Solving Performance Issues with Anti-Malware Exclusions

Solving Performance Issues with Anti-Malware Exclusions

By Timothy Karl
Posted in Infrastructure, Security
On July 02, 2021

With anti-malware scanning software it is very important to have the proper malware exclusions in place. A misconfiguration of these settings may lead to performance issues which can may cause outages of critical applications and services due to file contention and locking. IT administrators need to find a balance between a malware-free environment and affecting the reliability and performance of any applications or services.

Anti-malware exclusions can come from a variety of sources. Each anti-malware software vendor has their own set of exclusions that must be implemented. Many application and services vendors provide a list of generic exclusions that need to be put in place. Companies may also have in-house applications that require their own set of custom exclusions. It can be difficult to manage and apply these settings.

Being in an IT support role, we have all had to deal with performance issues related to anti-malware software. You have put in all the recommended exclusions, but you are still seeing performance issues with applications and services. How do you validate that these settings are in place and are being enforced on a computer?

The best way to test if these exclusions are in place is with a real virus. Obviously, there is risk with testing anti-malware software against real viruses. That is where anti-malware test files come in to play. They are simple test files that are harmless to a system but will be picked up by anti-malware scanners. It is the best way to troubleshoot performance issues related to anti-malware exclusions. They can also be used in other scenarios, such as testing out anti-malware upgrades, testing new deployments, or validating corporate procedures and policy.

The Anti-malware test files that I recommend come from an organization called EICAR. They are free to download and come in a variety of formats, including an executable, text file, and a variety of zip files. I’ve found the best way to use the test file is to download the text file. The other formats can be challenging to download because they may be immediately be picked up by anti-malware scanner.

To use the text file, just copy the contents to a blank file on the system you want to test and rename the extension to an executable. It will then be immediately picked up if the proper exclusions are in place. If not, it is likely you do not have the proper exclusions in place or you do not have a good scanner solution in place.

Timothy Karl

Timothy Karl

Tim has over 10 years’ experience in the design, development, and deployment of Windows infrastructure technologies. His experience also includes the high-level design of complex thin client and server-based computing environments. He is highly fluent in all aspects of Windows and Citrix infrastructure technologies.