Mele20Premium
join:2001-06-05
Hilo, HI
kudos:4 | reply to bcastner
Re: [Vista] Vista System Restore?? LOL You should have just said "System Volume Information" folder. I know all about that.  I exclude it from my AV and I know it is protected. Several years ago, I had 90 restore points corrupted because Kaspersky had rummaged around in System Restore and found eicar which I had sent to the trash bin but didn't empty the bin, plus, I think I left one of the eicar files in my downloaded programs folder just being forgetful. KAV dutifully got rid of it in the System Volume Information folder and put a copy in quarantine. This was while I was sleeping. The next day (I think it was), wouldn't you know, I had a huge problem with a video card driver or something and really needed System Restore. I actually tried all 90 restore points as I was desperate and all were bad. It was only later that I realized why. (I had Acronis TI also and a fairly recent image but Acronis would not boot the computer).
Since then, the first thing I do with a new AV, or AV program update where settings may be lost, is exclude C:\System Volume Information from being scanned both on demand and in real time. (Obviously with this setting, if I ever got a virus, once I got rid of it, I'd need to delete all restore points). Sometimes though using a restore point that has a virus in it is preferable to your only other alternative being reformatting. So, I tell everyone to exclude System Restore from AV scanning so they don't sometime really need System Restore and all the points are corrupted except any since the AV deleted something and those points might be too new to help with whatever problem one is having and needs System Restore for.
I went looking for Volume Shadow Copy Service on XP and Vista. I also did a Google search and learned that VSS is not enabled on XP by default. You have to download something from Microsoft to enable it but once this is done XP also does Shadow Copy of files like Vista does. So, I thought you thought I had this enabled on XP. That is why I said VSS was only in the i386 folder meaning that I obviously had never downloaded the program from Microsoft so that VSS Shadow Copy would work on XP.
I did, from Command Line, get this information on XP:
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.
C:\Documents and Settings\Marilyn>vssadmin list shadows
vssadmin 1.0 - Volume Shadow Copy Service administrative command-line tool
(C) Copyright 2001 Microsoft Corp.
No shadow copies present in the system.
C:\Documents and Settings\Marilyn>vssadmin list writers
vssadmin 1.0 - Volume Shadow Copy Service administrative command-line tool
(C) Copyright 2001 Microsoft Corp.
Writer name: 'Microsoft Writer (Bootable State)'
Writer Id: {f2436e37-09f5-41af-9b2a-4ca2435dbfd5}
Writer Instance Id: {4cd2a09d-de0d-446b-ad89-b8662d88ff92}
State: [1] Stable
Writer name: 'MSDEWriter'
Writer Id: {f8544ac1-0611-4fa5-b04b-f7ee00b03277}
Writer Instance Id: {4c62ec2b-26f4-41df-bb1c-823e6d53fa51}
State: [1] Stable
Writer name: 'Microsoft Writer (Service State)'
Writer Id: {e38c2e3c-d4fb-4f4d-9550-fcafda8aae9a}
Writer Instance Id: {237deb92-1713-402d-bc92-88905619afa5}
State: [1] Stable
Writer name: 'WMI Writer'
Writer Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
Writer Instance Id: {aadab526-d8ce-4ea6-9894-0c7250b83bd1}
State: [1] Stable
C:\Documents and Settings\Marilyn>vssadmin list providers
vssadmin 1.0 - Volume Shadow Copy Service administrative command-line tool
(C) Copyright 2001 Microsoft Corp.
Provider name: 'MS Software Shadow Copy provider 1.0'
Provider type: System
Provider Id: {b5946137-7b9f-4925-af80-51abd60b20d5}
Version: 1.0.0.7
Does the first one listed have to do with the possible conflict with Vista and XP? I haven't seen any attempt to share the System Volume Information folder. I will ask this question in the Microsoft Virtual PC NG. It's an excellent NG and I have gotten help there before. Very knowledgeable folks (regarding Virtual PC) post there. I can also ask at VMWare forums but that's more iffy as to whether or not I will get any answers. When I installed Vista Ultimate to VMWare Workstation 5.5 (where it is considered experimental, (5.5 is still supported by VMWare until end of November 2008), I had no problems until I shut down the machine several days later. When I went to reboot, VMWare said it could not locate the machine. It was in the proper folder on my hard drive and the path VMWare was pointing to was the correct one but it could not see the machine. I posted in their forum and got NO replies and probably the only answer (if I had gotten one) would have been to upgrade VMWare Workstation but that is not free.
--
"The same ferocity that our founders devoted to protect the freedom and independence of the press is now appropriate for our defense of the freedom of the internet. The stakes are the same: the survival of our Republic". Al Gore, The Assault on Reason |
