying to find out exactly what process occurs when a VirusScan DAT update occurs.
I am aware of the 3 files on the PC (AVVCLEAN, AVVNAMES and AVVSCAN) which are updated by the new DAT, but what happens next in the process?
Specifically, I have devices with low RAM (512mb) and these show problems around the update time and I wold like to understand the process fully before I look to introduce Low Risk Policies and Lower the Thread priority that are mentioned in several KB articles.
Any indication of the process undertaken would be much appreciated.
I am sure there is a much more detailed explanation, but here's a stab at oversimplifying it.
Somewhere in there, is a clean-up of the temporary files, but I'm not entirely sure--guessing between 5 & 6.
afaik, the dat extraction is done in memory. that's why the memory usage grows temporarily during a
signature update. we saw systems with less than 1GB of ram to experience poor performance during
a signature update due to swapping. as the result we defined two cores and 1GB ram as the minimal
requirements in our company for windows xp (we shipped around the problem one could say).
we also have a couple of registry tweaks in operation which do lower the impact on legacy systems when
they are running jobs during a signature update. we even had a case when a measurement software
crashed repeatedly during the signature update. registry tweaks and specific exclusions solved this issue.
we also disabled "scan processes on enable" for performance reasons.
Thanks for the responses - looking at recent KB articles the 'scan processes on enable' feature is disabled by default after 8.7 Patch 1 - we are running patch 4 so this should not be running.
Any other secific prcess related infor would be great.