1 Reply Latest reply on Nov 24, 2008 8:41 AM by HennoKeers

    Exclude processes from scanning?

      Hey,

      we've some performence problems since we usw VSE (for some years now). No big troubles but our fileservers are still a little bit slow (no they aren't busy all the time). In earlier times we tried to exclude some folders (for our slowest applications) from scanning on the fileservers.. but a folder on a fileserver which isn't scanned at all is always a problem..

      ...so the new "silver bullet" is named exclude processes from scanning.

      So first we excluded some of the mcafee tasks,... which always brought us better performance. So now we opened filemon (a little program to see all processes writing/reading from the disk) and excluded almost every task which is runned by our clients or servers.

      But is this the right way? Is it not possible that a virus executes with the name of such a process?

      Here the list I've excluded for testing:

      on clients:
      Policy.client.i:536
      gatherProducts.:2480
      fpassist.exe:3040
      tmcsvc.exe:428
      softmon.exe:2884
      mstsc.exe:2348
      collector.exe:1692
      ctfmon.exe:3148
      csrss.exe:864
      acrord32.exe:3844
      console.exe:196
      isscntr.exe:3572
      issproxy.exe:2852
      freepdf.exe:2392
      gswin32c.exe:1340
      ldprofile.exe:3848
      winlogon.exe:884
      spoolsv.exe:1884
      fpredmon.exe:2220
      redrun.exe:2352
      residentAgent.e:2800
      proxyhost.exe:3996
      ldiscn32.exe:1472
      wmiprvse.exe:2768
      lsass.exe:944
      servicehost.exe:3200
      ldapplpcgi.exe:1292
      ldiscnupdate.ex:2656
      vulscan.exe:2960
      msgsys.exe:440
      alert.exe:2232
      regsrv32.exe:3664


      on servers:
      vmwareTray.exe:4664
      vmwareservice.e:2288
      vmwareuser.exe:4940
      winlogon.exe:616
      softmon.exe:2164
      rcgui.exe:3204

      alertservice.ex:1784
      ldinv32.exe:10040
      alert.exe:6708
      iao.exe:5588
      apache.exe:2560
      rssensor.exe:9060
      rotatelog.exe:2576
      schedsvc.exe:244
      w3wp.exe:8220
      eventparser.exe:5952
      cisvc.exe:1852
      postcgi.exe:9340
      tomcat5.exe:672
      cgmghost.exe:2644
      naprdmgr.exe:2908
      softmon.exe:3664
      apmservice.exe:1612
      cidaemon.exe:4624
      snmpwalk.exe:9536
      csrss.exe:588
      collector.exe:1816
      lddevmon.exe:6976



      I know most of this processes and know where they are from.. is this ok or shouldn't i exclude so many processes?

      thanks in advance
      and sorry for my bad english
      NatroN