Home » Groups » Endpoint Virtualization

Ignoring Processes: A Must-Read for Symantec and Norton Antivirus Users

Ignoring Processes: A Must-Read for Symantec and Norton Antivirus Users
Filed under: Software Virtualization Solution Configuration, Inventory, Tuning
Jared Payne's picture
Submitted by Jared Payne on 28 February, 2006 - 11:01.

A feature in the SVS final release is the ability to configure SVS so certain applications running from the base cannot see virtualized applications. Jared Payne tells us how and when this is cool.

The final release of Software Virtualization Solution (SVS) includes a feature called Program Ignore. Program Ignore makes it possible for applications that are installed in the base to run and not see virtualized data. This feature is quite simple to use.

  1. Open regedit and go to HKLM\System\Altiris\FSL
  2. Create/Edit a new Multi-String Value named "ProgramIgnoreList"
  3. Enter the complete path for the executable that you want to ignore in "ProgramIgnoreList"
  4. Restart the computer (the ignore list is only read at system start up)

Antivirus software is one of the main reasons this feature was added. We recommend adding your antivirus scanner to ProgramIgnoreList. You only need to add the scanner executable to this list. It is important to note that SVS does not affect the run-time functionality of antivirus products. Files are scanned as they are opened and SVS does not interfere with this.

There are some other times when you might want an application to be ignored. One example could be an inventory program. If an inventory program sees a file twice (virtualized and unvirtualized), it may get counted twice. Whatever your reason for ignoring a program, this new SVS feature allows you to do it.

By the way, there are no security implications for ignoring an executable. The executable will not have any more access than it would if it could see virtual data.

4
Average: 4 (10 votes)

ProgramIgnoreList default entries

Submitted by graeberj2000 on 25 April, 2006 - 14:04.

I didn't see anything about this in the documentation, but I do get the impression that the registry key(HKEY_LOCAL_MACHINE\SYSTEM\Altiris\FSL\ProgramignoreList) gets autopopulated. Can you shed some light on this?

You are correct

lordjeb's picture
Submitted by lordjeb on 26 April, 2006 - 11:12.

Yes, this gets autopopulated with some antivirus products that we know have a problem if they don't get ignored. What this means is that the AV products find the files in their physical location rather than the virtual location. (I.e., the files still get scanned correctly.)

Does not work with cygwin

Submitted by mbaierl on 21 December, 2006 - 08:08.

Too bad this does not work with cygwin at all. First of all it seems to be impossible to add every single cygwin binary to the ProgramIgnoreList, would be great if a directory can be masked.
On the other side it would be great if this would work at all, my tests did not show any differences to cygwin.

Until when will this be fixed?

Great Use For This

Submitted by tfronza on 21 December, 2006 - 10:24.

I see a great use for this when building a New Layer that is dependent on another Layered piece of software. For example, some of our custom-built in-house applications are dependent on IBM DB2 registered databases and we have built a layer for DB2. This would be helpful for that.

variables in path

Submitted by Sundance on 24 July, 2007 - 00:48.

Hiho,

can i use the svs environment variables like [_B_]PROGRAMFILES[_E_] ??

McAfee Programs to Ignore

Submitted by Scot Curry on 20 May, 2008 - 15:59.

Many thanks to Scott Jones for getting the low down on the McAfee program names to ignore.

C:\Program Files\McAfee\Managed VirusScan\VScan\McShield.exe
C:\Program Files\McAfee\Managed VirusScan\VScan\EngineServer.exe
C:\Program Files\McAfee\Managed VirusScan\Agent\HtmlDlg.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\Program Files\McAfee\MPF\MpfSrv.exe
C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtTry.exe
C:\Program Files\SiteAdvisor\6173\SAService.exe
C:\Program Files\SiteAdvisor\6173\SiteAdv.exe

Ignore Processes for McAfee VirusScan Enterprise

rpfenninger's picture
Submitted by rpfenninger on 21 May, 2008 - 01:01.

When using McAfee VirusScan Enterprise, I'd recommend to further add the scan32.exe usually found in C:\Program Files\McAfee\VirusScan Enterprise to the Process Ignore List. The scan32.exe represents the On-demand scan.

Small Technical Question...

FrankB's picture
Submitted by FrankB on 2 August, 2008 - 17:06.

What's the limit of programs one can add to this list?

______________________________________________
Frank Bastiaens
Senior Technical Consultant
Vanderlet B.V.

Are you talking about

Jordan's picture
Submitted by Jordan on 4 August, 2008 - 12:37.

Are you talking about numerical limits? You're limited to the size of the multi-string (in characters).

SVS it self doesn't have a limit that I'm aware of.

But why?

Submitted by AllanP on 21 August, 2008 - 02:10.

Im missing a reason why i would have to ignore Symantic Antivirus ?