*>>but I shudder when I see software vendors specify the requirement to exclude *.tmp files*
Sheer laziness... * * *ASB* *http://XeeMe.com/AndrewBaker* *Harnessing the Advantages of Technology for the SMB market… * On Fri, Nov 18, 2011 at 3:21 PM, Erik Goldoff <[email protected]> wrote: > not much risk until some malware writer takes advantage of this ... > > best practice is to exclude the extension within the known 'busy' target > folder, and do as little *global* exceptions as possible. That said, it's > still a safe practice today to exclude edb, ldf, mdf, pst, etc globally, > but I shudder when I see software vendors specify the requirement to > exclude *.tmp files ( without naming names, at least one video security > application ) > > On Fri, Nov 18, 2011 at 1:26 PM, David Lum <[email protected]> wrote: > >> Going through Microsoft’s list of files to exclude from scanning, it >> lists things like: >> >> **** >> >> Exclude the Active Directory transaction log files. The location of these >> files is specified in the following registry key:**** >> >> HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NTDS\Parameters\Database >> Log Files Path**** >> >> The default location is %windir%\Ntds. Specifically, exclude the >> following files:**** >> >> EDB*.log **** >> >> Res*.log **** >> >> Res*.jrs**** >> >> ** ** >> >> Is there really much risk is excluding *.LOG globally and not just >> specific paths? How about for the following: >> *.JRS >> *.EDB**** >> >> *.CHK**** >> >> *.POL**** >> >> *.DIT**** >> >> *.PAT**** >> >> *David Lum* >> Systems Engineer // NWEATM >> Office 503.548.5229 //* *Cell (voice/text) 503.267.9764**** >> >> ** ** >> >> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >> >> --- >> To manage subscriptions click here: >> http://lyris.sunbelt-software.com/read/my_forums/ >> or send an email to [email protected] >> with the body: unsubscribe ntsysadmin >> > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
