This is actually an ok option to take and the only thing you are not going to catch is malicious code within things like .zip files. However, once the zip file is extracted and the .exe is then attempted to run you will catch it anyways. I never really did understand why AV systems by default scanned every file rather than just executing files. I mean it is great to know if a virus file is on your file system (not to be confused with infected) but it is a huge performance impact without any added security, really.
The only thing you want to be careful about though is making sure that your AV system is still scanning for malicious contented embedded in things like Word documents. You would not want to set your scan policy to only include .exe types files and then miss Word, Excel, macros and related. Otherwise I say go for it! -Marc -----Original Message----- From: Sam Cayze [mailto:[EMAIL PROTECTED] Sent: Friday, March 21, 2008 10:53 AM To: NT System Admin Issues Subject: General AV Question - Scanning Extensions So, in configuring NOD32, I see there is an option to adjust the scanners to only scan extensions that can actually execute code. This is supposed to speed up systems greatly by reducing the overhead of scanning every file. Eset provides a default list of about 40 extensions to include. More can be added/removed. I am kinda leaning towards this, but a the same time a little unsure and worried. 1. It will speed up my systems. 2. Probably will have fewer circumstances in which I am scanning an extension that I shouldn't be... (MDF, LDF, VMDKs, etc...) 3. I won't have to manually white list exclusions for the scanners... (See above). The list can be quite extensive, especially for servers. Obviously, I will still have to set up the path/folder level exclusions... Thoughts on this? I imagine this is a feature on many AV products. I wish I could figure out how to list of default exclusions so I could it share it. Thanks! Happy Friday. -Sam ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~ ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~
