Just installed Returnil (free) and I like it. What is the best,
or rather commomly employed, method by users of Returnil regarding AV
updates.
Do you simply let the updates run as scheduled (hourly in my case),
knowing that on reboot they will not be saved to disc, then do a manual
update ?
Or just change the scheduled update intervals to suit ?
Or only do manual updates when session lock is disabled ?
(I only use session lock feature).
I think the first option is best as even with session lock on,
one surely doesn't want malware to cripple one's internet
'experience'. :)

I think any of the above methods will work fine. It is mostly up to your preferences and how you use your computer. Personally I only use session lock and I shut my computers down each night when I go to bed. I like to do manual updates and I don't have anything set to update automatically. So, each morning when I boot the computers I update everything as needed and make any other system changes I want. Then I go into session lock. I have Retrunil session lock on about 99% of the time.

If I left my systems running for extended periods under session lock then I would update them on my normal schedule knowing that when I rebooted I would have to catch up on all the updates that I lost when the system had been shut down. The bad thing about that though is that anyone who might turn on the computer after it had been shut down after the extended run would have to remember that it was behind in updates and be sure to do those ASAP before doing any surfing, etc. especially if Returnil was not enabled again.

I want to say (but can't remember for sure) that some other members here once discussed having their AVs save updated definitions to another partition so they aren't lost at all. So that might be an option if you can do it, but for me it isn't nescessary anyway with how I use my computers. I do have my email client saving emails and contacts to another partition though, so I don't lose them even while in session lock.

I use the free returnil as well,my pref Is I boot with protection off check my updates.I only turn on session lock when I web surf or check email.I use a laptop so I shut down when not in use.

-{ Quote: "
I think the first option is best as even with session lock on,
one surely doesn't want malware to cripple one's internet
'experience'. :)" }-

I think the answer may depend upon how frequently you are being infected.
If infection is occurring every day then frequent updates might help so allowing the AV to update even when protected might help. If at the other extreme you are like me and have never been infected then you might even want to turn of real time protection and do an on demand even month or so

Yes, returnil allows for a virtual partion Z upon istallation if chosen,the data can be saved there so work will not be lost on reboot.How ever I do use It and not certain how well it works.

I have the virtaul partition installed on two computers (a laptop and a desktop) and have never had any problems with either of them. Seems to work like a charm to me.

Many thanks for your viewpoints, everyone obviously has their own
preferences. I also don't use 'Z' virtual partition as I have my data
on a separate partition.

-{ Quote: "I think the answer may depend upon how frequently you are being infected.
If infection is occurring every day then frequent updates might help so allowing the AV to update even when protected might help. If at the other extreme you are like me and have never been infected then you might even want to turn of real time protection and do an on demand even month or so" }-
Haven't been infected since I got my 'new' computer nearly 3 years ago.
Avira has stopped one or two suspicious files via heuristics, but these could
have been false positives. Somehow I feel safer sticking to my current
hourly updates. I will just redo them first thing on next reboot before
turning on session lock. Thanks again.

Edit: Long View I see you are also using ATI. I wonder whether one
can mount an image with session lock on. Am too scared to try this on
my first day using Returnil. :) My guess is it will be OK and that I would
be able to copy a file to my data partition - which is not protected by
Returnil.

-{ Quote: "

Edit: Long View I see you are also using ATI. I wonder whether one
can mount an image with session lock on. Am too scared to try this on
my first day using Returnil. :) My guess is it will be OK and that I would
be able to copy a file to my data partition - which is not protected by
Returnil." }-

Yes you can mount with Returnil protected. When you make an image though
I don't think it is a good idea to have Returnil in protected mode. I'm not sure what would happen if you try to restore C: with Returnil protected. With DeepFreeze certainly and Returnil probably you would not be allowed to restore to C: The program is protecting C: To restore you would have to turn off the protection

good luck

Hi,
This is a good thread and I hope it continues. It would be helpful for many however if the topic also included specific feedback regarding how you have configured your favorite AV to work with RVS in the mix. Of particular interest to Personal Edition users would be how you have changed your default save locations (if applicable) for definition updates when using RVS protection.

