3 Replies Latest reply: Feb 19, 2014 10:45 AM by rothman RSS

    Selectively disabling on-access scanning

    francist

      Hi,

       

      We are looking at some recording/playback software for a client and need some advice on how to tailor AV settings for best performance. Initial testing has shown that the software, especially on playback, is sensitive to any AV scanning taking place.

       

      The client is running 32 bit Windows 7 with VirusScan Enterprise 8.7i (8.7.0.570) installed.

       

      What settings should we be looking at, beyond the normal directory/process exclusions, to prevent an AV scan from interuptiing the software and any system components (e.g. Microsoft SilverLight) it uses?

        • 1. Re: Selectively disabling on-access scanning
          rothman

          You're probably going about it in the right way by excluding specific directories / processes, but you may not be hitting all of the sub-processes that this software uses.  My suggestion would be to search for the required/suggested AV exclusions documentation either online or directly from the software developer.  Whenever one of my clients requests assistance to get software working, that is likely being blocked by McAfee, from me... one of the very first things I ask them is to provide me with the software requirements documentation so that I can be sure all necessary exclusions are made.

          • 2. Re: Selectively disabling on-access scanning
            francist

            Thanks for your feedback.

             

            I've not had a chance to look at the settings myself but you seem to imply that marking a process as trusted does not mean that any processes launched by that process are also trusted by default?

            • 3. Re: Selectively disabling on-access scanning
              rothman

              francist wrote:

               

              I've not had a chance to look at the settings myself but you seem to imply that marking a process as trusted does not mean that any processes launched by that process are also trusted by default?

               

              This is exactly the case and the reasoning behind it is you wouldn't want to have a policy which lets process 'virus.exe' to launch just because its parent (hijacked) process, 'recorder.exe', was allowed.