This content has been marked as final. Show 7 replies
Scan it once to ensure it's clean and then enable on-access scans on writes to keep it clean.
Occasional full scans as a health check if you're concerned and a full scan again if you recover disks or large amounts of files from backup and your backup s/w is excluded form on-access scans.
Just a suggestion.
If this is unstructured data, and its anything like ours ( 95% not accessed recently ); try adding an exclusion for "accessed|modified more than XX days ago".
Presumeably after having at least scanned on-demand once ?
...and also need to be aware that the accessed/modifuied info for files may be incorrect.
Yes of course, XX > ODS Schedule. In our case 90d > 7d, this allows for 12+- full scans with as many different pattern files. Plus one Real-time scan when the file is actually originally written. That should be plenty assurance to lay it to rest.
The OP writes that the ODS scan is taking a full week to scan. That's a huge bottleneck that might be addressed by this setting.
With users accessing unstructured data, why wouldn't the OS file system handle the file attributes correctly? Can you give an example?
Well for example it has been known for some systems to have turned off the last accessed update function as per this Technote :-
..usually in an attempt to squeeze more performance out of the servers I guess....
Can't find the references at the moment but I did think that there were cases where programmed file access could update data without it being accurately reflected in the info - could be wrong with that one....
EDIT: - I guess it's obviously possible...
An interesting line of thought that opens.
Utilities that have special access that do not change the "Last access" date:
Backup, Anti-virus, integrity checks, defrag.
Malware that could access malicious files and reset "Last access" date to 1999:
Hmmm, probably so.
As with any layer of security, there is always a balance of risk v.s. access.
Absolutely - big difference between "possible" and "likely" - but I'm a "glass half empty" kind of guy when it comes to security stuff ;)