I really am liking the new v7 (now at latest 4142) but my page scanning operations run slowly and I would like to try to make sure that CIS is not impacting it in any way. You see, this scanner (a Visioneer Strobe 500) has some tricky software, including a driver, and a couple of Services (Windows 7 Home Premium x64) and a landing program or two (Nuance PaperPort, PDFCreator etc) and it has several methods to launch it, not just from within a program but also buttons on the scanner itself.
So I go to Advanced Settings for D+ and find most everything that I THINK the scanner uses under Trusted Files. Is there any more I should do, or can do, to make sure CIS leaves things alone thus not slowing the process any more than it has to? Dunno for example if AV checking is done upon every launch, or “shellcode exclusions” are involved, or anything else I should be concerned with?
A related question: is the Trusted Files list consulted each/every time a program is launched, thus it would be prudent to keep the NUMBERS of these trusted files as small as possible i.e. to Purge it periodically?
I am going to assume that yours is a serious question.
What is happening is that the different executables that launch when a scan is requested are taking “noticeably longer” to appear, like a second or two longer. This is annoying of course with a page scanner where you are inserting a page and waiting for the detection/pullthrough process. I am simply asking how I can make sure that CIS is not interfering in any way with these processes, e.g. by “checking them first” whether is be AV or HIPS or D+ or whatever other magic CIS employs.
First thing to check is to see if any of the executables are sandboxed. If so move them from Unrecognised Files to Trusted Files. Then see if adding them to the Excluded Applications of the AV.
When that does not help try adding the executables or complete installation folder to the Exclusions of Detect shellcode injections.
Purging the Trusted Files is not needed. According to egemen parsing it goes quickly even with huge amounts of entries. Even if it were an influence it would not be of influence of your case as the file only gets looked up when it is started. Once it runs there is no influence on performance.
