I'm a little puzzled by the fact that AMON keeps scanning running processes over and over again. My personal firewall (smc.exe), for example, is scanned every couple of seconds (apparently every time the firewall processes incoming or outgoing data).

Right now, my machine has been running for approx. 8 hours and AMON reports having scanned more than 155000 files! Isn't that a bit excessive? I understand that IMON needs to scan an executable before it is loaded into memory. But why re-scan the executable of an already running process over and over again?

-{ Quote: "I'm a little puzzled by the fact that AMON keeps scanning running processes over and over again. My personal firewall (smc.exe), for example, is scanned every couple of seconds (apparently every time the firewall processes incoming or outgoing data).

Right now, my machine has been running for approx. 8 hours and AMON reports having scanned more than 155000 files! Isn't that a bit excessive? I understand that IMON needs to scan an executable before it is loaded into memory. But why re-scan the executable of an already running process over and over again?" }-


Open Amon from the tray icon and add your smc.exe to the exclusion list under setup.

-{ Quote: "Open Amon from the tray icon and add your smc.exe to the exclusion list under setup." }-
I thought about that. But smc.exe was just an example. The same happens with my mail client. And I'd like to understand *why* AMON keeps re-scanning those execuables before resorting to the exclusion list. After all, excluding executables from virus scanning doesn't appear to be such a good idea -- they might get infected one day ...

-{ Quote: "I thought about that. But smc.exe was just an example. The same happens with my mail client. And I'd like to understand *why* AMON keeps re-scanning those execuables before resorting to the exclusion list. After all, excluding executables from virus scanning doesn't appear to be such a good idea -- they might get infected one day ..." }-


I excluded my firewall for the reason you mentioned. I'll take my chances.

You are right about excluding files. Probably not a good idea. In my case, I could never see what was being scanned because the firewall was always the last thing showing up in the window.

-{ Quote: "After all, excluding executables from virus scanning doesn't appear to be such a good idea -- they might get infected one day ..." }-
This seems unlikely I think, particularly if these processes are always running. I'm more concerned about the executibles or processes that "do the infecting".

I find it's more efficient and sensible to exclude trusted processes that are always running.

Regards,
Optigrab