> I think another easy way to explain the difference between high/low risk processes is that low risk > processes get scanned one time when they enter the memory space and that's it. High risk processes are > scanned as they enter memory and again every time they access anything on the file system.
No this is not correct. The processes filename (e.g. myapp.exe) included in e.g. low-risk settings is not excluded from scanning. So when myapp.exe starts this exe will be scanned everytime it is started. But all files accessed by myapp.exe are scanned with the settings in low-risk settings. All exclusions there are only valid when myapp.exe accesses excluded files. So if myapp.exe accesses a file like data.txt and this file is not excluded via the low-risk settings it is scanned everytime it is accessed.
The same for high risk processes. So the best way is to see it as two seperated scan settings valid for the specified processes. If a process accesses a file not specified on low or high-risk settings then itself and all files accessed by this process is scanned with the default settings.
I thought I understood this before - but your latest post has confused nme - probably just me being thick and misunderstanding the post....
I thought that a process that was defined on the low risk policy setting and was set to not scan on read/write - then that meant that after this process has been initiaed (and scanned) all disk read/write operations are exempt from scanning irrespective from whether they are specifically excluded in the file/folder exlusions list - is this correct ?
> all disk read/write operations are exempt from scanning irrespective from whether they are specifically > excluded in the file/folder exlusions list - is this correct ?
Generally not. The files accessed by the specified low risk process is scanned with the low-risk settings you set. E.g. when you generally deactivate the READ scan in your low-risk settings all read operations for this process are not scanned anymore.
It would be possible, even if it makes no sense, to specify the same settings in high/low and default settings. This would lead to scanning all processes with exact the same settings.
I've obviously got a mental block when translating your posts grin because I just read what you said as agreeing with what you quoted me as saying and then disagreed with ? so what did I miss ?:D
I was trying to say that if I added a process to the low risk policy settings and turned off red/write scabnning for that low risk policy BUT had no files/folders specifically aded to the file/folder exclusion list then the effect would be that no file accesses for the specified process woukld be scanned.