Whitelisting D:SQL DATA folder even though Webroot skips SQL files anyway

  • 15 December 2017
  • 3 replies
  • 550 views

I know Webroot skips SQL files but won't a virus scan run much quicker if you whitelist an entire SQL folder.  For example lets say you have one million .mdf files located in the D:SQL DATA folder.  By whitelisting the D:SQL DATA folder Webroot will not even look at those .mdf files.  As a computer programmer for many years I know that the code is asking “Is this a .mdf file?”  If Yes, then skip it, “Is this a .mdf file?”  If Yes, then skip it, “Is this a .mdf file?”  If Yes, then skip it, and it will have to perform this line of code one million times.  It’s quicker for Webroot to ask “Is this the D:SQL DATA folder?” If Yes, then skip the entire folder along with the one million files located within and move on.  Even though Webroot skips .mdf files doesn't it the very least have to check the file type and determine that it is a .mdf file and therefore skip that file.  Sounds time consuming and could slow things down. 

3 replies

Userlevel 1
 
You may want someone from webroot to explain this in more detail however when you create an override in webroot it is very differnt from the traditional exclusion in an anti virus. 
It will actually cause webroot to scan that folder more heavily. They explained to me the reasoning however i dont completely understand. 
Userlevel 7
@, I've created a case on your behalf with our Support Team to ensure they can give you full clarification on this.
Thanks for letting us know!
Userlevel 6
Badge +26
@ - so, the short answer is, our agent does not scan at the NTFS layer, rather it scans at the binary layer and we only scan PE's, not at rest data files. When the agent is first installed, it does a full learning scan to categorize every file on the system. The agent knows where the MDFs and LDFs are stored and no longer will care or rescan them going forward. Ever.
 
Adding a Path Override tells the agent to do some work that it's already done and ignored. So, by adding a path override to the MDF/LDF paths, it's actually adding work for the agent. Not a ton as the agent will determine there are no PEs in that dir, but it will add unnecessary work to the agent.
 
Path overrides or any override should only be applied to "undetermined" software. ANything the agent already knows about and determines as good, should be ignored. You can see specific file hash determinations by enabling the determination column  in the Overrides tab on any given site. When that column is on, you'll see good, bad or undetermined.
 
Hope that helps.

Reply