Nod32 v4 File Server options

Discussion in 'ESET NOD32 Antivirus' started by cdr478s, Nov 23, 2009.

Thread Status:
Not open for further replies.
  1. cdr478s

    cdr478s Registered Member

    Joined:
    Sep 22, 2005
    Posts:
    17
    Was wondering when nod32 is installed on a file server, are there any options that may cause a slow save of files? After install, we seem to be having this issue. No problems opening the files that are stored on the server quickly, but wondering what options we may want to be checking that might possibly contribute to a slow save (4-5 seconds).

    Thanks.
     
  2. RyanH

    RyanH Eset Staff Account

    Joined:
    Nov 9, 2009
    Posts:
    64
    If you are experiencing problems related to server performance after you installed your ESET security product, please click or copy/paste the correct link below to properly configure your server.
    ----------------------------------------------------------------------------
    Business Edition Version 4.0:
    http://kb.eset.com/esetkb/index?page=content&id=SOLN2144
    ----------------------------------------------------------------------------

    and

    ----------------------------------------------------------------------------
    Microsoft’s virus scanning recommendations for a server:
    http://support.microsoft.com/kb/822158
    ----------------------------------------------------------------------------
     
  3. rpremuz

    rpremuz Registered Member

    Joined:
    Jan 18, 2005
    Posts:
    100
    Location:
    Croatia
    The SOLN2144 article recommends excluding some folders from the real-time and on-demand scanning.

    The exact procedures for setting up the exclusions are explained in the following two articles: SOLN2153 and SOLN2152.

    I set up such exclusions on a server and saved the configuration to a XML file. I opened the file with a plain text editor and noticed a big difference in the way the settings were saved in the file.

    The exclusions for the real-time scanner are saved as a series of folders that must not be scanned, e.g.:
    <NODE NAME="Exclusion" TYPE="SUBNODE" DELETE="0">
    <NODE NAME="FullPath" TYPE="STRING" VALUE="C:\WINDOWS\system32\dns\*.*" />
    <NODE NAME="Infiltration" TYPE="STRING" VALUE="" />
    <NODE NAME="Flags" TYPE="DWORD" VALUE="0" />
    </NODE>


    On the other hand, the exclusions for the on-demand scanner change the list of scan targets in the profile which is used for the scan. E.g. if I exclude C:\WINDOWS\system32\dns\ the following long list appears in the config file:

    <NODE NAME="Targets" VALUE="C:\${Boot}|~\Documents and Settings\|~\Inetpub\|~\Program Files\|~\RECYCLER\|~\System Volume Information\|~\temp\|C:\WINDOWS\adam\|~\addins\|~\adfs\|~\Application Compatibility Scripts\|~\AppPatch\|~\assembly\|~\Cache\|~\Cluster\|~\Config\|~\Connection Wizard\|~\Cursors\|~\Debug\|~\Downloaded Installations\|~\Downloaded Program Files\|~\Driver Cache\|~\Fonts\|~\Help\|~\ie7\|~\ie8\|~\IIS Temporary Compressed Files\|~\ime\|~\inf\|~\Installer\|~\java\|~\Media\|~\Microsoft.NET\|~\Minidump\|~\msagent\|~\msapps\|~\mui\|~\ntfrs\|~\OemDir\|~\Offline Web Pages\|~\PCHEALTH\|~\PolicyBackup\|~\Prefetch\|~\provisioning\|~\RegisteredPackages\|~\Registration\|~\repair\|~\Resources\|~\SchCache\|~\security\|~\ServicePackFiles\|~\SoftwareDistribution\|~\SQL9_KB970892_ENU\|~\SQLHotfix\|~\srchasst\|~\Sun\|~\SxsCaPendDel\|~\symbols\|~\SYSMSI\|~\system\|C:\WINDOWS\system32\1025\|~\1028\|~\1031\|~\1033\|~\1037\|~\1041\|~\1042\|~\1054\|~\2052\|~\3076\|~\3com_dmi\|~\administration\|~\appmgmt\|~\Backup\|~\bits\|~\Cache\|~\CatRoot\|~\CatRoot2\|~\certsrv\|~\clients\|~\Com\|~\config\|~\dhcp\|~\dllcache\|~\drivers\|~\en\|~\en-US\|~\export\|~\GroupPolicy\|~\ias\|~\icsxml\|~\IME\|~\inetsrv\|~\ipmi\|~\lls\|~\log\|~\LogFiles\|~\Macromed\|~\Microsoft\|~\MicrosoftPassport\|~\MsDtc\|~\mui\|~\netmon\|~\npp\|~\NtmsData\|~\oobe\|~\pop3server\|~\ras\|~\ReinstallBackups\|~\reminst\|~\RemoteStorage\|~\rpcproxy\|~\ServerAppliance\|~\Setup\|~\ShellExt\|~\SoftwareDistribution\|~\spool\|~\wbem\|~\windows media\|~\WindowsPowerShell\|~\winrm\|~\wins\|~\XPSViewer\|~\$winnt$.inf|~\12520437.cpx|~\12520850.cpx|~\6to4svc.dll|~\aaaamon.dll|~\aaclient.dll|~\access.cpl|~\acctres.dll|~\accwiz.exe|~\acelpdec.ax|~\acledit.dll|~\aclui.dll|~\activeds.dll|~\activeds.tlb|~\activesockets.dll|~\actmovie.exe|~\actskn43.ocx|~\actxprxy.dll|~\admgmt.msc|~\adminpak.msi|~\admparse.dll|~\admwprox.dll|~\adprop.dll|~\adptif.dll|~\adsldp.dll|~\adsldpc.dll|~\adsmsext.dll|~\adsnds.dll|~\adsnt.dll|~\adsnw.dll|~\advapi32.dll|~\advpack.dll|~\advpack.dll.mui|~\aelu" TYPE="STRING" />
    (note that this list is actually incomplete as the C:\WINDOWS\system32 contains many more files)

    As the list says which folders and files are scanned, I conclude that if a new folder or file is created subsequently in the folder where the excluded folder exists or above it, it will not be scanned by the on-demand scan.

    In this example, if I exclude C:\WINDOWS\system32\dns\ the on-demand scanner will not scan a new folder/file created in C:\WINDOWS\system32\, C:\WINDOWS\ and C:\, which is very bad!

    I ask why the on-demand scanner does not use the logic of real-time scanner which scans everything except the excluded folders/files?

    -- rpr.
     
Thread Status:
Not open for further replies.