Exclude should actually exclude! [Fixed in 3.10]

[Guest]

[HeffeD]

It is counterintuitive that excluded files/folders are still scanned.

The help file says:
All items listed and all items added to the 'Exclusions' list will be excluded from all future scans of all types.

Yet anything you put on the list to exclude is in fact still scanned. Logic-wise, this is a bit of a mind bender...

Resource-wise, this is an app killer when scans take upwards of 4x as long as other AV software.

[mjj09]

Yeah, I noticed that too. Kind of annoying that this feature doesn't do what it says it does considering the number of false positives generated.

[ShadesOfGrey]

Add my vote!!!  If you add an item to the exlusion list, it shouldn't be scanned at all.

I'm also really curious as to why there would be a "File Group" for "Executables" and "All Applications" but not for media files or digital pictures.  Wouldn't it make sense to exclude generally non-executable files like JPGs, MP3s, MPGs, and their like?

[.FaZio93.]

I'm also really curious as to why there would be a "File Group" for "Executables" and "All Applications" but not for media files or digital pictures.  Wouldn't it make sense to exclude generally non-executable files like JPGs, MP3s, MPGs, and their like?

The key word here is "generally". Download a few music files from a P2P host and see how many malware alerts you get while downloading.   

[fingershop]

The release notes for 3.8.65951.477 say "FIXED! AV Exclusions do not work". Well I can tell you, they still don't work.

When I choose to scan Critical Areas, whether scheduled or on demand, it scans far too many files, and for far too long. I've added exclusions, but as other people have noted, it still scans the excluded items anyway.

Using FileMon from SysInternals, I found that Comodo is reading the entire contents of all the files its scanning, even the excluded ones, like log files, text files, media files, etc. This is so annoying, as I sit there waiting for the scan to finish, knowing that Comodo is ignoring what I tell it to do, or not to do.

Why spend so much time scanning what doesn't need to be scanned?

Please please please fix this...

[HeffeD]

The release notes for 3.8.65951.477 say "FIXED! AV Exclusions do not work". Well I can tell you, they still don't work.

I think what was fixed was actually another problem.

Something to do with exclusions still giving detection errors if you do a right click scan or something.

But yes, it is pretty frustrating when you tell CIS to exclude something and it still ends up scanning it...

From our friends at Miriam-Webster.

Exclude
One entry found.

Main Entry:
    ex*clude
Pronunciation:
    \iks-ˈklüd\
Function:
    transitive verb
Inflected Form(s):
    ex*clud*ed; ex*clud*ing
Etymology:
    Middle English, from Latin excludere, from ex- + claudere to close -- more at close
Date:
    14th century

1 a: to prevent or restrict the entrance of b: to bar from participation, consideration, or inclusion2: to expel or bar especially from a place or position previously occupied

[fingershop]

Thanks HeffeD. Maybe adding a poll on this wish would help?

[HeffeD]

I don't know if a poll would help any more than people just posting that it would be a good idea or not.

[arhant01]

The exclude option only supresses detection rather than scan exclusion. there could be a few reasons -
1. the underlying assumption being that the number of false positives would be very low and the file sizes would also be small hence the performance boost from scan exclusion could be minimal (exclusion is only for false positives and not for large files, which is a different option)
2. any scan exclusions would add an overhead check on the scan telling it what to scan and what to exclude which may not be the case today. even if it is present today, it probably follows an algorithm to scan files placed in the HD sequentially to maximize read speeds. exclusions could lead to jumps in this process.

[HeffeD]

1. the underlying assumption being that the number of false positives would be very low and the file sizes would also be small hence the performance boost from scan exclusion could be minimal

Performance boosts through scan exclusion is definitely not minimal in the case of folder excluding. For example, on my system, I have over 17GB of non-infectable files that it is silly to scan. If I was able to exclude these folders, that would be a serious improvement in scan time.

(exclusion is only for false positives and not for large files, which is a different option)

Yes. As has already been mentioned, we're not talking about file size here, so the file size limiting doesn't apply.

Not to mention that 'exclude' doesn't make sense if the action is actually just 'ignoring' a detection. See the defintion of the word 'exclude' that I posted earlier.

2. any scan exclusions would add an overhead check on the scan telling it what to scan and what to exclude which may not be the case today. even if it is present today, it probably follows an algorithm to scan files placed in the HD sequentially to maximize read speeds. exclusions could lead to jumps in this process.

So you're saying that the overhead of the scan engine having to keep track of which files to exclude is going to be more resource intensive than the resources used to actually scan the files? I find that a bit hard to believe. You're going to have a single check to verify if the file is to be scanned or not. Whereas scanning the file has to scan the file, compare the hash with the virus DB, etc...

[HeffeD]

OK, 3.9 is now out and excluded files are still scanned...

What's the story here?

And please don't say that with the new "stateful" scanning mode, exclusions aren't necessary because only files that have been modified will be scanned. Egeman made a post in the thread asking whether the new stateful mode was a security risk saying that when virus definitions are updated, this will be reset and the files will be rescanned. So in the case of a weekly full system scan, the "stateful" mode is as good as irrelevant as surely there has been a virus definition update over the course of the week. In fact, with that in mind, "stateful" is only useful for about 8 hours. (General time frame of when CIS automatically updates the definitions)

For every other product I can think of, anything on the exclusion list is excluded! Why does CIS merely ignore instead of exclude?

Normal exclusion method = Exclude files from scan. (Files are not included in scan)
CIS exclusion method = Scan excluded files, suppress any detections. (This would be ignore, not exclude!)

Please add an actual exclusion function to CIS. Ignore is just a waste of resources.

[gleach]

im happy to have the scanner scan everything, at least then they are checked against a new database. i wouldnt be comfortable permanently excluding anything.

[HeffeD]

If you have files that can't be infected, there is no harm in having them not be scanned.

[nomnex]

Please add an actual exclusion function to CIS. Ignore is just a waste of resources.

I second that. System wise management vs. paranoia. I am not convinced by arhant01 explanation. I will follow the thread to see it can be sorted out before installing CAV. Mabye CSI 4 will be the one?

[slg123]

OK, 3.9 is now out and excluded files are still scanned...

Please add an actual exclusion function to CIS. Ignore is just a waste of resources.

 .

[Tags:]