I'm posting this here for better visibility since it's directly related to certain antiviruses and is not exactly a "general" software. You might remember my tool called NTFS Streams Eraser from several years ago designed to cleanup NTFS Alternate Data Streams left behind by Kaspersky Antivirus. Well, I've decided to revive it, because there are still programs that use NTFS ADS to track files status. As far as I know Kaspersky is not using them anymore, but Comodo Internet Security does and because of that, NTFS Streams Eraser is back! It can be used to cleanup NTFS ADS left behind by ANY program and is not specifically designed for Comodo Internet Security. I'm guessing it will be useful for some people Link to my blog news: https://rejzor.wordpress.com/2015/04/12/ntfs-streams-eraser-revived/
Thanks for reminding me about ADS. I remember when Kaspersky used them in their products. Users criticised them as their AV product didn't remove them after uninstall. I decided to download Streams from Sysinternals (https://technet.microsoft.com/en-us/sysinternals/bb897440.aspx) as I prefer to check ADS before deleting them. Streams didn't show me any ADS on my system partition but it found a lot of them on my data partitions. It looks like all downloaded files get zone.identifier stream (https://msdn.microsoft.com/en-us/library/dn392609.aspx). I deleted all of them. I also disabled adding this information to downloaded files through Gpedit: User configuration - Administrative Templates - Windows Components - Attachment Manager - Do not preserve zone information in attachments [Enable]. Thanks again for this useful tool.
My tool is based on the Sysinternals Streams. It's just that I've combined it to do the erasing only.
Oh yes, I remember the Kaspersky ADS problem. What I don't remember is why this is a problem. Can you remind me of why I would want to erase my NTFS alternate data streams? Thanks in advance!
NTFS ADS aren't bad as such and it's a well documented feature of the NTFS filesystem. It's just that some people don't like having hidden data attached to their files. For whatever reason.
ReiZor I sure remember your tool and think I was using KAV at the time. I can't remember if all were upset with KAV because someone found ADS were a security risk or not but then again remember the storm over Norton using a rootkit to hide the recycle bin or something like that? Back in the Sony CD rootkit days? I thought it was worth bringing up again in this other thread. https://www.wilderssecurity.com/threads/kaspersky-anti-virus-plus-wsa.374893/#post-2477489
bad code - missing streams.exe without any hint, just causing error message - wtf. back to your drawing table... next are full featured and much smaller http://www.nirsoft.net/utils/alternate_data_streams.html http://www.sven-of-nine.de/site/doku.php/downloads --> "Datastream Viewer" Cheers
My code is just fine... You just have to click YES on that popup. I know my English isn't perfect, but that popup is understandable enough. It even asks you to download the missing component... The reason why I don't bundle 3rd party files with my tool is because of licensing/rights issues. But if the files are downloaded separately and user is notified about it through a popup and the official Streams webpage that opens up after you click YES, then it's ok. Plus, you always get the latest version of 3rd party files when you first execute my tool.
When I scan my C: drive with Streams I get a lot of warnings similar to this: It looks like the program has problem with long paths or with symbolic links that are used by system.
Just a brief question, do you people bother to read text on webpages and in programs? Just wondering, because it's clearly explained that program CANNOT access system locked files and files to which program has no access rights.
Yes, I'm using Windows 8.1 x64. Problem might be with permissions as RejZoR said. Running it with option As Administrator will show you more problematic files. A lot of files will have Application data mentioned 12 times in their full path (as shown above). That folder is symlink to c:\ProgramData so there might be a problem with symbolic links. If I run the tool without Run as Administrator option, those links are followed without errors.
ran this and every single thing listed said error opening file. i scrolled up the list and not one thing was otherwise?
Try to run tool with and without Run as Administrator option and save output to file. You will probably get some results, but most will probably be errors (at least that was my case).
I have not used comodo on this computer so I don't care. and I ran his program sandboxed too to all changes were erased on reboot.
