May 6th, 2002, 07:14 AM
Norton Antivirus Exclusions
I use Norton Antivirus 2001. In options | system | exclusions are listed the following:
These must have been default settings, as I don't recall putting anything in exclusions.
Can anyone explain the rationale of having these things listed in exclusions? I'd think one would want to have everything scanned.
What really confuses me is that .dbx is the extension for Outlook Express files, and you can hardly find anything more susceptible to infection than that. So why would those be excluded? Is it only that if email scanning is enabled, it shouldn't be necessary? (But what if email scanning is not enabled?) Or is there something about the way .dbx files are stored that would make a manual scan ineffective?
Someone must have a better idea than I do of how these things work!
May 6th, 2002, 07:23 AM
Hmm, I installed NAV 2002 yesterday. under default settings, only two items are listed 'excluding' here: *.nch and *.dbx (which I have removed). Then again, I've not installed MS Office, so I don't even have those .exe's. Anyway, if I were you, I'd remove all exclusions, and perform a full system scan, just to be safe...
I wish to express my gratitude to the people of Italy. Thank you for inventing pizza.
May 6th, 2002, 11:21 AM
Here is the Symantec answer to your question about exclusions:
May 6th, 2002, 05:34 PM
That may answer it - but I've got to admit it certainly wasn't the answer I was hoping for! If I am following their logic here, it seems that it almost amounts to, "If it might give a false positive or slow down your system, just don't scan it, even if the files involved are among the most likely to get infected." It makes me a little less satisfied with Norton Antivirus.
Anyone have a feel for what the rate of false positives might be? Slowing down the system while doing a manual scan isn't that big a deal, as I can always set it to run before I go off to do something else.
Maybe I'll just take Guus' advice and eliminate all exclusions and see what happens.
May 6th, 2002, 05:52 PM
I think that would be quite an efficient sacrifice of time, waiting a little longer, or take the chance of losing your system due to not checking .dbx files.
May 6th, 2002, 06:25 PM
sounds to me NAV is just trying to keep themselves from looking bad. it dosn't make any sense not to scan those files.
Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”
May 6th, 2002, 08:22 PM
Well, if I had to hazard a guess... it'd kind of fall under the same reason you don't want to scan a virus scanner. Lots of false positives, etc. (and, at one point, MSWord originally combated macro viruses by trying to check the thing itself - that was about the time that the macro viruses went from being simple things to make your MSWord experience annoying to basically using MSWord to execute system commands and kill your system for you...)
Also, for real-time type scanning, things like MS Word, Excel and all of those other office things tend to have system access built in to them that you normally wouldn't expect out of a so-called "normal" word processor or spreadsheet. So, things like NAV might pick that sort of thing up as a "WTF?!?" (ie. Word's "normal" activities fall so far outside the normal realm of word processor that NAV can't figure out what the h*ll it's doing, so it's better to simply ignore it and hope that your macro virus gets found another way, hopefully before it's even written to disk).
So, my experience may be a bit dated in that realm (as I've stated elsewhere, I tend to try to avoid having to use M$ abortionware) and it may just reflect Symantec's "thinking of old" as well (one of those things they may have added long, long ago and no one seems to remember exactly why it was there in the first place, etc)
\"Windows has detected that a gnat has farted in the general vicinity. You must reboot for changes to take affect. Reboot now?\"
May 7th, 2002, 02:12 AM
One thing I'm a bit confused about. Is there something about the way Norton Antivirus does their scan that is different from the way Panda does their online ActiveScan? The reason I ask is that Panda's online scan caught a Majistr-infected attachment in an old email on my computer. It had apparently been sitting there for a few months and I'd forgotten about it and had never opened it. It is entirely possible that I had temporarily disabled email scanning at the time it came in, then if the email files were in the exclusion list, it wouldn't have been caught by Norton during my full scans.
Also, if Norton can scan the email as it is coming in (if that option is chosen), why shouldn't it be able to handle a scan of email when doing a full scan?
May 7th, 2002, 02:29 AM
I too had .dbx files as well as .nch files in the exclusions of my norton's antivirus 2000. I took Guus' s advice and removed them all. I am quite sure I can spare the extra time. I also don't use Outlook Express so maybe I didn't need to remove them but better safe than sorry.
Dream as if you are going to live forever, live as if you were going to die today.
May 7th, 2002, 02:45 AM
Why make a big deal?!!!
They're set as defaults for the reason that Norton lists. If you don't like 'em then remove them!
Instead of worrying why, sometimes there are answers we may not agree or understand, then just do what you need to. There are plenty of other things to worry about than this!