Re: Norton doesn't (or can't) scan "\System volume information\..." path?
From: Some Guy (Some_at_Guy.com)
Date: 03/27/04
- Next message: Byte: "RE: extend.dll error HELP"
- Previous message: Byte: "RE: Huge file-unknown purpose"
- In reply to: GTS: "Re: Norton doesn't (or can't) scan "\System volume information\..." path?"
- Next in thread: kurt wismer: "Re: Norton doesn't (or can't) scan "\System volume information\..." path?"
- Reply: kurt wismer: "Re: Norton doesn't (or can't) scan "\System volume information\..." path?"
- Messages sorted by: [ date ] [ thread ]
Date: Sat, 27 Mar 2004 12:00:54 -0500
GTS wrote:
> \System volume information\ is used to store System restore points
> and Windows will not allow other programs to change these files.
Situation:
Connected a FAT32 drive (D:) to a system with an NTFS Win-XP pro drive
(C:)
XP booted and at some point created a \system volume information\
directory on the D drive. While in XP, I can browse, delete, and move
files within the D:\system volume information\ tree at will. I can't
do any of those things with the C:\system volume information\ folder.
You can point Norton to the D:\system volume information\ folder and
tell it to scan that folder, and it will go through the motions, but
it will report 0 (zero) files scanned (there are 2 files there - a
.log file and the .SCR file in question).
The cleaner WILL scan the D:\system volume information\ tree and
apparently Norton will intercept all files accessed from this tree and
scan it before The Cleaner gets it.
> They can be accessed in a read only mode. Infected files may
> be placed there by the System Restore process itself. When a
> virus scanner identifies infection in that area (which is not
> all that uncommon once system files are infected), the usual
> procedure is as follows:
Using native system functions (my_computer, explorer) can you browse
your C:\system volume information\ folder while running XP?
Will Norton Scan "?:\system volume information\" during a manual or
scheduled scan (it appears the answer is no) or does virus discovery
in that folder depend on some other program accessing files in that
folder (it appears the answer is yes).
> (Contrary to the other post in this thread, this has nothing
> to do with NTFS. System Restore works the same way with
> Fat 32 and NTFS drives.
Clearly the permission structure is different. Again, if a FAT32
drive (D:) is connected to a computer running XP (C:) then you _can_
browse, copy, and delete files within the D:\system volume
information\ folder. You can't do the same for the C:\system volume
information\.
> The behaviour you note by NAV seems odd. Other AV programs I
> use (particularly ETrust) do scan that full directory
I don't have an XP system in front of me currently, so I don't know
the answer to this: Tell Norton to scan your C:\system volume
information\ and look at the report. How many files did it say it
scanned? Zero?
- Next message: Byte: "RE: extend.dll error HELP"
- Previous message: Byte: "RE: Huge file-unknown purpose"
- In reply to: GTS: "Re: Norton doesn't (or can't) scan "\System volume information\..." path?"
- Next in thread: kurt wismer: "Re: Norton doesn't (or can't) scan "\System volume information\..." path?"
- Reply: kurt wismer: "Re: Norton doesn't (or can't) scan "\System volume information\..." path?"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
