Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 1 subscriber
  • Views 12138 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Anti-Virus - On Access Cache Scanning functionality

LoXodonte

Performance related and functionality inquiry here...  Does Sophos AV use a cache to keep a record of on-access scans so it knows not to re-scan certain content. If so, what is the criteria for when a file will be scanned again?

Trying to troubleshoot some performance issues  related to a .NETframework app...sometimes the application startup takes 30+ seconds on a cold-boot. I've confirmed that SavService.exe is hitting the C:\Windows\assembly\NativeImages_v4.0... and C:\Windows\Microsoft.NET...locations hard in these instances.

:56686


This thread was automatically locked due to age.
Parents
  • 0

    Thanks for the reply Christian,

    Cold boot does not appear to invalidate the cache, but I'm wondering if a virus def update might. Also, you say the cache size is bounded, so older cached items will eventually get phased out and need to be rescanned? 

    Would it be a terrible idea to add on-access folder exclusions for the .NET framework files being scanned?

    mainly it's the: C:\Windows\assembly folder, and the scanning of dlls within it. Which I don't fully understand because this folder doesn't appear to contain dlls.  What would an exclusion statement look like to exclude all dll files from scanning located in that directory path?

    dll's load from here as well. C:\Windows\Microsoft.NET\assembly\

    :56705
Reply
  • 0

    Thanks for the reply Christian,

    Cold boot does not appear to invalidate the cache, but I'm wondering if a virus def update might. Also, you say the cache size is bounded, so older cached items will eventually get phased out and need to be rescanned? 

    Would it be a terrible idea to add on-access folder exclusions for the .NET framework files being scanned?

    mainly it's the: C:\Windows\assembly folder, and the scanning of dlls within it. Which I don't fully understand because this folder doesn't appear to contain dlls.  What would an exclusion statement look like to exclude all dll files from scanning located in that directory path?

    dll's load from here as well. C:\Windows\Microsoft.NET\assembly\

    :56705
Children
No Data