Why does AMON re-scan running processes over and over again?

mfichtner · Jun 13, 2004

I'm a little puzzled by the fact that AMON keeps scanning running processes over and over again. My personal firewall (smc.exe), for example, is scanned every couple of seconds (apparently every time the firewall processes incoming or outgoing data).

Right now, my machine has been running for approx. 8 hours and AMON reports having scanned more than 155000 files! Isn't that a bit excessive? I understand that IMON needs to scan an executable before it is loaded into memory. But why re-scan the executable of an already running process over and over again?

ronjor · Jun 13, 2004

mfichtner said:

I'm a little puzzled by the fact that AMON keeps scanning running processes over and over again. My personal firewall (smc.exe), for example, is scanned every couple of seconds (apparently every time the firewall processes incoming or outgoing data).

Right now, my machine has been running for approx. 8 hours and AMON reports having scanned more than 155000 files! Isn't that a bit excessive? I understand that IMON needs to scan an executable before it is loaded into memory. But why re-scan the executable of an already running process over and over again?
Click to expand...

Open Amon from the tray icon and add your smc.exe to the exclusion list under setup.

mfichtner · Jun 13, 2004

ronjor said:

Open Amon from the tray icon and add your smc.exe to the exclusion list under setup.
Click to expand...

I thought about that. But smc.exe was just an example. The same happens with my mail client. And I'd like to understand *why* AMON keeps re-scanning those execuables before resorting to the exclusion list. After all, excluding executables from virus scanning doesn't appear to be such a good idea -- they might get infected one day ...

ronjor · Jun 13, 2004

mfichtner said:

I thought about that. But smc.exe was just an example. The same happens with my mail client. And I'd like to understand *why* AMON keeps re-scanning those execuables before resorting to the exclusion list. After all, excluding executables from virus scanning doesn't appear to be such a good idea -- they might get infected one day ...
Click to expand...

I excluded my firewall for the reason you mentioned. I'll take my chances.

You are right about excluding files. Probably not a good idea. In my case, I could never see what was being scanned because the firewall was always the last thing showing up in the window.

optigrab · Jun 13, 2004

mfichtner said:

After all, excluding executables from virus scanning doesn't appear to be such a good idea -- they might get infected one day ...
Click to expand...

This seems unlikely I think, particularly if these processes are always running. I'm more concerned about the executibles or processes that "do the infecting".

I find it's more efficient and sensible to exclude trusted processes that are always running.

Regards,
Optigrab

Log in or Sign up

Why does AMON re-scan running processes over and over again?

mfichtner Registered Member

ronjor Global Moderator

mfichtner Registered Member

ronjor Global Moderator

optigrab Registered Member

Log in or Sign up

Why does AMON re-scan running processes over and over again?

mfichtner Registered Member

ronjor Global Moderator

mfichtner Registered Member

ronjor Global Moderator

optigrab Registered Member

Useful Searches