Threat Level: green Handler on Duty: Manuel Pelaez

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Anti-virus scanning exclusions

Published: 2012-04-13
Last Updated: 2012-04-13 17:59:40 UTC
by Daniel Wesemann (Version: 1)
11 comment(s)


Reader Josh writes in with a good question: How does everyone deal with software whose vendor requires that the application and its install directories be excluded completely from Anti-Virus (AV) scanning ? Microsoft has some recommendations for AV exclusions of their own, as do the anti-virus companies themselves (example: McAfee), and googling a bit quickly shows that pretty much every software vendor has knowledge base articles that deal with making their particular tool invisible to AV.

- How do you keep track of the various "approved" exclusions across servers in your company ?
- How do you make sure no malware is hiding or setting up shop in those excluded portions ?
- Any other comments you might have ..

If you have a couple of minutes before starting your weekend, please share in the comments below!

Keywords: anti virus
11 comment(s)
Diary Archives