this post was submitted on 08 Jan 2025
261 points (100.0% liked)

Programmer Humor

22854 readers
134 users here now

Welcome to Programmer Humor!

This is a place where you can post jokes, memes, humor, etc. related to programming!

For sharing awful code theres also Programming Horror.

Rules

founded 2 years ago
MODERATORS
[email protected]
[email protected]
[email protected]
[email protected]
261
My corporate anti-virus doesn't let me add scanning exclusions (i.imgflip.com)
submitted 3 months ago by [email protected] to c/[email protected]
45 comments fedilink hide all child comments
 
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 66 points 3 months ago (12 children)

IT guy here, if we gave developers the option to exclude whatever the hell they wanted from AV scanning it would just mean that we would end up with computers where the entire C: drive would be excluded.

No, can't have that.

So what should a decent IT department do to give developers the access they need to do their job while maintaining a decent level of security?

Well, the least bad solution I have worked with was to have a non generic path that was excluded by policy.

Something like C:\Excluded

The directory was excluded from AV scan and allowed in policy, the user could put what they needed there and it would be fine.

[–] [email protected] 33 points 3 months ago (9 children)

So what should a decent IT department do to give developers the access they need to do their job while maintaining a decent level of security?

Give them a Linux machine?

[–] [email protected] 5 points 3 months ago (4 children)

A machine that takes extra time and skills to manage?

[–] [email protected] 7 points 3 months ago (1 children)

As someone who does exactly that right now. Yes.

You need a Linux machine in a separate network with separate firewall rules and the developer has to devote a bit of their time to managing that machine.
It can even be centrally managed, if you have the capacity.

But why would you want that? To secure your shit while allowing the devs to to what they like to their equipment.

[–] [email protected] 4 points 3 months ago (1 children)

In an ideal world I agree with you, but when resources are limited, running a separate environment is not allways realistic.

[–] [email protected] 5 points 3 months ago (1 children)

^ this

As an example of scale, my company has an entire IT team of a handful of people for managing such an environment for a thousand or so devs and engineers.

[–] [email protected] 2 points 3 months ago

My past role was a combined role of these:

Helpdesk technician
VIP technician
Linux system administrator

We didn't effectively administrate the Linux environment, I was the only linux admin at the company, and I wasn't even doing it full time.

load more comments (2 replies)
load more comments (6 replies)
load more comments (8 replies)