5 Replies Latest reply on Feb 16, 2009 5:47 PM by Grif

    Exclusion best practice

      Just looking for some feedback. We have roughly 400 laptop users in our environment. We currently do not do any On Demand scanning as these users do not work a standard 9 - 5 and trying to adhere to a predefined schedule would be a enormous undertaking.

      I have been tasked with configuring an exclusion to skip the read of a directory at startup. This will allow for the application in question to load quicker. However in doing so I have opened up a hole in my defenses. I wouldn't have a problem with this if I was doing the on damand scans.

      Just curious if anyone out there has been faced with this dillema and how you resolved it?
        • 1. RE: Exclusion best practice
          tonyb99
          you could set that directory to only scan on write not read in your exclusions rather than exempt it totally.
          • 2. Exclusions
            We have done just that. I'm mainly concerned with the best practice on situations like this. The thought here was to configure a On Demand scan to run at start up or as a scheduled task shortly after start up. My feeling is why not just leave the On Access in place. To create a On Demand scan and schedule it pretty much is just putting the cart before the horse. I don't see areal benefit here.

            I understand the On Demand is configurable to the point where I can control specifically what is scanned. Just want an idea around what is best practice.

            Thanks!
            • 3. RE: Exclusions
              tonyb99
              on demand after start up even with delay will either take ages or kill the machine
              • 4. RE: Exclusions
                jmaxwell
                Why not take the hit of a "one off" full disk scan at a time agreed with the users who could leave their laptops powered on and then use on-access scans all the time ? or you can omit the one-off scan of teh disk and just wait for the files to e accessed and scanned on read/write as they are used.....

                Jim
                • 5. RE: Exclusions
                  On those computers which have a high risk factor, we run the full system scan at lunch time or after hours, depending on the user.

                  Hope this helps.

                  Grif