Antivirus Exclusions

For many years Microsoft has had an exclusion list of files and folder that antivirus should not scan. I’ve seen similar knowledgebase articles from antivirus venders. For some reason this became blogworthy over at TrendMicro. That has set off the usual echo chamber of anti-Microsoft handwringing. (wait a second an echo chamber of handwringing? exactly how loud is that? Stop mixing metaphors).
A lot of people have the knee-jerk reaction “oh no the virus writers will start putting their viruses there.” The TrendMicro blog entry isn’t as worried about the exclusions as he is about the public knowledge of the exclusions. “Now, although it actually makes sense to stop checking …we are concerned by the fact that this was released publicly.” I laughed out loud when I read that. Security through obscurity is no security at all. If you don’t tell antivirus administrators what to exclude from scanning just who are you going to be sharing this mystic secret with?
All the articles I’ve read imply that the only reason to make antivirus exclusions is performance. Exclusions can also be necessary to allow a product to work correctly. Data integrity is a valid reason for antivirus exclusion, I think.

Unlike what some people think,
exclusions aren’t just for the performance of scheduled scans. On the contrary they more needed for real-time scan exclusion. Lots of files created in a folder and deleted, etc. That is a real time scan situation.
Microsoft’s KB is clearly aimed at system administrators not home users, in this writers opinion. Excluding a file from scanning is not a white flag of surrender. Endpoint security suites may still have IDS, proactive and firewall components. The malware will need to beat the antivirus to get on the system in the first place.
I guess I got my hand wringing out of the way on this one five years ago. Strangely TrendMicro did too. Their own knowledgebase has instructions with some recommended exclusions to solve problems with shaddowcopy and sql