FD-R and NIS 2010

Discussion in 'FirstDefense-Rescue Forum' started by squid13, Mar 20, 2010.

Thread Status:
Not open for further replies.
  1. squid13
    Offline

    squid13 Registered Member

    I'm using Windows 7Pro 64 bit. I installed FD-R on this computer and it doesn't play well with NIS 2010. When I copy and update to the rescue image the Norton comes out red in the task bar and wants to reinstall to fix it. I unchecked the tamper protection in Norton thinking that was it but still does the same. I have the old rescue from Horizon Data System on my XP machine along with NIS 2010 and I have no problem doing a copy and update on it. Does anyone have the new FD-R and Norton NIS on there machine and are you having problems with it?
  2. Leapfrog Software
    Offline

    Leapfrog Software Leapfrog Management

    Greetings squid13,

    I'll put this on my list to see what is going on. Some of these AV apps lock down raw sectors and cause issues with MS VSS. If you have my email, please ZIP and email me your log files (PM me if you don't have my email). Sometimes all it takes is to exclude a mischievous file or two.

    If you are feeling brave, take a look in the last copy log and search for "Error:" to see what might be going on. We pretty much log everything we can.
  3. squid13
    Offline

    squid13 Registered Member

    Sent you a private message.
  4. Birdman
    Offline

    Birdman Registered Member

    I just purchased FD-Rescue and I also have NIS 2010 installed on my Win 7 x64 system. Seeing this thread, I am hesitant on installing Rescue at this moment if there are compatibility issues with Norton.

    Todd, should I wait to install until you address this problem?
  5. Leapfrog Software
    Offline

    Leapfrog Software Leapfrog Management

    Unless you have a test system to mess with, let me hit this one. I am going to fire NIS up today.

    btw: We also have a user seeing an issue with Comodo Internet Security, where you have to FDR exclude the \Windows\System32\drivers\sfi.dat file. Any open file technology driver, in our case Microsoft's VSS, get access shut out to that driver.
  6. Leapfrog Software
    Offline

    Leapfrog Software Leapfrog Management

    Greetings All,

    I found the issue. NIS 2009 and NIS 2010, during installation, add a Microsoft VSS registry key for a NIS folder to not be available during a backup.

    The NIS folder is C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs.

    You can temporary solve this issue one of two ways:

    a) Anchor the above location, or
    b) Export the key(to save it off) and remove from the registry HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\BackupRestore\FilesNotToSnapshot\Norton AntiVirus Defs

    I prefer solution (b) since it allows FDR to clone and make a duplicate copy of this data. If you have never played in the Windows registry, just do a) for now.

    This is a temporary solution. We have a solution to detect for this situation and adapt to it for the next release of the FDR products.
  7. Birdman
    Offline

    Birdman Registered Member

    Thanks Todd. Pardon my 'N00bness' but I just want to make sure that I understand the above correctly so I don't screw anything up in FD-Rescue and/or NIS 2010.

    After opening 'regedit' and finding that particular string......do you export the entire "FilesNotToSnapshot" folder or JUST the "Norton AntiVirus Defs" value?

    Afterwards, do we delete just the "Norton AntiVirus Defs" value or the folder in which it is contained (ie FilesNotToSnapshot)?

    Also should any FD-Rescue files or folde(s) be excluded from Norton scan or auto-protect?

    Please advice. Thanks again.
    Last edited: Mar 22, 2010
  8. Leapfrog Software
    Offline

    Leapfrog Software Leapfrog Management

    Sorry, I should have been a little more detailed in my response. It was a bit brief.

    Q:After opening 'regedit' and finding that particular string......do you export the entire "FilesNotToSnapshot" folder or JUST the "Norton AntiVirus Defs" value?
    A: Just the "Norton AntiVirus Defs" need to be exported

    Note: This value does not affect the NIS operation. It is only when VSS is active that it is not exposed to the VSS snapshot. Since we are not leaving VSS on for extended periods of time, or exporting a backup to a remote computer, or migrating the OS to a virtual system. We want to make a perfect clone of the OS and leave it on the same system, thus these files need to be copied. I am not sure of Symantec's reasoning behind this.

    Q: Afterwards, do we delete just the "Norton AntiVirus Defs" value or the folder in which it is contained (ie FilesNotToSnapshot)?
    A: You can delete "Norton AntiVirus Defs", or renaming some part of the value (in this case a folder) to a bogus entry. Ex: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\* /s changed to C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefsX\* /s.

    If for some reason you don't save off the reg key, it is not the end of the world. Reinstalling NIS adds it back. As mentioned, removing it does not affect NIS normal operation of protecting your system.

    Q: Also should any FD-Rescue files or folde(s) be excluded from Norton scan or auto-protect?
    A: Not to our knowledge.

    I hope this helps.
    Last edited: Mar 22, 2010
  9. Peter2150
    Offline

    Peter2150 Global Moderator

    Todd

    This is good info. This impact of NIS would also effect imaging software using VSS.

    Pete
  10. Birdman
    Offline

    Birdman Registered Member

    Thanks for the detailed info Todd. One little problem though, when I right-click the 'Norton AntiVirus Defs' string......it does no show an option to EXPORT.

    You can export the folder (FilesNotToSnapshot)....but not any strings located inside of it.

    Is there a way to manually do this?
  11. Leapfrog Software
    Offline

    Leapfrog Software Leapfrog Management

    My bad. Yes, just export the root "FilesNotToSnapshot".

    It is only for the purpose of saving it off in case you need to re-enter the key later. You can always just write it down (who does that these days), or copy the field's string and safe in a notepad file.
  12. mrfargoreed
    Offline

    mrfargoreed Registered Member

    Having none of these problems here running NIS2010 and FD-R Lite. Wherever I boot the icon is green. I've updated several times and no problems whatsoever. Haven't adjusted any settings in FD-R. Weird.
  13. squid13
    Offline

    squid13 Registered Member

    I just exported the FilesNotToSnapshot then went back into the registry and deleted in the FilesNotToSnapshot the Norton AntiVirus Defs. Did a Copy and Update then booted to the Rescue Area and Norton came thru OK.
Thread Status:
Not open for further replies.