Your browser is obsolete!

The page may not load correctly.

The rules of ”basic hygiene”

Правила гигиены

Other issues in this category (98)
  • add to favourites
    Add to Bookmarks

About the benefits of exceptions

Read: 1307 Comments: 2 Rating: 43

Tuesday, August 16, 2016

A complex medical device shut down right in the middle of a patient’s heart surgery because an anti-virus scan had been scheduled to take place at that time on a machine that was receiving critical data from the device.

The anti-virus had been scheduled to run scans hourly and started performing its task mid-procedure.

The company behind the device said that the anti-virus prevented important data from being collected during the heart catheterisation procedure. Unable to process data in real time, the application froze.

http://gearmix.ru/archives/27880

But can the anti-virus be held responsible for this incident?

By default, an anti-virus scans all files that are being opened on a machine (and if ‘paranoid mode’ is enabled, files are checked whenever data is written to them). So if a program:

  • constantly writes or updates data (i.e., stores it in a database or log file)
  • and keeps opening a certain file (a database or a log file),

the anti-virus will have to constantly rescan the file or the database. This goes on even though it’s often not necessary—sometimes files can't possibly contain malicious code, for one reason or another.

Like any other application, an anti-virus can't be aware of the idiosyncrasies of all applications and adjust its own behaviour on the fly. This is especially true if a recently released update or a readjustment in the application's settings alters its behaviour. After installing an anti-virus, a system administrator can (and in this specific case, they should have done so) exclude certain files and folders from scanning and define specific scanning rules for certain file types. All modern anti-viruses provide abundant tools that permit their fine-tuning.

These tools can improve a protected system’s performance and stability.

On their websites, software developers publish lists of files and services that they recommend be excluded from scanning. Here are a few examples: https://support.microsoft.com/ru-ru/kb/328841, https://technet.microsoft.com/en-us/library/9fb755f5-5f0b-4817-a584-70c76a62eae2.aspx and https://support.microsoft.com/ru-ru/kb/943556.

The Anti-virus Times recommends

  1. When deploying an anti-virus, do the following:
    • Find and carefully study manufacturer recommendations for the hardware and software you are using with regards to anti-virus scan exceptions.
    • Configure access permissions for the exceptions (files and folders) in such a way that only the program that needs to access them can do so.

    To create an exceptions list in Dr.Web Security Space, click on the padlock icon #drweb (it will now look like this: #drweb ), go to Settings → Exclusions → Files and folders.

    #drweb

    To add an item to the list, click #drweb, select a file or folder, and choose the component for which the exception will be applied.

    #drweb

    To exclude all files or folders with certain names, enter the names in the corresponding fields. There is no need to specify the path to the directories or files.

    To exclude certain types of files and folders from scanning, enter the corresponding regular expression. A regular expression indicates a name pattern.

    To restore default settings, go into the drop-down list and select Reset settings.

    #drweb

  2. Criminals are always searching for (and finding) new ways to penetrate a protected system. For example, if you adhere to a developer’s recommendation to exclude certain folders from scanning, hackers can make those locations hiding spots for their malware files. Therefore, if you use exceptions:
    • Scan these files and folders with an anti-virus regularly.
    • Install all security updates.

[Twitter]

Tell us what you think

To leave a comment, you need to log in under your Doctor Web site account. If you don't have an account yet, you can create one.

Comments