SEARCH

How-To Geek

Antivirus Slowing Your PC Down? Maybe You Should Use Exclusions

Retro Virus

Protecting your computer with an antivirus solution is par for the course when you’re dealing with a Windows PC, but unfortunately it slows you down at the same time. Here’s how to improve your performance, at least a little bit.

We’re not going to sit here and tell you to go without antivirus, since that would be irresponsible. What we’re going to do today is explain how you can exclude certain folders with write-heavy operations to speed up your PC without putting yourself into extra danger.

Note: Before you start excluding any files, you keep in mind that changing any of the default security settings could be risky, and you should probably close the browser tab and run away. Or maybe print off the article and burn it.  Also, the image is by xkcd

What Files Should You Exclude?

The general idea is that if you have some applications that are writing to the hard drive constantly, you should probably exclude the folders they are writing or reading from, as long as those applications are trusted and safe.

For example, if you’re using a virtual machine, which does both reads and writes from the hard drive on a fairly constant basis, you should make sure your antivirus application is not scanning those files and folders. Here’s a few examples of some things you may consider excluding:

  • Virtual Machine Directories: If you’re using VMware or VirtualBox, you should make sure those locations are excluded. This is actually what prompted this article, and probably the only significant performance boost out of the things we’re mentioning.
  • Subversion / TortoiseSVN Folders: Have you ever tried to do a big checkout of a source control project and had it fail? There’s a good chance that it’s conflicting with your antivirus application. This one has personally happened to me.
  • Personal Photo/Video Folders: Got you have a massive library of photos or videos that you’ve taken with your digital camera? As long as you only use this location for files copied from your SD card, there’s no reason to be scanning it and slowing your PC down while doing photo editing.
  • Legitimate Music Folders: If you’re downloading music from shady sources, this does not apply. If you’ve ripped your own CDs or downloaded from somewhere legitimate like Amazon, then you can safely exclude your music folder.
  • Windows Update Folders: This actually comes straight out of a Microsoft KB article—you’ll notice that they don’t recommend it, because they can’t do that in case somebody writes a special virus for the purpose of suing them, but the same principle applies.

Other Scenarios

There’s a nearly infinite number of applications and scenarios for everybody’s PC, so it’s hard to say exactly what is going to work on your PC—but there’s a way you can figure it out for yourself using Process Monitor, the great tool from Sysinternals at Microsoft.

Just open up Process Monitor, and then “uncheck” all of the little icons on the right-hand side of the toolbar, leaving only the “Show File System Activity” one checked. At this point you’ll see loads and loads of items in the list, with every access to the file system.

image

You can use this data to figure out which applications are constantly reading and writing to the hard drive, and then based on the safety of those files, you can choose whether or not to exclude them.

Don’t Exclude File Types, Exclude Folders

When you exclude a filename or file extension, you are telling your antivirus software to completely ignore those files anywhere on your system, which could cause a security problem. It’s a much better bet to exclude a particular folder that you know is safe, like your virtual machine folders.

Always Scan Files from the Internet

I’ll start by saying this should go without saying… which always seems to be said anyway… but you should make absolutely certain to scan any files that come from anywhere on the internet, and especially when those files come from torrents or other similar sources rife with viruses.

All Antivirus Applications Work Differently

The next thing to mention is that not every antivirus application is going to work the same way—for instance, by default, AVG only scans a specific set of file extensions, and files with no extensions. There’s no way to tell—without benchmarking, at least—whether excluding folders will make a performance difference if they don’t scan those extensions.

Some other anti-virus applications, however, don’t limit themselves to specific file types, so you’ll need to dig into the settings for your particular application.

Excluding Files from Microsoft Security Essentials

Microsoft Security Essentials makes it real simple to exclude files—just head into the Settings, choose Excluded files & locations on the left-hand side, and then add folders into the list on the right-hand side.

image

You’ll probably notice that MSE doesn’t slow your system down very much anyway.

Excluding Files from AVG Anti-Virus

As we mentioned earlier, AVG works a little differently—if you head into Tools –> Advanced settings…

image

Then head to Resident Shield –> Advanced Settings to see the list of file types that are currently being scanned. You’ll notice that AVG always scans files with no extensions, which shouldn’t normally pose a problem, but depending on the applications you’re using there might be a problem.

sshot-2010-11-15-[2]

You can switch to the Resident Shield –> Excluded Items to add in folders or specific files to exclude from scanning.

image

We’re not going to cover every other antivirus application, but they all pretty much work the same. Also, we prefer Microsoft Security Essentials.

