On-Demand Scan Speeds

I've got NOD32 Business Edition deployed to my entire company. We are a software development company so almost all of the computers have java workspaces/eclipse workspaces, etc. on the local disk.

The issue is that the on-demand scanner takes usually 4+ hours on developer or administrator machines. During the scan, the machine is practically unusable. I'm assuming that I have settings wrong in the policies, because I was under the impression that NOD32's scans shouldn't take very much system resources to run. CPU especially seems to spike way up. Any suggestions or advice? Or is this just expected with those types of files? The business staff machines don't have as much of an issue.

 

Directories full of installers and jar files tend to bog things down because they need to be decompressed before being analyzed, so you're incurring a lot of CPU and IOP overhead in the process. All AV suffers from this because it's not like we have a magical way of speeding up decompression.

A few things you could do:

Stop running on-demand scans
Seriously, they're only good for checking external media or a dismounted HD. The real-time module scans everything that gets touched or loaded in to memory against the same set of definitions that the on-demand scan would be using. So unless you really mucked up the real-time settings so they're missing a bunch of things, it isn't going to turn up anything important.

Set up exclusions
Standardize the filesystem location where projects are being worked on and set an exclusion for that location. Then they are simply passed over when a scan hits. You're going to stop real-time scanning in that directory too, so I wouldn't recommend it.

Keep the projects on a server
That's kinda a good idea anyway so you have centralized backups. Use it as an excuse to implement version control or something while you are at it. No more local files means no more scanning slowdowns.

Tune your archive scanning settings
Use the archive scanning limits on the on-demand scanner module to keep it from scanning archives over a certain size (I dunno, 5mb? Whatever works for you). That should get you skipping over the really nasty stuff that is slowing you down.

 

Thanks for the suggestions. Actually, all production projects are on centralized storage, but most developers seem to still have 20+GB of random workspace data on local disk for whatever reason.

We aren't able to completely exclude on-demand scans because the higher-ups insist on at least monthly scans.

I do like the archive limit idea. Would setting a limit like that exclude things like ISOs/ZIPs/RARs ? I guess a better question is what does NOD32 consider an archive?

Thanks again.

 

Any archive container format it knows how to read would be considered an archive to the software, including the ones you listed. There are also quite a few others that are also included

http://kb.eset.com/esetkb/index?page=content&id=SOLN2326&ref=wsf