I've seen it turned off (for performance reasons) for directories with heavy IO, like certain types of databases & file staging locations.
If you can ascertain what apps your target's desktops are running, those sort of application's directories may be a good place to try & drop something. Although, where I've seen this done, only system & admin could write to those directories & the users weren't allowed local admin... On Sat, Aug 22, 2009 at 12:25 PM, Jim Halfpenny<[email protected]> wrote: > It depends on the AV software and how it is configured. Many packages allow > for whitelisting files or directories so that they do not get scanned, > useful if you have a legitimate tool which is flagged as malicious. There's > no reason why malware could not try to subvert this behaviour to hide > themseleves if that's your line of thinking. > > Jim > > 2009/8/21 Dimitrios Kapsalis <[email protected]> >> >> Was thinking this afternoon, when anti-virus scans run, are there certain >> directories that they always skip? >> >> _______________________________________________ >> Pauldotcom mailing list >> [email protected] >> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >> Main Web Site: http://pauldotcom.com > > > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com > _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