Thanks
Mike

With the Premium version of Returnil, which I believe is available for
download on GAOTD, folder and file saving, while in protected virtual
mode is possible ( provided disk caching and not memory caching is used).**
Maybe I will make use of the generous offfer on GAOTD,
and add the folders to which my AV saves signature/engine/product
updates. Hopefully this will work.
I have kept my C:\ patition rather small @ 15 GB and currently have 36%
free. What size should I use for the disk cache - maybe 1.5 GB is
sufficient ?

Regards, and thanks for making the Premium version affordable ..;D

**Edit:- With System Protection on this feature will work without
enabling disk caching; so disk caching is only essential for this
feature to work with Session Lock ??

Edit:- "...and add the folders to which my AV saves signature/engine/product
updates. Hopefully this will work." Nope won't be good because
for engine/product updates there will also be changes made in the system32
folder and maybe registry changes. Purely for definition updates,
and provided they don't come bundled with engine/product updates
it might be OK.

Personally with AVG 7 and Returnil Premium GAOTD, i put the entire Grisoft folder and updates are saved.

-{ Quote: "Personally with AVG 7 and Returnil Premium GAOTD, i put the entire Grisoft folder and updates are saved." }-
Good ! It also works with Avira and with OE Identities.

-{ Quote: "Good ! It also works with Avira and with OE Identities." }-

Nice! With most programs there is no problem. Sometimes, if it doesn't save it, one should check in Doc & Settings, Application Data and see if the program has a folder there too.

Right now i have Ghostwall under Returnil too. You need to save the gfirewall file in windows\system32\ and it can save its rules.

Returnil works really well. :thumb:
The only bad thing is that sometimes i forget to click "update selected" before i reboot, but it's a matter of time before i get the habbit.

-{ Quote: "Personally with AVG 7 and Returnil Premium GAOTD, i put the entire Grisoft folder and updates are saved." }-
So if a malware targets AVG7, it can change AVG7, because the entire Grisoft folder isn't protected anymore by Returnil ???

Yes in the same way as if a malware targets FDISR, it can change FDISR.

-{ Quote: "So if a malware targets AVG7, it can change AVG7, because the entire Grisoft folder isn't protected anymore by Returnil ???" }-
Hello ErikAlbert,

Yes, but as Fuzzfas said you are only committing to save the changes
by selecting 'update selected' before rebooting - otherwise no changes
to the folder on the 'real' disk will be made - only in the virtual
environment. I hope this is correct otherwise one would have to rely
on the AV's self protection capabilities.

Regards.

-{ Quote: "Yes in the same way as if a malware targets FDISR, it can change FDISR." }-
That is not the same problem. Malware can target Returnil also.
This is not about FDISR or Returnil, it's about excluding folders, which is possible in FDISR and Returnil.

-{ Quote: "So if a malware targets AVG7, it can change AVG7, because the entire Grisoft folder isn't protected anymore by Returnil ???" }-

HI Erik,
The files and folders are protected until the moment you commit them to disk whether this be through the File Manager, the Toolbar drag & drop, or the right click extension in Explorer (if activated). Once you have committed your changes to disk, they are again protected until you decide or need to make changes (recommit to disk).

This is also true if you automate the commit process through Windows Task Scheduler using the supported command line:

C:\Program Files\Returnil\Returnil.exe /FILEUPDATE

Edit: This command line forces RVS to commit only those items listed and selected in the File Manager list.

Mike

-{ Quote: "HI Erik,
The files and folders are protected until the moment you commit them to disk whether this be through the File Manager, the Toolbar drag & drop, or the right click extension in Explorer (if activated). Once you have committed your changes to disk, they are again protected until you decide or need to make changes (recommit to disk).

This is also true if you automate the commit process through Windows Task Scheduler using the supported command line:

C:\Program Files\Returnil\Returnil.exe /FILEUPDATE

Edit: This command line forces RVS to commit only those items listed and selected in the File Manager list.

Mike" }-
That is a very acceptable solution. :)

-{ Quote: "they are again protected until you decide or need to make changes (recommit to disk)." }-
Have to try this approach with Avast Pro and threatfire...Searched for files and folders for Avast but could only find program files\Alwil software, anyone knows if there are essentials in win folder ?
----------
added:
Just after I wrote this I made an Avast push update from v 4.8.1178 to .1185 with sys protection on and tested the file manager update...Worked extremely well with a fast and smooth saving...Everything seems to be perfectly saved. Still to test defs updating...
----------
Mike: Can you in system protection mode freely add/deselect files to the file manager whithout reboot and in this way strengthen your control and choices ?

