Why does AMON re-scan running processes over and over again?

Discussion in 'NOD32 version 2 Forum' started by mfichtner, Jun 13, 2004.

Thread Status:
Not open for further replies.
  1. mfichtner

    mfichtner Registered Member

    Joined:
    Jun 13, 2004
    Posts:
    2
    I'm a little puzzled by the fact that AMON keeps scanning running processes over and over again. My personal firewall (smc.exe), for example, is scanned every couple of seconds (apparently every time the firewall processes incoming or outgoing data).

    Right now, my machine has been running for approx. 8 hours and AMON reports having scanned more than 155000 files! Isn't that a bit excessive? I understand that IMON needs to scan an executable before it is loaded into memory. But why re-scan the executable of an already running process over and over again?
     
  2. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,728
    Location:
    Texas

    Open Amon from the tray icon and add your smc.exe to the exclusion list under setup.
     
  3. mfichtner

    mfichtner Registered Member

    Joined:
    Jun 13, 2004
    Posts:
    2
    I thought about that. But smc.exe was just an example. The same happens with my mail client. And I'd like to understand *why* AMON keeps re-scanning those execuables before resorting to the exclusion list. After all, excluding executables from virus scanning doesn't appear to be such a good idea -- they might get infected one day ...
     
  4. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,728
    Location:
    Texas

    I excluded my firewall for the reason you mentioned. I'll take my chances.

    You are right about excluding files. Probably not a good idea. In my case, I could never see what was being scanned because the firewall was always the last thing showing up in the window.
     
    Last edited: Jun 13, 2004
  5. optigrab

    optigrab Registered Member

    Joined:
    Nov 6, 2002
    Posts:
    624
    Location:
    Brooklyn/NYC USA
    This seems unlikely I think, particularly if these processes are always running. I'm more concerned about the executibles or processes that "do the infecting".

    I find it's more efficient and sensible to exclude trusted processes that are always running.

    Regards,
    Optigrab
     
Thread Status:
Not open for further replies.