Funny Related Story

image

About 10 years ago, when I was still fairly new at the vaporware company I was working for at the time, the ILOVEYOU worm attacked our email system, crushing our Microsoft Exchange server with an overload of emails, and then the worst possible thing happened—our email server became corrupted. The IT staff ran the recovery tools, which fixed the problem and all was well… for a few hours until it became corrupted again. And again.

After a couple days of this problem, I finally popped my head in the door and asked to take a look. Sure enough, the problem became very clear within minutes.

That’s right. You guessed it…

They had installed the desktop edition of Norton Antivirus on the email server, and they didn’t exclude the database folder for Exchange. Virus-laden emails came into the Exchange database, and then Norton proceeded to rip them right out of the database itself, corrupting the files badly in the process.

Of course, I removed Norton and proceeded to grab a reputable antivirus plugin for Microsoft Exchange, which cleaned the emails the proper way, and all was well. Until the brilliant IT person installed Norton again. *sigh*  At least I got a promotion out of it.

Wrapping Up: Use This Tip At Your Own Risk

Just to wrap up, and as we said earlier, forget that you read this article, and if you get a virus don’t blame us. This especially applies if you’re not really sure what you’re doing—this probably isn’t something you should mess with.

Lowell Heddings, better known online as the How-To Geek, spends all his free time bringing you fresh geekery on a daily basis. You can follow him on if you'd like.

  • Published 11/15/10

Comments (37)

  1. Tasaduq

    I thought its just here, that everyone loves Mcafee, and they keep getting viruses. LAWL

  2. Tiago

    Thx! very much for this very useful article, greetings!!!

  3. Ann

    Your comments about Norton make me nervous. Did you mean to imply a problem with all Norton software?

  4. jerry robinson

    I have an ongoing problem with the “lsass” process using 50%-60% of the processor almost constantly. I am using “Panda” as my antivirus but it did the same thing with AVG. Any help will be greatly appreciated.

    Thanx

  5. Hatryst

    Why not use an AV which consumes less resources? ;)

  6. Kevalin

    @Ann: Personally, I’ve always experienced Norton to be a massive energy hog, and not nearly as protective as there advertisements are at selling the product. Then again, I switched to ESET’s Nod32 Antivirus years ago and have found it to be excellent and low resource-intensive.

    I will say that I do NOT use their bundled suite, as I’ve yet to own a computer that likes any company’s bundled protection suites. Instead, I use Windows 7 firewall, which, unlike XP’s, is quite excellent. On the computers I have that still must run XP, I like Agnitum Outpost’s Firewall, again, because it does a good job, is user-friendly, and doesn’t suck resources like a newly-awakened vampire.

  7. ron

    Jerry robinson…
    I am not an expert but…
    use system internals (now Microsoft) to watch what is using this file.
    Process explorer is a task manager on steriods, it actually can tell you what program is using or calling a file seen in task manager.
    The file you mention is a legitamete microsoft file but that does not mean it is not something else mascerading as Isass.
    I can’t remember what the files are that this will link with but they are windows functions not a third party software

  8. Michael Bæk

    Howtogeek + xkcd = nice.

  9. Smithers

    In my last job we were forever having this exact problem where the AV would be constantly
    rereading the appplication log and db directory essentially rendering the system useless.

    We always said AV was the clients responsibility but they should exclude the application
    directory or else. They always forgot this and the system always ended up crazy slow.
    C’est la vie!

  10. Grant

    I have a very different fix. I am a Linux user, so I have different options:

    1) I do a hash of EVERY file in the path with the execute permission. (runs only a few minutes)
    2) I compare this to the old version of this hash, showing me every changed or new file with execute permission.

    If I have not done any updates lately, these files are a definite red flag. If I have, they should be files owned by the updated package. I can check to see that they are, and if I want to, even extract them again from the digitally signed package just to be sure.

