And now finally to my question. What is in your opinion the best way to do this, i.e. to exclude only those file in that “profile1” folder, but not all its sub-directories?? Maybe just to add the respective separate file-names, like for instance: “bookmarks.html”, bookmarks.bak", XUL.mfl" etc. ??
P.S. – These files are the most huge ones (and so scanning od them is the most “intrusive”), and the ones for which I am not afraid that they would be infected !!
One note first: maybe it’s really what you want, but you should know that there is a difference between D:\Program Files\Firefox\profiles\profile1*
and D:\Program Files\Firefox\profiles\profile1*.*
the second one requires the dot to be present in the path, so e.g. the file D:\Program Files\Firefox\profiles\profile1\Cache\file_without_extension
is not matched (and not excluded) using such mask.
I’m afraid there’s no way to exclude one folder only, without its subfolders - sorry.
Now, a few things about the exclusions in general: it’s not really needed, and actually not a good thing to do, to exclude every little file you think is safe from scanning.
Scanning of a file is not that slow (I somehow doubt your bookmark has tens of megabytes). The resident protection (Standard Shield) implements some optimization techniques - it doesn’t scan the whole file, but only the needed parts - so the file size may actually be irrelevant; it caches the previous result so if the file wasn’t changed between two accesses/scans, it’s actually not scanned again, etc.
(Well, I think that HTML and similar files are not scanned by default on reading, but rather on writing, so unless you changed the settings manually, you don’t have to be worried about reading at all, and I’d say writing is not such a common operation here.)
So, the list of exclusions is meant for cases like:
You want to prevent a false alarm until it’s fixed
You have a folder with known malware files and don’t want to get rid of them
You want to exclude significant areas (such as a folder with gigabytes of movies, MP3, etc.) - even though this option mainly concerns the on-demand scanner, not Standard Shield
You want to prevent a specific conflict with a software that e.g. does some heavy writing into a log file, resulting in the Standard Shield rescanning the file again and again.
So, the list of exclusions is not meant to exclude a huge number of single files. First, as I said, it shouldn’t be really needed, and second, the implementation is not really optimized for such a case. Every accessed file must be checked against each entry in the list of exclusions, so a huge list may actually result in a slowdown of the whole system. OK, it will probably be unnoticeable, but still… I advice against it.
Not true, I’m afraid.
Even the first mask will match the files in subfolders (the first asterisk matches the whole first part, including all the subfolders, and the second one the extension). The difference is mostly just the extension-less files (and even that may not be always true - there may be a parent folder with extension, and the extension-less files below are matched ;)).
I want to know where this is stored, I mean, where does this information is stored, how avast ‘read’ it, if it works only for a session (from boot to next boot), etc.
Thanks Igor 8)
Thanks… seems this is faster (and more secure) than having a database (or checking SUM, MD5, etc. for files).
I suppose that the better you can do that, the better will be the antivirus performance.
Is it the secret of the ‘new’ engine you’re developing for avast 5?
Well, it’s always a tradeoff - storing some kind of checksums accross reboots would be faster [the file access, I mean] (provided you have a method to quickly verify the checksum - which is actually questionable), but the security is lower, of course.
I don’t know if there’s anything to change about this in avast! 5.
Well, as far as I know it is, i.e. the file is being written-to every time I add/remove/modify a bookmark (and I think on few other such “events” too), and of course on each and every browser opening/closing …
Sure - that’s exactly what I meant by uncommon operation
I mean, there are hundreds of files scanned during the system start and later, when you start applications - so if the bookmark file is rescanned 10 times, it really doesn’t make any difference. If the file is changed every few seconds, then it would be different - but I believe it’s not the case here (even though the browser might store the time of last visit in the bookmark file… don’t know how fast your browsing is :)).