Hi, I am new to this community as I just started in the AV sector of IT.
My questions is that I know there has to be programing in the background of on access scanning which has the order of which VSE determines if the process running falls into high low or default. What I am looking for is to find out if "demo.exe" is started does it look in the low risk policy for a match if not then it goes into high risk look for a match then if all else fails it goes to the default policy. Just looking for the order of where the process is matched against in order. I appreciate any information that can be given on this topic.
I would suggest a thorough read of:
A lot of reading. Let us know of any additional resources we can provide in understanding High/Low risk process policies.
Hope this is helpful.
Never responded, thanks for these articles. I got busy at the time of the question and was unable to dig into this more. I have been working at this for a year or so now. I have a lot more knowledge around this now but the way VSE moves through checks is what I was looking for. Just like in an if statement if you have to wait to get to else statement its going to take longer than just hitting the first if statement. what I was looking for was the order of which the checks go in. I hope this helps understand my question better.
OK, so I guess you are trying to understand how to improve performance, while not significantly degrading security, Correct?
William Warren wrote a really good blog here:
It is a significant read, and well worth the effort.
Hope this helps.