  11. Chris

    Ya, I work at Geek Squad, had a Desktop in last week that had over 1000 infections, had McAffee as an AV, and this wasnt the first check in for AV removal on that PC, but the client insisted that they keep using McAffee after making many recommendations for another, better AV such as Kaspersky…

  12. Woodzy

    @Chris, more than likely this PC that had 1000 infections probably followed similar to the advice in this article and had McAffee configured wrong? :-\

  13. SonarSubs

    Just because your computer came with AV software doesn’t mean you are protected. You have to actually USE it. I’m using Symantec Endpoint Protection (v11) for years, no viruses since. Also dual protection with Malewarebyte’s Anti-Maleware for spyware. NEITHER are CPU/space hogs. System always run fast, just keep up with weekly maintenance (HINT), keep definitions up to date (HINT), and you’ll be fine. — Those who don’t are the ones with the serious problems.

  14. Fran

    I believe that a system administrator would know never to put a desktop product on a server.

    Symantec has an Exchange product and it works very well.

    If one needs to speed up a scan, break the scan up into drives or sections of drives. Put your low risk, non changing data on a second partition/drive and lock it down.
    Use virtual images that can be erased if a problem comes up. Keep one as the master and clone it for current use. Delete it when youre done. This way youll never infect the host OS or master image.

    get the idea???

  15. Naviciroel

    This is great. It is known to me that anti-viruses eats up a lot of memory. I have my own methods for speeding my PC. I’m currently us Avast antivirus cause it eats less memory and you can exclude/include dir/files for scanning.. Try it its one of the best..

  16. u hit it on the head hacker now

    every thing u said is right i use mcafee now i have a hacker iwould bepleased 2 get rid of all the folders& more hacker 2

  17. Genisis

    LINUX!!! FTW!!!!

  18. BitsBytes

    Howdy,

    Please ignore this advice, unless you have the capacity to restore your computer to how it was prior to your modifying your choice of antivirus in this manner. Really, this is for experts and I mean EXPERTS who you would pay and trust to fix your computer. And only EXPERTS who back up their data regularly. Those who want to do this already know how and should understand the risks of doing so. Be honest with yourself. Are you an expert? Do you want to deal with this suffering or loss?

    You only have to ask yourself this question. Is the time you save using this technique worth the possibility of losing your data forever (pictures, music, work, etc) or your losing the use of your computer for an unknown period? That’s what you risk by doing this.

    The author puts a disclaimer at the end of the article to not blame him if something goes wrong with following this advice. I would ask the author to remove this article in it’s entirety. I would suggest writing an article which free antivirus options are out there and recommend which ones to use.

    The author probably has an article educating users on how to backup data. And probably has weighed the pros and cons of using each method with a recommendation on which one to use.

    This is a well laid out site with many good articles. I just happen to disagree with this idea.

  19. Cant Tell You

    Interesting…

    I use W7 with:

    *M.S.E. (Full Scan – almost 2 hrs completed, no caught virus since almost a year)
    *Delete Browsing History (all check in boxes)
    *Disk Cleanup (Temp Files)
    *Disk Defragmenter (all)

    I alway use this every Mon/Wed/Fri:

    My PC didnt slowing…..still fast!

  20. Jacobm001

    @Ann:
    The main problem is that they used Norton Desktop edition with a server based system.

  21. WILLY

    @ann norton and kaspersky is the best reson why urs not working because u dont update it and Geek Squad told me that they both are the best

  22. Dobermann

    What is problems? it just use Linux)))))

  23. rino

    never liked the idea of making exemptions for files. malwares can and will hide anywhere and everywhere.
    just keep your data to an external hdd that’ll make full scan of your system relatively fast.

    for those who keep saying linux, your comments only show how naive you are with the OS. and it’s even more dangerous than a malware.

  24. The Geek

    @BitsBytes

    I put multiple disclaimers in the article, but at the end of the day, it’s up to the users to decide what they should do. Excluding a couple of carefully selected folders is not going to increase your risk in a meaningful way.

    No antivirus application protects you 100% from viruses—and if they claim to, they are lying. In my experience, users are far more likely to lose all their data because they failed to backup their photos and music, or made the mistake of moving them to an external drive which then died.

    And finally… if you really need to scan every single file, every single time…. why do most antivirus applications only scan certain files? (Like AVG, mentioned above)

  25. Jon

    Anyone using AVG should switch to Microsoft Security Essentials. That’s a better idea.

  26. Deborah

    Avira is the best way to go. I have used it for year and my customers use it.

