PaulDotCom mailing list archives

Previous By Date Next
Previous By Thread Next

When virus scans are there certain directories they skip?

From: robert.portvliet at gmail.com (Robert Portvliet)
Date: Sun, 23 Aug 2009 09:06:38 -0400
I've seen it turned off (for performance reasons) for directories with
heavy IO, like certain types of databases & file staging locations.

If you can ascertain what apps your target's desktops are running,
those sort of application's directories may be a good place to try &
drop something.

Although, where I've seen this done, only system & admin could write
to those directories & the users weren't allowed local admin...



On Sat, Aug 22, 2009 at 12:25 PM, Jim Halfpenny<jim.halfpenny at gmail.com> wrote:

It depends on the AV software and how it is configured. Many packages allow
for whitelisting files or directories so that they do not get scanned,
useful if you have a legitimate tool which is flagged as malicious. There's
no reason why malware could not try to subvert this behaviour to hide
themseleves if that's your line of thinking.

Jim

2009/8/21 Dimitrios Kapsalis <dimitrios at gmail.com>


Was thinking this afternoon, when anti-virus scans run, are there certain
directories that they always skip?

_______________________________________________
Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com



_______________________________________________
Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com
Previous By Date Next
Previous By Thread Next

Current thread: