cancel
Showing results for 
Search instead for 
Did you mean: 

Exclude processes from scanning?

Hey,

we've some performence problems since we usw VSE (for some years now). No big troubles but our fileservers are still a little bit slow (no they aren't busy all the time). In earlier times we tried to exclude some folders (for our slowest applications) from scanning on the fileservers.. but a folder on a fileserver which isn't scanned at all is always a problem..

...so the new "silver bullet" is named exclude processes from scanning.

So first we excluded some of the mcafee tasks,... which always brought us better performance. So now we opened filemon (a little program to see all processes writing/reading from the disk) and excluded almost every task which is runned by our clients or servers.

But is this the right way? Is it not possible that a virus executes with the name of such a process?

Here the list I've excluded for testing:

on clients:
Policy.client.i:536
gatherProducts.:2480
fpassist.exe:3040
tmcsvc.exe:428
softmon.exe:2884
mstsc.exe:2348
collector.exe:1692
ctfmon.exe:3148
csrss.exe:864
acrord32.exe:3844
console.exe:196
isscntr.exe:3572
issproxy.exe:2852
freepdf.exe:2392
gswin32c.exe:1340
ldprofile.exe:3848
winlogon.exe:884
spoolsv.exe:1884
fpredmon.exe:2220
redrun.exe:2352
residentAgent.e:2800
proxyhost.exe:3996
ldiscn32.exe:1472
wmiprvse.exe:2768
lsass.exe:944
servicehost.exe:3200
ldapplpcgi.exe:1292
ldiscnupdate.ex:2656
vulscan.exe:2960
msgsys.exe:440
alert.exe:2232
regsrv32.exe:3664


on servers:
vmwareTray.exe:4664
vmwareservice.e:2288
vmwareuser.exe:4940
winlogon.exe:616
softmon.exe:2164
rcgui.exe:3204

alertservice.ex:1784
ldinv32.exe:10040
alert.exe:6708
iao.exe:5588
apache.exe:2560
rssensor.exe:9060
rotatelog.exe:2576
schedsvc.exe:244
w3wp.exe:8220
eventparser.exe:5952
cisvc.exe:1852
postcgi.exe:9340
tomcat5.exe:672
cgmghost.exe:2644
naprdmgr.exe:2908
softmon.exe:3664
apmservice.exe:1612
cidaemon.exe:4624
snmpwalk.exe:9536
csrss.exe:588
collector.exe:1816
lddevmon.exe:6976



I know most of this processes and know where they are from.. is this ok or shouldn't i exclude so many processes?

thanks in advance
and sorry for my bad english
NatroN
1 Reply

RE: Exclude processes from scanning?



We only scan on writing, and then create excludes from there, much easier...

reg, Henno.