Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 21 replies
  • Subscribers 1 subscriber
  • Views 15616 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Longs start of .NET applications from network drive

AndrejK

Hello,

We are having problems with Sophos On-Access scanner. When enabled (always and default for every workstation in company) it can take up to 60-120 seconds before a .NET application located on network drive will start. It includes a single executable and around 10MB of DLL libraries which are located in same folder. If I disable On-Access scanning it opens instantly.

If I check the Task Manager I can see that Savservice.exe is peaking at around 20-40% which tells me that DLL files are beeing scanned. And this is taking way too long.

I tried to exclude the folders like so:

\\SERVER\SHARE\FOLDER\ and

X:\FOLDER\

or any other possible exclusion solution but none helped. When user closes application and starts it again from same network path it will open almost instantly. Until next reboot that is.

What can I do? How to correctly exlude those folder from beeing scanned or how to setup the Endpoint so the DLL files are not scanned everytime?

We are using Windows 7 Pro 64bit OS, Novell Netware file server and latest up-to-date version of Sophos Endpoint Security (9.7).

Thank you for your support.

:25101


This thread was automatically locked due to age.
Parents
  • 0

    Hi,

    If all the files are in:

    \\SERVER\SHARE\FOLDER\

    Can you try excluding:

    X:\FOLDER\

    \\SERVER\SHARE\FOLDER\

    \\IP\ SHARE\FOLDER\

    Note: the trailing backslash is important when excluding directories.

    Also turn off exclude remote files again.

    I tested putting eicar.com in a share on a remote machine: i.e. \\192.168.0.4\Jak\eicar.com

    On the client, in the hosts file I entered:

    192.168.0.4 mac

    With an exclusion in SAV of:

    \\192.168.0.4\jak\

    eicar.com was allowed to be accessed by the client, where as accessing the file as: \\mac\Jak\eicar.com was detected.

    Might be worth running Process Monitor to see what is exactly being accessed and if the exclusion covers it.  It would be good to narrow it down to a certain file in the directory but getting the exclusion to work would be a start.  If you can narrow it down to a certain dll file for example, you could then submit that to the labs with some info to say scanning it is too slow.

    Regards

    Jak

     

    :25133
Reply
  • 0

    Hi,

    If all the files are in:

    \\SERVER\SHARE\FOLDER\

    Can you try excluding:

    X:\FOLDER\

    \\SERVER\SHARE\FOLDER\

    \\IP\ SHARE\FOLDER\

    Note: the trailing backslash is important when excluding directories.

    Also turn off exclude remote files again.

    I tested putting eicar.com in a share on a remote machine: i.e. \\192.168.0.4\Jak\eicar.com

    On the client, in the hosts file I entered:

    192.168.0.4 mac

    With an exclusion in SAV of:

    \\192.168.0.4\jak\

    eicar.com was allowed to be accessed by the client, where as accessing the file as: \\mac\Jak\eicar.com was detected.

    Might be worth running Process Monitor to see what is exactly being accessed and if the exclusion covers it.  It would be good to narrow it down to a certain file in the directory but getting the exclusion to work would be a start.  If you can narrow it down to a certain dll file for example, you could then submit that to the labs with some info to say scanning it is too slow.

    Regards

    Jak

     

    :25133
Children
No Data