I've seen AV vendors getting into trouble with checking the Quarantine folder too - especially the Symantec (SEP) product which got itself into an infinite loop.
I also have seen that not only are app directories ignored that directories with large amount of data are ignored too for example database data directories. The admins hadn't excluded the database file types but the whole directories on the assumption that only data would exist in that directory :-) These directories are generally less protected than the app directories too. On 23 Aug 2009, at 14:06, Robert Portvliet wrote: > I've seen it turned off (for performance reasons) for directories with > heavy IO, like certain types of databases & file staging locations. > > If you can ascertain what apps your target's desktops are running, > those sort of application's directories may be a good place to try & > drop something. > > Although, where I've seen this done, only system & admin could write > to those directories & the users weren't allowed local admin... > > > > On Sat, Aug 22, 2009 at 12:25 PM, Jim Halfpenny<[email protected] > > wrote: >> It depends on the AV software and how it is configured. Many >> packages allow >> for whitelisting files or directories so that they do not get >> scanned, >> useful if you have a legitimate tool which is flagged as malicious. >> There's >> no reason why malware could not try to subvert this behaviour to hide >> themseleves if that's your line of thinking. >> >> Jim >> >> 2009/8/21 Dimitrios Kapsalis <[email protected]> >>> >>> Was thinking this afternoon, when anti-virus scans run, are there >>> certain >>> directories that they always skip? >>> >>> _______________________________________________ >>> Pauldotcom mailing list >>> [email protected] >>> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >>> Main Web Site: http://pauldotcom.com >> >> >> _______________________________________________ >> Pauldotcom mailing list >> [email protected] >> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >> Main Web Site: http://pauldotcom.com >> > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com > _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
