Exclusion by path a good policy for antivirus programs?

Discussion in 'other anti-virus software' started by acr1965, Jun 10, 2012.

Thread Status:
Not open for further replies.
  1. acr1965

    acr1965 Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    4,954
    I have noticed that most antivirus programs (maybe all of them?) have the ability for the user to set exclusions from being scanned and that it seems that the excluded program/file/etc is almost always by path (as opposed to md5 hash, etc). I'm wondering if this is the best policy for exclusions. What if an excluded program is auto updated and the update includes some sort of adware/spyware or worse? Because of the exclusion, will the updated program be able to do whatever it likes as the antivirus program will ignore it? I understand that exclusions are needed in many cases. But is exclusion by path the best policy?
     
  2. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
    It is the risk on the part of the user albeit a small one. An educated risk to allow a prog to function better until AV evolve further. If malware is able to bypass the AV and execute it is irrelevant what other folders are excluded.
     
  3. toxinon12345

    toxinon12345 Registered Member

    Joined:
    Sep 8, 2010
    Posts:
    1,200
    Location:
    Managua, Nicaragua
    Some AVs have more advanced options and can exclude files by Threat/signature, e.g. if the file is infected by other threat different to the exclusion, it will be blocked.
     
  4. Barthez

    Barthez Registered Member

    Joined:
    Apr 28, 2010
    Posts:
    112
    Location:
    Poland
    In order to collect (and then recheck) excluded file MD5 hash, this hash must be gathered at every program start. This might create additional problems like slow program start-up (especially when there are multiple files in a directory excluded by hash).
     
  5. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    4,047
    Location:
    USA
    A very good point. Also, most programs that would auto update would likely download the update to a temp folder first before it was applied, so I doubt the update itself would bypass your AV.
     
Loading...
Thread Status:
Not open for further replies.