Exclude should actually exclude! [Fixed in 3.10]

It is counterintuitive that excluded files/folders are still scanned.

The help file says:
All items listed and all items added to the ‘Exclusions’ list will be excluded from all future scans of all types.

Yet anything you put on the list to exclude is in fact still scanned. Logic-wise, this is a bit of a mind bender…

Resource-wise, this is an app killer when scans take upwards of 4x as long as other AV software.

Yeah, I noticed that too. Kind of annoying that this feature doesn’t do what it says it does considering the number of false positives generated.

Add my vote!!! If you add an item to the exlusion list, it shouldn’t be scanned at all.

I’m also really curious as to why there would be a “File Group” for “Executables” and “All Applications” but not for media files or digital pictures. Wouldn’t it make sense to exclude generally non-executable files like JPGs, MP3s, MPGs, and their like?

The key word here is “generally”. Download a few music files from a P2P host and see how many malware alerts you get while downloading. :wink:

The release notes for 3.8.65951.477 say “FIXED! AV Exclusions do not work”. Well I can tell you, they still don’t work.

When I choose to scan Critical Areas, whether scheduled or on demand, it scans far too many files, and for far too long. I’ve added exclusions, but as other people have noted, it still scans the excluded items anyway.

Using FileMon from SysInternals, I found that Comodo is reading the entire contents of all the files its scanning, even the excluded ones, like log files, text files, media files, etc. This is so annoying, as I sit there waiting for the scan to finish, knowing that Comodo is ignoring what I tell it to do, or not to do.

Why spend so much time scanning what doesn’t need to be scanned?

Please please please fix this…

I think what was fixed was actually another problem.

Something to do with exclusions still giving detection errors if you do a right click scan or something.

But yes, it is pretty frustrating when you tell CIS to exclude something and it still ends up scanning it…

From our friends at Miriam-Webster.

[b]Exclude[/b] One entry found.

Main Entry:
exclude
Pronunciation:
\iks-ˈklüd\
Function:
transitive verb
Inflected Form(s):
ex
cluded; exclud*ing
Etymology:
Middle English, from Latin excludere, from ex- + claudere to close – more at close
Date:
14th century

1 a: to prevent or restrict the entrance of b: to bar from participation, consideration, or inclusion2: to expel or bar especially from a place or position previously occupied

Thanks HeffeD. Maybe adding a poll on this wish would help?

I don’t know if a poll would help any more than people just posting that it would be a good idea or not.

The exclude option only supresses detection rather than scan exclusion. there could be a few reasons -

  1. the underlying assumption being that the number of false positives would be very low and the file sizes would also be small hence the performance boost from scan exclusion could be minimal (exclusion is only for false positives and not for large files, which is a different option)
  2. any scan exclusions would add an overhead check on the scan telling it what to scan and what to exclude which may not be the case today. even if it is present today, it probably follows an algorithm to scan files placed in the HD sequentially to maximize read speeds. exclusions could lead to jumps in this process.

Performance boosts through scan exclusion is definitely not minimal in the case of folder excluding. For example, on my system, I have over 17GB of non-infectable files that it is silly to scan. If I was able to exclude these folders, that would be a serious improvement in scan time.

Yes. As has already been mentioned, we’re not talking about file size here, so the file size limiting doesn’t apply.

Not to mention that ‘exclude’ doesn’t make sense if the action is actually just ‘ignoring’ a detection. See the defintion of the word ‘exclude’ that I posted earlier.

So you’re saying that the overhead of the scan engine having to keep track of which files to exclude is going to be more resource intensive than the resources used to actually scan the files? I find that a bit hard to believe. You’re going to have a single check to verify if the file is to be scanned or not. Whereas scanning the file has to scan the file, compare the hash with the virus DB, etc…

OK, 3.9 is now out and excluded files are still scanned…

What’s the story here?

And please don’t say that with the new “stateful” scanning mode, exclusions aren’t necessary because only files that have been modified will be scanned. Egeman made a post in the thread asking whether the new stateful mode was a security risk saying that when virus definitions are updated, this will be reset and the files will be rescanned. So in the case of a weekly full system scan, the “stateful” mode is as good as irrelevant as surely there has been a virus definition update over the course of the week. In fact, with that in mind, “stateful” is only useful for about 8 hours. (General time frame of when CIS automatically updates the definitions)

For every other product I can think of, anything on the exclusion list is excluded! Why does CIS merely ignore instead of exclude?

Normal exclusion method = Exclude files from scan. (Files are not included in scan)
CIS exclusion method = Scan excluded files, suppress any detections. (This would be ignore, not exclude!)

Please add an actual exclusion function to CIS. Ignore is just a waste of resources.

im happy to have the scanner scan everything, at least then they are checked against a new database. i wouldnt be comfortable permanently excluding anything.

If you have files that can’t be infected, there is no harm in having them not be scanned.

I second that. System wise management vs. paranoia. I am not convinced by arhant01 explanation. I will follow the thread to see it can be sorted out before installing CAV. Mabye CSI 4 will be the one?

:-TU.

I’m not even a heavy user of the AV in CIS but I also still agree it should exclude from scanning.

Well the real time scanner from my tests does exclude in 3.9 but the On Demand does not it just ignores. but then again i dont tend to do scans or even exclude stuff.

I’m curious how you are testing this. Is there some indicator in CIS when a file is being scanned in real time? And was perhaps the exclusion you noted during the real time scan a function of stateful scanning?

Because if the real time scanner is indeed excluding, then it would appear that the functionality is already built in to the scanning engine and the on demand utilization of the feature is simply broken. In which case this would be a bug and not a wish…

Egeman? I know you developers loathe to answer questions like this, but could you please speak up on whether or not the list is functioning as intended? Any hope of actual exclusion in the future?

Well i ■■■■ a zip file that has about 350 malware that is detected by CIS and exculuded it then using 7 zip i extracted the file and at the same time watched in Task manager for Real and Virtual memory and CPU usage NO change. cmdagent was using NO CPU when i was extracting the malware

However i will also try with real time set to on Access
Edit:
Tryed with ON access, same result memory did not grow and when i was extracting all the files cmdagent.exe did not use any CPU.

Interesting…

Hopefully Egeman or another developer will jump in and give us some info.