trying to get antivirus policy changed

I am a radiologist who spends all day taxing my computer with thousands of medical images and heavy duty image processing. Unfortunately, my hospital, and many like it, apply the same antivirus policy (symantec endpoint: scan all files on access / modification) to radiologists as to the computers out in the hallways. This is killing our productivity and wasting precious time of a scarce resource: radiologists. Even the noise of the constant disk access by symantec can ruin the otherwise distraction free environment that is the standard of care in reading x-rays.

Can you recommend the best way for me to gather data (and what data to gather) on exactly how much time is being wasted with this aggressive antivirus policy? I may be able to commission IRB approval for a study putting an imaging workstation head to head with and without autoprotect on all file access.

I think I will start with time required to:
1. reboot
2. load / transfer 100, 1000 images
3. look up patient info in our hospital information systems
4. medline literature search
and differences in
5. average noise level

can you think of other professions besides developers that might be victim to a similar scenario?

Naveen

Posted 2009-10-06T00:35:30.257

Reputation: 343

Answers

Anybody playing with large amounts of DATA can be driven bonkers by a scan-all-files approach. It's not the AV itself that's the problem, it's setting it to scan the files that can't be infected in the first place.

One point, though--I don't believe it's causing any extra disk access. When you open a file it's going to scan it--but now the file is cached and when your program actually gets it it's going to be served from memory anyway.

I haven't used Symantec's AV in years so I don't know how detailed it's rules can be made. Assuming it can be done I would be arguing for an exemption for your image files themselves. I don't think it's going to have a noticeable effect on the other things you list.

Loren Pechtel

Posted 2009-10-06T00:35:30.257

Reputation: 2 234

1+1: This is the best balance of suggestions, and adding exclusions for your image files is most likely to get your IT guys to co-operate. – EvilChookie – 2009-10-06T04:01:56.130

Not sure you want to recommend exempting images... there have been a variety of noted exploits recently with various image rendering libraries - mac and windows. – AnonJr – 2009-10-06T21:25:28.377

Probably not the answer you are looking for, but the real problem is more likely insufficient hardware. The aggressive AV policy is there for a reason.

What are the tech specs for the computer in question?

Based on comment:

intel duo core > 2 ghz cpu
2gb ram
> 100 gb hard drive - harddrive is fairly modern.

Those specs are rather reasonable for most things, but as a hospital employee I know how big some of those image files get... and they can bog down even the most beefy of systems.

Next question is how current is the version of your AV product? Some of the older versions of Symantec products were not known for their ... efficiency.

While some would suggest the AV be set to ignore images, I'm not so sure I'd go that route. There have been a variety of noted exploits recently with various image rendering libraries - mac and windows. These days I'm not sure there's anything I would ignore as an infection vector.

AnonJr

Posted 2009-10-06T00:35:30.257

Reputation: 1 124

intel duo core > 2 ghz cpu <br> 2gb ram <br>

100 gb harddrive <br>

harddrive is fairly modern. hardware is not the issue. – Naveen – 2009-10-06T03:10:53.500

Depends what you are running. This laptop right here has 2 GB (acutally 4 GB, but that's another SU question) is running Vista with only Opera, PuTTY and 3G software, yet is hitting the disk hard as I type. – Tom Hawtin - tackline – 2009-10-06T04:16:10.343