-{ Quote: "Mike: Can you in system protection mode freely add/deselect files to the file manager whithout reboot and in this way strengthen your control and choices ?" }-

Yes. Even when Returnil is in protection mode, you can add or remove folders/files in the file manager. Just click "save list" after you have finished. At this point, if you click "enable selected", the new data in the list will be saved.

-{ Quote: "Yes. Even when Returnil is in protection mode, you can add or remove folders/files in the file manager. Just click "save list" after you have finished. At this point, if you click "enable selected", the new data in the list will be saved." }-

Hi osip,
In addition to this you can also use custom File manager lists if you want to have different lineups for different scenarios using the import/export feature in the File Manager.

In the free version I had my av and outlook pst installed on a different partition so all updates were not affected by session lock. With the GOTD version I left everything on C and then used the File manager to set them to save any changes and then did Coldmoon's above with Task scheduler to save the changes hourly and everything is working fine so far.

I was going to buy the Premium version but wasn't sure if I needed the extras but after doing some fooling with this I see it would be a worthwhile purchace. I will probably pay for it where I do a lot of tweaking, and testing and stuff and are always restoring images and the like and the GOTD is only good for today's install. :thumb:

Well, I have the free on another FDISR snapshot where I use it with the session lock...Due to GOTD I took down the Premium to test it in my test snapshot where I have Avast Pro,LnS,Threatfire as combo...
-{ Quote: "In addition to this you can also use custom File manager lists if you want to have different lineups for different scenarios using the import/export feature in the File Manager" }-
Thanks Mike, this is great, I will customize needed scenarios and get used to it...

I don't know about Avast, but one should be careful. For instance with Avira
definition (vdf) updates are fine and the changes are saved. However
updates to drivers are more complicated. Avira saves them to the
system32/drivers folder. The system32 folder was also the destination for
another update. So for me I just let Avira do its updates in protected mode
(at least the latest vdf's are saved), and then just do a manual update
first thing after booting and before going back into 'virtual' protected mode.

-{ Quote: "I don't know about Avast, but one should be careful. For instance with Avira
definition (vdf) updates are fine and the changes are saved. However
updates to drivers are more complicated. Avira saves them to the
system32/drivers folder. The system32 folder was also the destination for
another update. So for me I just let Avira do its updates in protected mode
(at least the latest vdf's are saved), and then just do a manual update
first thing after booting and before going back into 'virtual' protected mode." }-

One of the things I hope this discussion can give some meat to is to establish a more refined set of instructions to users of various AVs. As there are significant differences between AVs, at least in what needs to be saved and where these components are located, it is impossible for us to research every AV and as a result we have to be extremely general in our suggestions.

As far as fleshing out the details, I can't think of another group that is better than the membership here at Wilder's and it would also provide general guidance for all ISR users...

Mike

I took advantage of the generous offer of a free one year license and will install this tomorrow, once I've read the manual (again) but it seems quite user friendly.

I'll have a look and see if Returnil have a user forum for anyone who uses the same security software as me...

NOD32 V3
Comodo Firewall V3
WinPatrol free

to see if there's any issues to navigate.

I'll have to check up about Returnil and Azureus too. Other than that I think my 4 year old son could soon get his dearest wish, to play on his dad's PC without wrecking it!

I'll report back once I've started using it.

These are the files I have in the File manager ruinning Avast Pro/LnS/Threatfire together with Returnil Premium:
*:\Program Files\Alwil Software\
*:\Program Files\ThreatFire\
*:\Documents and Settings\All Users\Application Data\PC Tools\
*:\Program Files\looknstop\Lnscfg.exe\
*:\Program Files\looknstop\LnSSvc.exe\
*:\Program Files\looknstop\looknstop.exe\
*:\WINDOWS\system32\drivers\aavmker4.sys
*:\WINDOWS\system32\drivers\aswFsBlk.sys
*:\WINDOWS\system32\drivers\aswTdi.sys
*:\WINDOWS\system32\drivers\aswmon.sys
*:\WINDOWS\system32\drivers\aswmon2.sys
*:\WINDOWS\system32\drivers\aswRdr.sys
*:\WINDOWS\system32\drivers\aswSP.sys
*:\Documents and Settings\JoL\Local Settings\Application Data\looknstop\

Seems to work fine when saving after updates...