Hi, We have NOD32 installed everywhere here. I have looked at the recommended server settings and implemented them. I do have a question about the web access protection. I have noticed that certain Microsoft Management console screens are DOG slow and this seems to be improve incredibly if I turn off the http scanning. I can see there is an exclusion option in the HTTP scanning but I am not sure what to enter or whether in fact I should bother with HTTP scanning. One of my servers is running SQUIDNT as a proxy server and I feel I need the HTTP scanning there but to be completely honest the server runs like a dog with the HTTP scanning enabled. Any suggestions.
A lot of dropper trojans are polymorphic and won't initally be caught by the scanning engine until they attempt to go out and pull down more malicious content over HTTP, which is detected and blocked at that point. If you're having problems with certain applications and their performance in HTTP-based management consoles, I suggest you set up a program exclusion in the advanced settings so that known-trusted traffic is simply passed.
Things like WSUS simply doesn't respond if http scanning is enabled. In fact almost anything running under the MMC is diabolically slow or not responding. For example if I try to alter roles or features via the MMC I often get timeouts. Windows 2008R2 64bit