NAV Scans every single file during ntbackup

Discussion in 'ESET NOD32 Antivirus' started by mlynchit, Dec 23, 2010.

Thread Status:
Not open for further replies.
  1. mlynchit

    mlynchit Registered Member

    Joined:
    Nov 20, 2010
    Posts:
    21
    NOD32 scans every single file, regardless of configured exclusions.

    This occurs with ntbackup, dixmle, and presumably anyother VSS aware backup

    How is this acceptable?
    How am I seemingly the only one that has a problem with this?

    If I can't backup my server without Antiv virus getting in the way, then I must remove the product and purchase a SERVER CAPABLE product from some one else!

    Am I wrong in thinking that backups should be excluded from Anti virus scrutiny?

    Some answers would be much appreciated.

    Michael.
     
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    What exclusions did you configure? If you attempted to exclude a kernel path (commencing with "\Device"), these are not currently supported.
     
  3. jimwillsher

    jimwillsher Registered Member

    Joined:
    Mar 4, 2009
    Posts:
    668
    You've opened a new thread on exactly the same subject as your other thread. As mentioned in there, \\device\ exclusions are not currently supported.

    We have NOD32 on a few servers (2003, 200:cool: and we're using ntbackup. I haven't looked to see if the files are being scanned, but if they are then it hasn't caused us any problems with our own backups.

    Is the scanning actually preventing your backup from running, or would you simply prefer that the files weren't scanned?


    Jim
     
  4. mlynchit

    mlynchit Registered Member

    Joined:
    Nov 20, 2010
    Posts:
    21
    I know I have two threads. I apologise.

    The main issue is that I run an Anti-spam gateway called ASSP.

    It stores spam emails on disk for purpose of its bayesian databse.

    NAV causes the root ASSP folder to be completely missing from the diXML backup, even though the blocked files are in \assp\spam. So I can't be too sure of the consistency of the backup.

    Ntbackup appears to just skip over the files that are blocked, so not a big issue.

    Would you simply prefer that the files weren't scanned?
    Honestly? Yes.

    Lets say for example, ESET releases a dodgy pattern update and my server receives it at 8pm. The backup then runs at 10pm, and a heap of files are not backed up and the backup is potentially useless. Then, at 5am, the server fails to boot.

    Whilst writing this message, I have realised that I should simply exclude EML files from the extensions configuration.

    Hopefully this resolves the issue to an acceptable level for now.

    Thanks Jim
    Michael.
     
  5. mlynchit

    mlynchit Registered Member

    Joined:
    Nov 20, 2010
    Posts:
    21
    Ok problem solved for my eml repository.

    I am still perplexed as to why you would not exclude backup software?

    In my experience, it is dangerous to risk any sort of interference with a backup, and I would much prefer at least to have some decent control over NAV.
     
  6. jimwillsher

    jimwillsher Registered Member

    Joined:
    Mar 4, 2009
    Posts:
    668
    Glad the EML thing is solved.

    Yes I agree, I would like to have process exclusion as an option within ESET. For example, I would exclude sage.exe and sbddesktop.exe, two Sage Line 50 executables which run like three-legged dogs when ESET is involved due to their nature. if I could exclude the processes then it would solve the problem, but instead we have to exclude 6 or 7 folders. In your case, excluding ntbackup.exe or equivalent would work.

    Hopefully in a future version of ESET. Sophos and eTrust both support it, and it's probably the single feature I miss the most from our eTrust days.


    Jim
     
  7. mlynchit

    mlynchit Registered Member

    Joined:
    Nov 20, 2010
    Posts:
    21
    It's interesting: The files still wizz past in the NAV Statistics, but don't add to the object count.

    I tested this in a normal situation too. I ran 'type *' in a command prompt against a bunch of FXR files. FXR is not in my extension inclusion list.
    The files flashed past in the Statistics window, but did not add to the object count.

    Perhaps a little confusing, or perhaps its just a little too late!

    We had eTrust just prior to ESET.
    Hated the pseudo web interface(useless on remote support sessions). Footprint was too large. And initial setup made nooooo sense at all.

    Michael.
     
  8. jimwillsher

    jimwillsher Registered Member

    Joined:
    Mar 4, 2009
    Posts:
    668
    I vaguely recall an old thread discussing the same, where the stats screen showed everything that was presented to the scanner, whether or not it was scanned. I might have that wrong, but it rings a distant bell.

    I guess one of testing would be using the EICAR test string in a bunch of files in different folders or with different extensions, and see which ones get caught and whether they show up on the stats screen? Just an idea.



    Jim
     
  9. Brambb

    Brambb Registered Member

    Joined:
    Sep 25, 2006
    Posts:
    411
    Location:
    The Netherlands
    You remember this right, I also seen Marcos saying this :)

    /Edit: Oh.. He even said once more today in another thread see: https://www.wilderssecurity.com/showpost.php?p=1803191&postcount=4
     
    Last edited: Dec 26, 2010
  10. jimwillsher

    jimwillsher Registered Member

    Joined:
    Mar 4, 2009
    Posts:
    668
    Well found :)

    The Eicar file would be a good test, as Marcos suggested.


    Jim
     
Thread Status:
Not open for further replies.