Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 1 subscriber
  • Views 11982 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

On-access scanning and processes

mrcrisps

We have been asked by a system supplier to exclude a list of processes from AV scanning on a server.

We already have a policy affecting this server, which disables on-access scanning (box is unticked).

It's not clear from the GUI if this by default also disables process scanning, or just file system on-access scanning - what I mean is does the original read from the disk when a process launches not get scanned, but it does get scanned once memory-resident?

:55983


This thread was automatically locked due to age.
Parents
  • 0

    Hello mrcrisps,

    a list of processes

    not one or two - an entire list?

    exclude a list of processes from AV scanning ... scanned once memory-resident

    what exactly does the supplier want - they should be upfront with the rationale, especially as, if I understand correctly, you've already completely disabled on-access scanning. I'm known to be mild-mannered :smileytongue: nevertheless without details of the (potential) issues it strikes me as droll at best. 

    Seriously, why bother at all with AV on this server? Apparently whatever system this supplier supplies is not only immune to all kinds of threats but also immunizes the rest of the server. Do they have any suggestions how to protect the server (I don't assume it's an isolated system)? 

    Christian

    :56000
Reply
  • 0

    Hello mrcrisps,

    a list of processes

    not one or two - an entire list?

    exclude a list of processes from AV scanning ... scanned once memory-resident

    what exactly does the supplier want - they should be upfront with the rationale, especially as, if I understand correctly, you've already completely disabled on-access scanning. I'm known to be mild-mannered :smileytongue: nevertheless without details of the (potential) issues it strikes me as droll at best. 

    Seriously, why bother at all with AV on this server? Apparently whatever system this supplier supplies is not only immune to all kinds of threats but also immunizes the rest of the server. Do they have any suggestions how to protect the server (I don't assume it's an isolated system)? 

    Christian

    :56000
Children
No Data