Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.
12-07-2022 06:27 AM
Hello to all,
I am experiencing a problem on a machine where scans are pushing the overall CPU load to 100% for several minutes to several hours and only slowly decreasing.
This causes problems for the use of the Syngo.Via software installed on this machine and the syngo.via server is not responding, the syngo.via clients are not usable and freeze/plant or respond very slowly.
In the documentation of this software there are exclusions to be made in the antivirus:
- C:\ISPACE\*.* (if present)
- C:\Program Files\Siemens\*.*
- C:\Program Files (x86)\Siemens\*.*
- C:\store\*.*
- C:\sysmgtmt\*
- C:\WindowsInstaller*.
- D:\SQL_DATA\*.*
- D:\MSSQL13.MSSQLSERVER_SYDS\*.* ([13] depends on the instance)
- E:\frontier\* (if present)
- E:\storagefw\*.
- E:\sysmgtmt\*.
- M:\BackupRestore\MSSQL
- N:\WindowsImageBackup\*.
-S:\*.*
as well as the options to be deactivated:
-
Do not scan compressed files.
No compressed files should be scanned as this may lead to performance issues. However, scan compressed files during scheduled full scans!
-
Deactivate heuristic search.
Heuristic search should not be activated as the risk of false positives may arise.
-
Deactivate advanced intrusion detection/prevention (IDS/IPS) and firewall features.
Virus protection suites (for example, suites including firewall and intrusion detection applications) are not supported. Deactivate additional features.
- If you are able to define a default warning text in case an infected file is found, set it to "Virus Scan Alert!
- Only the following actions should be performed if an infected file is found:
- Set the found file to quarantine.
- Write an event to the event log.
To prevent data loss in case of false positives, do not delete or repair infected files automatically. You have to check files manually and delete them if necessary.
- Only the following actions should be performed if spyware, adware, dialers, hack tools, trackware, password crackers, trojans, joke p programs, or key loggers are found:
- Set the found file to quarantine.
- Write an event to the event log.
- In case of remote administrator tools, ignore findings but create events.
- In case of other unwanted programs, ignore findings but create events.
All paths have been added to all modules of the malware profile
I did add these paths to the exclusions but cortex keeps scanning them, I don't know why can you help me?
And where to disable Syngo recommendations (compressed, heuristic, etc )?
Thank you
01-18-2023 02:01 AM
Hi @S-LEGOUGE ,
thanks for writting us in livecommunity.
Im sorry that your message got unanswered for a while, Ive just found it unanswered.
After reading your message and realizing about your issue, I would recommend to open a TAC support ticket.
I hope this helped,
eLuis
01-18-2023 02:09 AM
Hi @eluis ,
One case is currently open and troubleshooting is underway with support.
Thank you
Regards,
11-07-2024 11:12 PM
we have the same problem. Excluding all this number of directories, as requested in Siemens documentation, opens the door to injecting malicious stuff. Thanks
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
