FD-ISR snapshot and NOD32 scan...

Discussion in 'FirstDefense-ISR Forum' started by Atomas31, Apr 23, 2007.

Thread Status:
Not open for further replies.
  1. Atomas31

    Atomas31 Registered Member

    Joined:
    Sep 7, 2004
    Posts:
    923
    Location:
    Montreal, Quebec
    Hi,

    Is there a way to indicate to NOD32 not to scan all the snapshots? Right now, having 3 snapshots, it is the equivalent of NOD32 scanning 3 times my C drive :doubt:

    Is there a file (snapshots) from FD-ISR that can be exclude from the NOD32 scan?

    Thanks,
    Atomas31
     
  2. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    Atomas,
    I'm not sure about this, but

    I have two snapshots :
    If I open Windows Explorer and go to the folder "C:\$ISR", I see 3 subfolders :
    1. C:\$ISR\0 = first snapshot
    2. C:\$ISR\1 = second snapshot
    3. C:\$ISR\A = I don't know.

    If you exclude the last two subfolders in NOD32, it might be possible that only the first folder = first snapshot is scanned and not the other two.
    Again I'm not sure if this info is right, but it sounds logical and it isn't dangerous. :)

    PS.: Let me know if it makes a difference in scanning time.

    EDIT :
    If you use the classical method of FDISR : work and rollback snapshot, than you only have to scan the primary snapshot, BEFORE you copy/update FROM work snapshot TO rollback snapshot and that will keep your rollback snapshot "clean".
     
    Last edited: Apr 23, 2007
  3. Atomas31

    Atomas31 Registered Member

    Joined:
    Sep 7, 2004
    Posts:
    923
    Location:
    Montreal, Quebec
    Hi Erik,

    I see one problem, I don't have any folder call $ISR in c:\o_O Where does my snapshots are if not in C:\ (I don't have any partition on my system)?

    Thanks for your help,
    Atomas31
     
  4. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    Maybe the folder is hidden, I don't remember this.
    I have all hidden files unhidden via folder options.

    EDIT :
    It is a HIDDEN folder, I checked it.
     
  5. Atomas31

    Atomas31 Registered Member

    Joined:
    Sep 7, 2004
    Posts:
    923
    Location:
    Montreal, Quebec
    After checking, you are right I had to unhidde the system protected files... Thanks,

    Atomas31
     
  6. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    And ... any improvement in the scan time ?
     
  7. Atomas31

    Atomas31 Registered Member

    Joined:
    Sep 7, 2004
    Posts:
    923
    Location:
    Montreal, Quebec
    Nope, I will need someone to indicate to me how to exclude the folders $ISR/1 and $ISR/2 from the scans? I try to put them on the exclusion list (as permanent) on AMON configurations but they are still being scano_O
     
  8. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    Ask in the NOD32 forum, they will teach you this immediately.
     
  9. screamer

    screamer Registered Member

    Joined:
    Apr 14, 2006
    Posts:
    921
    Location:
    Big Apple USA
    In order to exclude FD-ISR from a NOD32 (On Demand) scan. see attachment

    In order to exclude it from a scheduled scan just add: /exclude=$ISR to the command line.

    ...screamer
     

    Attached Files:

  10. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    This would mean that none of the snapshots will be scanned by NOD32

    I might be wrong, but it should be like this :

    /exclude=C:\$ISR\1 = second snapshot
    /exclude=C:\$ISR\A = ?

    This should scan "C:\$ISR\0" only, which is probably the primary snapshot.

    Of course I'm not sure, because I don't have NOD32.
    If your method is correct, than the scan time will also be alot shorter, but I have doubts that the primary snapshot will be scanned.
     
  11. screamer

    screamer Registered Member

    Joined:
    Apr 14, 2006
    Posts:
    921
    Location:
    Big Apple USA
    NOD32 will only exclude "one" file. I choose to exclude FD-ISR as a complete folder. If my scan shows something strange... I can include FD-ISR in a separate scan. So far I haven't had to do this since the only malicious files I have received are via e-mail and NOD32 picks-em-up as they're downloading.

    ...screamer
     
Thread Status:
Not open for further replies.