Re: Norton doesn't (or can't) scan "\System volume information\..." path?
From: GTS (x_at_y.com)
Date: 03/27/04
- Next message: Alex Nichol: "Re: Need Admin Password for XP Home"
- Previous message: Bob Eyster: "Re: Windows XP Login Problem"
- In reply to: Some Guy: "Norton doesn't (or can't) scan "\System volume information\..." path?"
- Next in thread: Some Guy: "Re: Norton doesn't (or can't) scan "\System volume information\..." path?"
- Reply: Some Guy: "Re: Norton doesn't (or can't) scan "\System volume information\..." path?"
- Messages sorted by: [ date ] [ thread ]
Date: Sat, 27 Mar 2004 15:36:01 GMT
"Some Guy" <Some@Guy.com> wrote in message news:4063AB3F.DE8DA276@Guy.com...
> Connected my win-98 drive to an XP-pro development system to scan the
> 1) how did it end up in that directory, and
>
> 2) Why does NAV refuse to scan any subdirectories / files in that
> folder, and will only scan that (that particular file) when I drag
> it's nose down to the file itself?
>
> 3) The Cleaner apparently has no problem scanning all files in that
> path (when pointed to the top-level directory) and, funny enough, NAV
> intercepts the file when The Cleaner tries to access it.
>
> So why does NAV fear to tread into the \System volume information\
> directory tree? Is Rp36 a "restore point" ? Just like the recycler,
> seens the \sys vol info\ folder would be a good place for virii and
> trojans to hang out (and a very important place for NAV to be able to
> scan). ???
\System volume information\ is used to store System restore points and
Windows will not allow other programs to change these files. They can be
accessed in a read only mode. Infected files may be placed there by the
System Restore process itself. When a virus scanner identifies infection in
that area (which is not all that uncommon once system files are infected),
the usual procedure is as follows:
1. Turn off system restore. (Control Panel/System Restore Tab - check
"Turn off System Restore on all drives") . Windows will remove all saved
restore point files. Reboot.
2. Then turn System Restore on again. Windows will create a new initial
restore point and resume ongoing operation.
(Contrary to the other post in this thread, this has nothing to do with
NTFS. System Restore works the same way with Fat 32 and NTFS drives. Also,
the specifics of what is saved in RP's is documented. Generally it includes
registry changes, system files like dll's which have changed, and other
'system state' data.)
The behaviour you note by NAV seems odd. Other AV programs I use
(particularly ETrust) do scan that full directory and report all infected
files, although they cannot clean it, requiring the process I explained
above.
GTS
- Next message: Alex Nichol: "Re: Need Admin Password for XP Home"
- Previous message: Bob Eyster: "Re: Windows XP Login Problem"
- In reply to: Some Guy: "Norton doesn't (or can't) scan "\System volume information\..." path?"
- Next in thread: Some Guy: "Re: Norton doesn't (or can't) scan "\System volume information\..." path?"
- Reply: Some Guy: "Re: Norton doesn't (or can't) scan "\System volume information\..." path?"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
