locked
excluding file types? RRS feed

  • Question

  • Is there any way to make sure that certain file types are excluded in my virus scans?

    I am almost certain that mp3 and avi files cannot be infected with viruses, and i have a lot of mp3s and itunes aac file on my hard drive. What i'd like to do is half one care completely skip mp3 files during a scan, because it looks like onecare scans them during routine scans.

    By default i dont mind onecare scanning mp3 files, but i would like the option of being able to exclude that file type at my descrition. I noticed i can exclude entire hard drives, or folders from being scanned, but not file types. It could help expedite the scanning process! :I


    then again, i never thought jpg files could exploit a vulnerability in windows a few years ago (glad they resolved that), so who knows, but as of right now i'd like mp3 files excluded.
    Monday, August 6, 2007 8:16 AM

Answers

  • No, because that would also imply these file types wouldn't be scanned, which is dangerous since these exact types are some of the most often faked on P2P networks and other rouge distribution points.

     

    There are many tricks used by those creating malware, much of which is taking advantage of loose interpretations within the filing system which have existed for years. Assuming that a file type is accurate is dangerous, since parts of the OS will re-detect the actual embedded file identity and attempt to hand it off internally to the correct handler, resulting in potential execution of malware.

     

    Since the Exclusions are designed to affect only the Tune-Up and you are aware of exactly which areas of the drive(s) you have deemed excluded, you know where you've created these risks for yourself. Excluding types implies that all files of that type are safe, which as you can see isn't necessarily true.

     

    OneCareBear

    Tuesday, August 7, 2007 2:14 PM
    Moderator

All replies

  • No, because that would also imply these file types wouldn't be scanned, which is dangerous since these exact types are some of the most often faked on P2P networks and other rouge distribution points.

     

    There are many tricks used by those creating malware, much of which is taking advantage of loose interpretations within the filing system which have existed for years. Assuming that a file type is accurate is dangerous, since parts of the OS will re-detect the actual embedded file identity and attempt to hand it off internally to the correct handler, resulting in potential execution of malware.

     

    Since the Exclusions are designed to affect only the Tune-Up and you are aware of exactly which areas of the drive(s) you have deemed excluded, you know where you've created these risks for yourself. Excluding types implies that all files of that type are safe, which as you can see isn't necessarily true.

     

    OneCareBear

    Tuesday, August 7, 2007 2:14 PM
    Moderator
  • I'm confused.  I read in another post that new in the beta you *can* exclude file types (.zip, .cab, etc...), in addition to the only current option of excluding entire file folders. 

    Friday, August 24, 2007 3:45 PM
  • You can exclude a specific file, but not all files of a type. Since I don't have the beta on the machine I am currently using, I can't say that with 100% certainty, but I'll go with 99%... I've certainly been wrong before!

    -steve

     

    Friday, August 24, 2007 5:59 PM
    Moderator