How do I stop Sophos anti virus from scanning directories that are under source control

25
2013-11
  • mindless.panda

    From googling it seems its well known that SophosAV as well as other AV programs have issues with how they interact and can inhibit source control utilities like TortoiseHG or TortoiseSVN.

    One solution is to exclude directories under source control from on-access scanning as detailed here on Sophos's support site. There is a corollary article that mentions some issues related to this, namely the need to place multiple entries for exclusions based on the possibility of the location being accessed through the short vs. long name (e.g., Progra~1 vs. "Program Files").

    One other twist is I am using a junction to relocate my user directory, C:\Users\Username, to a second hard drive, E:. Since I am not sure how this interacts I have included the source control directory as they are nested in both locations. As a result, I have included the two exclusions for the on-access scanning exclusions (and to be on the safe side on-demand exclusions as well, although this should only come into play when I select a parent directory of the exclusion to be scanned on-demand, but still). You'll notice I have no need to add extra exclusions for those locations based on short vs. long name distinctions. The two exclusion I have then, for both on-access and on-demand scanning exclusions are:

    C:\Users\Username\source-control-directory
    E:\source-control-directory

    However, this does not seem to work as TortoiseHG still lags terribly in response to any request as AV software starts scanning when the directory is accessed via TortoiseHG.

    I can verify without a doubt that Sophos is causing the problems: I can completely disable on-access scanning. Once this is done TortoiseHG responds very fast to all operations. I cannot leave this disabled obviously, but since the exclusion don't seem to be working, what next?

    • Answers
  • mindless.panda

    Best as I can tell this required a restart to become active.


    • Related Question

    windows - Boot time virus scan from USB drive
  • Tomas Sedovic

    I want to check for viruses on a computer that I suspect may be infected with malware.

    Its users are running an antivirus, but there's always the risk that something slips past and the way I see it, once the system is infected the antivirus is useless because the malware can hide itself from the AV.

    I think the best way to go (besides clean reinstall of the OS) would be to have an antivirus running at a boot time from a CD or a USB key. That way, the malware is just lying on the disk and cannot do any of its hide-and-seek stuff (provided the AV comes from an uninfected PC and all that).

    So, I'm looking for something that:

    • Runs at boot time (off USB key or CD-ROM)
    • Does not touch or require the local OS
    • Discovers malware fairly well (like, Avast, AVG, Norton, whatever -- I think the're all the same anyway)
    • Can handle Windows filesystems (FAT 32, NTFS, WinFS ;-) )
    • Comes from some sort of trusted source (no Windows Antivirus 2009)

    I know that this is no silver bullet (nothing is, really*), but I do have a feeling it's more likely to help than doing the scan* within the infected system.


    • Related Answers
  • Snark

    There's a tutorial here to install the Antivir Rescue CD from Avira on a bootable USB key. It's running on Linux, with r/w support for NTFS.

  • Journeyman Geek

    a-squared Emergency USB Stick

    according to AV-Test.org, a-squared's scan engine (Ikarus) sports a very high detection rate.

  • fluxtendu

    Ultimate Boot CD for Windows aka UBCD4Win

    A bootable recovery CD (or USB disk) that contains software used for repairing, restoring, or diagnosing almost any computer problem.

    It's based on Bart's PE (a Windows "pre-install" environment CD, basically a simple Windows® XP booted from CD) and have many useful plug-ins (built-in or not). So, you have to build it with a XP cd, but the builder is user friendly enough and that let you customize the bootable media...

    It includes multiple virus scanner (Avira, Kaspersky Virus Removal Tool, Superantispyware, Malwarebyte's Antimalware). They basically all does the same thing, but they doesn't get the same results... So, I think it's better to use minimum two engine. (And go in the plug-ins section to update them before creating the boot cd)

    It have a big community and exists from long time enough to be trusted.