Is it a good idea to exclude "temp folders" from scanning?

Discussion in 'ESET NOD32 Antivirus' started by loverboy, Nov 20, 2010.

Thread Status:
Not open for further replies.
  1. loverboy

    loverboy Registered Member

    Joined:
    Mar 25, 2009
    Posts:
    59
    utorrent, emule or (in my case) COMODO (it is a firewall) temp folders are continuously written to store temp files, that in the first two cases (utorrent and emule) when completed go into another directory.

    So, to prevent NOD32 from being too much occupied in scanning temporary files I usually exclude those folders from scanning.
    Is it a good idea?
    Are we sure that files are scanned when moving from that "excluded directory" to the destination one at the end of the download?
     
    loverboy, Nov 20, 2010
    #1
  2. 3GUSER

    3GUSER Registered Member

    Joined:
    Jan 10, 2010
    Posts:
    812
    No , it is not a good idea in my opinion . There are plenty of threats that load from temp directories.

    In ESS/NOD32 v3 and v4 you can exclude UTorrent and Emule traffic from being scanned.
     
    3GUSER, Nov 20, 2010
    #2
  3. loverboy

    loverboy Registered Member

    Joined:
    Mar 25, 2009
    Posts:
    59
    Why scanning incomplete files that have no use until they are completely downloaded?
     
    loverboy, Nov 20, 2010
    #3
  4. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,456
    Excluding Utorrent/Emule folders is safe as long as malware authors don't exploit the exclusion.
     
    Marcos, Nov 20, 2010
    #4
  5. loverboy

    loverboy Registered Member

    Joined:
    Mar 25, 2009
    Posts:
    59
    No.
    I am asking if EAV 4 scans files while they are moving from a directory to another, and so making useless scanning those files while they are incomplete
     
    loverboy, Nov 20, 2010
    #5
  6. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,738
    Many programs use that folder, including malware. It's better not to add the exclusion.

    For example, if you click run on IE the file won't move to your download folder, and will directly execute from the temporary folder. If you had added the exclusion, ESET won't scan it.

    There are many other scenarios such as drive-by exploits, installer unpacking malware there, etc so I do not recommend it.
     
    J_L, Nov 20, 2010
    #6
  7. siljaline

    siljaline Registered Member

    Joined:
    Jun 29, 2003
    Posts:
    6,617
    The inherent risks of Peer-to-Peer File Swapping

    There are some Security Forums that will not support you if you state or it is determined you run P2P :ouch:

    How to exclude certain files or folders from real-time scanning if you must

    You shoud flush your Temp Folder on occasion as an extra security measure.

    The desitination directory is
    Code:
    [b]%temp%[/b]
    Via CTRL + A & CTRL + D in Safe Mode
     
    Last edited: Nov 20, 2010
    siljaline, Nov 20, 2010
    #7
  8. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses

    In a word NO.

    Exclusions are for other security products or your https banking site.
     
    Escalader, Nov 20, 2010
    #8
  9. xan K

    xan K Registered Member

    Joined:
    Sep 15, 2008
    Posts:
    154
    Location:
    Dominican Republic
    You better not exclude it. Besides, the performance you'd get from excluding that folder will probably be negligible.
     
    xan K, Nov 24, 2010
    #9
  10. loverboy

    loverboy Registered Member

    Joined:
    Mar 25, 2009
    Posts:
    59
    OK, thank you all :thumb:
     
    loverboy, Nov 24, 2010
    #10
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...