NIS 2011, FDISR & "Index.qbs"

Discussion in 'FirstDefense-ISR Forum' started by Longboard, Oct 23, 2010.

Thread Status:
Not open for further replies.
  1. Longboard

    Longboard Registered Member

    Oct 2, 2004
    Sydney, Australia
    Have NIS on one of my XPSP3 snaps.
    Subs about to expire.
    Useful tool, I think.., PITA the way NIS just sweeps all the FPs away to quarantine. ( LOL other devs anti-rootkits !!) with no granular control re: "what do you want to do with this?"

    Updated to NIS 2011 for a trial: use FDISR (VSS) :copy/updated another snap:
    1 Error: "...blah..blah..Index.qbs is the wrong size and has the wrong date" in the copied snap: redo: same error. :p

    Ok, try new snap: same error :doubt:

    Investigate: chk disc: all good.
    Lenovo RnR ( a sys recovery tool ) has the same type of errors/problems with NIS and have a specific exclusion protocol.

    Something about NIS and some open file.
    Turning tamper protection and autoscan off in NIS does not fix the problem.
    NIS 2011, afaics, can not be temp. shutdown. ( another pita)

    Data anchor "works"
    Exclude the file "works"

    just annoying to have to tweak. :cautious:

    Anyone have similar probs. ??
    Solutions ?

    ( anyone think Todd is still watching ?? )
    croft ?
  2. crofttk

    crofttk Registered Member

    May 15, 2004
    Eastern PA, USA

    I'm running NIS 2011 myself and I found index.qbs in C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\QBackup

    Poking around Norton Community, I'm getting this is NIS quarantine system.

    I went through a few FP instances when I first updated to NIS 2011 back in September and squared them away.

    Checking quarantine inside NIS History at the moment it shows nothing quarantined but I may well have just said "hide from history" because my QBackup folder had a dozen or so subfolders, total size about 20 MB.

    I shut off product tamper protection in NIS and it allowed me to delete everything in that folder EXCEPT index.qbs.

    Leaving product tamper protection OFF, I rebooted and THEN I was able to delete index.qbs altogether.

    Then I turned product tamper protection back on.

    Maybe this helps you to a path to delete index.qbs?

    BTW, I've never had this file, associated folders, or anything else about NIS 2009 through 2011 generate errors or interfere with snapshotting/archive restores or anything FD-ISR related in my continuing active use of FD-ISR. Lucky me, i guess.
    Last edited: Oct 23, 2010
  3. Peter2150

    Peter2150 Global Moderator

    Sep 20, 2003
    Hi Longboard

    My solution isn't one you might be satisfied with, but if I have a problem with something breaking either FDISR or Sandboxie, it leaves my system.

    It is easy enough to secure one's system with applications that cause problems with my two "essential" programs.

  4. Acadia

    Acadia Registered Member

    Sep 8, 2002
    SouthCentral PA

  5. Longboard

    Longboard Registered Member

    Oct 2, 2004
    Sydney, Australia
    'lo guys thx for replies. :)

    @crofttk: Thx: ya I got same "background" as .qbs in same place as on:

    Rule #1: FDISR is NEVER the issue.
    Rule #2: see Rule#1.

    Fixed the whatever it was. :cool:

    Had done an "over the top install' of NIS2011 using Symantec DL Mgr.
    Had had a few FPs turn up before I remembered NIS "Sonar" and AutoScans" often pulls FPs for Nir's tools and a few of the moire esoteric tools I have hangin' around.
    Seems like some settings dont stick from install to install
    some corrupted fixed vector/open file...
    SO was wondering...went back: Ran Norton Uninstall tool...still had some files to clean out !!..but mostly remnants..
    Reinstalled clean with the basic .exe file..reregistered...
    Ran FDISR; ..drum roll...ta da..NO ERRORS.

    All been said before :)
    Difficult isnt it ??

    Couple of observations re NIS 2011 if I may: SONAR is absurdly over sensitive.
    The default is 'REMOVE' , if you're lucky there may be a restore option. :blink:
    The "scan/detection exclusions options" in NIS 2011 are absurdly complex.
    NIS 2011 will by default install ASK as "safe search" option unles opt out.
    WTFIT ?? :mad:

    AFter looking lean and mean in 2010 I think the 2011 version is heading back to Symantec OTT behaviour: too much, too often LCD, have to hand too much control to Symantec.

    From what I could see in the NIS community forums..there are literally hundreds of posters P'od by the default settings and the work arounds.
    Lots of devs aware that symantec will wipe their 'under development' code on the basis of "reputation" scores.
    Lots of users 'caught out' by NIS quarantining totally benign apps and e-mails and files..and often having difficulty recovering same :ouch:

    ANyhoo: FDISR still rules. :D

    Thx again .
    Last edited: Oct 24, 2010
Thread Status:
Not open for further replies.