PaulDotCom mailing list archives
When virus scans are there certain directories they skip?
From: k41zen at live.co.uk (k41zen at live.co.uk)
Date: Sun, 23 Aug 2009 22:08:12 +0100
I've seen AV vendors getting into trouble with checking the Quarantine folder too - especially the Symantec (SEP) product which got itself into an infinite loop. I also have seen that not only are app directories ignored that directories with large amount of data are ignored too for example database data directories. The admins hadn't excluded the database file types but the whole directories on the assumption that only data would exist in that directory :-) These directories are generally less protected than the app directories too. On 23 Aug 2009, at 14:06, Robert Portvliet wrote:
I've seen it turned off (for performance reasons) for directories with heavy IO, like certain types of databases & file staging locations. If you can ascertain what apps your target's desktops are running, those sort of application's directories may be a good place to try & drop something. Although, where I've seen this done, only system & admin could write to those directories & the users weren't allowed local admin... On Sat, Aug 22, 2009 at 12:25 PM, Jim Halfpenny<jim.halfpenny at gmail.comwrote: It depends on the AV software and how it is configured. Many packages allow for whitelisting files or directories so that they do not get scanned, useful if you have a legitimate tool which is flagged as malicious. There's no reason why malware could not try to subvert this behaviour to hide themseleves if that's your line of thinking. Jim 2009/8/21 Dimitrios Kapsalis <dimitrios at gmail.com>Was thinking this afternoon, when anti-virus scans run, are there certain directories that they always skip? _______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com_______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com_______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- When virus scans are there certain directories they skip? Dimitrios Kapsalis (Aug 21)
- When virus scans are there certain directories they skip? Jim Halfpenny (Aug 22)
- When virus scans are there certain directories they skip? Robert Portvliet (Aug 23)
- When virus scans are there certain directories they skip? k41zen at live.co.uk (Aug 23)
- When virus scans are there certain directories they skip? Raffi Jamgotchian (Aug 23)
- When virus scans are there certain directories they skip? Michael Dickey (Aug 23)
- When virus scans are there certain directories they skip? Robert Portvliet (Aug 23)
- When virus scans are there certain directories they skip? Xander Solis (Aug 22)
- When virus scans are there certain directories they skip? Nicholas B. (Aug 22)
- When virus scans are there certain directories they skip? Tim Mugherini (Aug 22)
- When virus scans are there certain directories they skip? Jim Halfpenny (Aug 22)