Was wondering when nod32 is installed on a file server, are there any options that may cause a slow save of files? After install, we seem to be having this issue. No problems opening the files that are stored on the server quickly, but wondering what options we may want to be checking that might possibly contribute to a slow save (4-5 seconds).

Thanks.

If you are experiencing problems related to server performance after you installed your ESET security product, please click or copy/paste the correct link below to properly configure your server.
----------------------------------------------------------------------------
Business Edition Version 4.0:
http://kb.eset.com/esetkb/index?page=content&id=SOLN2144
----------------------------------------------------------------------------

and

----------------------------------------------------------------------------
Microsoft’s virus scanning recommendations for a server:
http://support.microsoft.com/kb/822158
----------------------------------------------------------------------------

The SOLN2144 (http://kb.eset.com/esetkb/index?page=content&id=SOLN2144) article recommends excluding some folders from the real-time and on-demand scanning.

The exact procedures for setting up the exclusions are explained in the following two articles: SOLN2153 (http://kb.eset.com/esetkb/index?page=content&id=SOLN2153) and SOLN2152 (http://kb.eset.com/esetkb/index?page=content&id=SOLN2152).

I set up such exclusions on a server and saved the configuration to a XML file. I opened the file with a plain text editor and noticed a big difference in the way the settings were saved in the file.

The exclusions for the real-time scanner are saved as a series of folders that must not be scanned, e.g.:
<NODE NAME="Exclusion" TYPE="SUBNODE" DELETE="0">
<NODE NAME="FullPath" TYPE="STRING" VALUE="C:\WINDOWS\system32\dns\*.*" />
<NODE NAME="Infiltration" TYPE="STRING" VALUE="" />
<NODE NAME="Flags" TYPE="DWORD" VALUE="0" />
</NODE>

On the other hand, the exclusions for the on-demand scanner change the list of scan targets in the profile which is used for the scan. E.g. if I exclude C:\WINDOWS\system32\dns\ the following long list appears in the config file:

<NODE NAME="Targets" VALUE="C:\${Boot}|~\Documents and Settings\|~\Inetpub\|~\Program Files\|~\RECYCLER\|~\System Volume Information\|~\temp\|C:\WINDOWS\adam\|~\addins\|~\adfs\|~\Application Compatibility Scripts\|~\AppPatch\|~\assembly\|~\Cache\|~\Cluster\|~\Config\|~\Connection Wizard\|~\Cursors\|~\Debug\|~\Downloaded Installations\|~\Downloaded Program Files\|~\Driver Cache\|~\Fonts\|~\Help\|~\ie7\|~\ie8\|~\IIS Temporary Compressed Files\|~\ime\|~\inf\|~\Installer\|~\java\|~\Media\|~\Microsoft.NET\|~\Minidump\|~\msagent\|~\msapps\|~\mui\|~\ntfrs\|~\OemDir\|~\Offline Web Pages\|~\PCHEALTH\|~\PolicyBackup\|~\Prefetch\|~\provisioning\|~\RegisteredPackages\|~\Registration\|~\repair\|~\Resources\|~\SchCache\|~\security\|~\ServicePackFiles\|~\SoftwareDistribution\|~\SQL9_KB970892_ENU\|~\SQLHotfix\|~\srchasst\|~\Sun\|~\SxsCaPendDel\|~\symbols\|~\SYSMSI\|~\system\|C:\WINDOWS\system32\1025\|~\1028\|~\1031\|~\1033\|~\1037\|~\1041\|~\1042\|~\1054\|~\2052\|~\3076\|~\3com_dmi\|~\administration\|~\appmgmt\|~\Backup\|~\bits\|~\Cache\|~\CatRoot\|~\CatRoot2\|~\certsrv\|~\clients\|~\Com\|~\config\|~\dhcp\|~\dllcache\|~\drivers\|~\en\|~\en-US\|~\export\|~\GroupPolicy\|~\ias\|~\icsxml\|~\IME\|~\inetsrv\|~\ipmi\|~\lls\|~\log\|~\LogFiles\|~\Macromed\|~\Microsoft\|~\MicrosoftPassport\|~\MsDtc\|~\mui\|~\netmon\|~\npp\|~\NtmsData\|~\oobe\|~\pop3server\|~\ras\|~\ReinstallBackups\|~\reminst\|~\RemoteStorage\|~\rpcproxy\|~\ServerAppliance\|~\Setup\|~\ShellExt\|~\SoftwareDistribution\|~\spool\|~\wbem\|~\windows media\|~\WindowsPowerShell\|~\winrm\|~\wins\|~\XPSViewer\|~\$winnt$.inf|~\12520437.cpx|~\12520850.cpx|~\6to4svc.dll|~\aaaamon.dll|~\aaclient.dll|~\access.cpl|~\acctres.dll|~\accwiz.exe|~\acelpdec.ax|~\acledit.dll|~\aclui.dll|~\activeds.dll|~\activeds.tlb|~\activesockets.dll|~\actmovie.exe|~\actskn43.ocx|~\actxprxy.dll|~\admgmt.msc|~\adminpak.msi|~\admparse.dll|~\admwprox.dll|~\adprop.dll|~\adptif.dll|~\adsldp.dll|~\adsldpc.dll|~\adsmsext.dll|~\adsnds.dll|~\adsnt.dll|~\adsnw.dll|~\advapi32.dll|~\advpack.dll|~\advpack.dll.mui|~\aelu" TYPE="STRING" />
(note that this list is actually incomplete as the C:\WINDOWS\system32 contains many more files)

As the list says which folders and files are scanned, I conclude that if a new folder or file is created subsequently in the folder where the excluded folder exists or above it, it will not be scanned by the on-demand scan.

In this example, if I exclude C:\WINDOWS\system32\dns\ the on-demand scanner will not scan a new folder/file created in C:\WINDOWS\system32\, C:\WINDOWS\ and C:\, which is very bad!

I ask why the on-demand scanner does not use the logic of real-time scanner which scans everything except the excluded folders/files?

-- rpr.