  27. Elizabeth

    Hello ,,,,,,,,, After reading the comments, I just had to say that every situation is so different and
    what I may use my pc for, someone else is using theirs for something totally different hence the
    software will be different.
    There are plenty of software to choose from and my idea is that of maintaining a car ,,,,,,
    if you diligently maintain it and back up your important files in case of any unusual circumstance
    then you will be just fine.
    To say “AV”, “Norton” etc are the best is a subjective opinion……be objective, do your research
    according to your computer lifestyle and you will have a happy pc :)
    I like this website very much for the honesty the geeks guys have shown me. Their response time
    to emails are awesome ! Not to mention all I have learned in the years which I cannot thank them
    enough !
    Good Night and heyyyy don’t worry, just be happy :)
    E

  28. Rob

    MSE + Paid verson of Malwarebytes + Win7 Firewall=*****

  29. Kevin

    Microsoft Security Essentials is slow at scanning but it does not slow down Vista or 7 on mt machines. I just use the default settings. I don’t worry much about it

  30. Umut

    Do you know that, MSE supports wildcard exclusions when I exclude files and locations?

    For example, is it allright if I write: C:\windows\security\database\*.chk ?

  31. Excelsior PCS

    For those haters of Linux: Linux is becoming more and more popular, due to the fact that “crackers” or people writing viruses are not targeting Linux (yet).
    I personally run Malwarebytes’ Anti-Malware at least once a month and use Avast! as my personal antivirus at home.
    At my office, I use Slackware Linux 13.1, which I also use on a second PC, just for a web server. I love the fact of not having to pay for an Operating System and getting most of the applications, if not all, that I need for free.
    Linux has been around since 1992, as far as I remember (maybe even longer). It is just that some people are too lazy to learn something new, more stable.
    The same PC I am using with Linux right now had MS Windows XP before and it could only “crawl”. Even with 1 GB of RAM, a 1.1 GHz processor and a 40 GB HDD, this PC runs smoothly in Linux, while in Windows XP Professional it had only blue screens of death.
    Run an antivirus in the background, like AVG, Avast! or even Avira and then, from time to time, a program like Malwarebytes’ Anti-Malware (in Safe Mode, in case there is an infection). Keep both programs updated and you should be fine.
    Also, going to sites where you can download illegal software/music/videos is like leaving your front door unlocked and maybe even a little bit open. Once a thief (a cracker) finds that the “door” is open, s/he will go in and do whatever s/he wants.
    I also use multiple hard drives on my PC, one for the OS, one for documents, one for web pages and one for “Other Stuff”.

    Just my 2 cents worth.

  32. fiq

    however i’ am choosing panda cloud anti virus

  33. Marc

    It is a strange situation where the most popular anti-virus programs are also the worst for all reasons and test practically the lowest across the board in all tests done by everyone.

    I just recently saw a TV commercial for Kaspersky, so things may improve, if the old-timers can get over their embedded fear of the red tide when they hear a name like Kaspersky.

    Kaspersky
    Avira
    AVG
    AVAST
    Panda

    All far better than — I don’t even want to mention them — Norton and McAfee *shutter*

  34. Johnathan

    “Norton and McAfee *shutter*”

    Yeah no kidding, I know recently some magazines have given them reviews that makes it sound as though they have improved a lot, but I still do not use either.

    On Excluding folders for scans…. I can say I see your point, but if you are only having problems during scans set your AV to scan when you are not using your PC.

    I know just about any virus scanner catches some of my Visual Studio project files as false “viruses”, but I refuse to exclude those folders or any at all. I just make sure that after scans my AV takes no action and waits for me to tell it what to do.

  35. Mike

    At work we must use McAfee, and our group does a lo of Java programming which is a pain. Rational Application Developer takes 20 minutes to load if you don’t exclude it BUT there is another way. We managed to convince our IT guys (yes we have developers who are not part of IT) that what we need is to only scan on write.
    Stuff only gets on the hard drive by writing it. Once it’s written it only gets changed by another write.
    So why scan on read? Now you still need to do weekend whole disk scan but during the week day scan only on write and it really makes McAfee faster, really.
    Hth,

  36. Winston

    sometimes, it’s difficult to decide which to put into exclusions, as some processes may or may not malicious.

  37. MarkO

    I’ve tried every AV mentioned above & at some point or other they’ve all let in Virus’ , even MSE (which was the last AV i used)

    if anyone suggests AVG, Norton, McAfee i just fall about laughing at them,

    the best one on the market which doesn’t get the recognition it deserves is ESET Nod32 or ESET Smart Security Suite 4, you can’t go wrong with either,

Get Free Articles in Your Inbox!

Join 134,000 newsletter readers

Email:

Go check your email!