Anyway to test RSS protection is enabled (virtualization active) from command line?

Discussion in 'General Returnil discussions' started by VanguardLH, Dec 29, 2010.

Thread Status:
Not open for further replies.
  1. VanguardLH

    VanguardLH Registered Member

    Joined:
    Sep 10, 2007
    Posts:
    96
    I, like many users, will add an event in Task Scheduler to defrag my hard disks at periodic intervals. While it is configured to retry for a max amount of time and run only if the computer has been idle for awhile, it would still be possible that I leave RSS running while protecting my system. Since events in Task Scheduler will run at the scheduled time or under the appropriate conditions, they may run while System Safe is active.

    For some scheduled events, it is trivial that they might be running while the host is being virtualized. However, some events will be superfluous. For example, the scheduled defrag of my hard disks would be meaningless and a waste of CPU cycles, data bus bandwidth, and disk thrashing while System Safe mode was active. No, I don't want to go to manually runs of the defragger for when I happened to remember it. Yes, repeated defrags may not move much but then they don't run long, either, so impact is minimal. I currently setup defrags to occure bi-monthly, wait for the host to be idle for 20 minutes, retry for up to 1 hour, and run around 2AM in the morning. Alas, I'm on my computer even into the night and morning. This means that the defrag probably won't be running bi-monthly but that's okay since if it ever manages to run something in, say, 6 months then I'm still happy.

    Yet I need to ensure that this scheduled event does NOT run when RSS' System Safe mode is active. It would be a waste of time to defrag the virtualized disk. So I'd like to use a command-line program to test if System Mode is enabled and, if not, then run the program, like defrag. I could use this in a batch file to test if System Safe was active; if so, exit the batch file.

    Similary, I don't want to be running image backups (using Acronis TrueImage) while System Safe mode is active. I want all those changes to get tossed when the host gets rebooted, not to end up in my image backups. ATI has its own scheduler so I cannot use a command-line test tool with RSS; however, I've found a means of running a defined task in ATI using the command line that would suffice - but I'd still need a means of testing if System Safe mode was on or off.

    In scheduled events (Task Scheduler or in the app's own scheduler) are the following:
    - Disk defrag.
    - CCleaner.
    - Disk Cleanup Wizard (Windows).

    There might be others that I'm not thinking of right now. These should NOT run when RSS' System Safe mode is on. I *do* want these scheduled events to run because I certainly don't want to use some popup reminders telling *me* to manually execute these tasks. Obviously automation is a handy and almost intrinsic function of computers. Yet there are times when such automation should be blocked or altered. Without a means to test when System Safe is on or off, users have to means to define when to run their automated tasks and when not to.
     
  2. cruchot

    cruchot Registered Member

    Joined:
    Apr 20, 2009
    Posts:
    126
    Location:
    Germany
    I would like to have an answer too.
    How to externally check for enabled/disabled Virus Guard and Virtual Mode.
     
  3. Coldmoon

    Coldmoon Returnil Moderator

    Joined:
    Sep 18, 2006
    Posts:
    2,981
    Location:
    USA
    Hi,
    First, whether defrag is scheduled through task manager, through the newer Backup & Restore in Windows, or a third party defragmentation solution is irrelevant. If the Virtual Mode is active, RSS/RVS will not allow the defragmentation to take place...period.

    So even if scheduled, the attempt will fail and the defragmentation will not take place which leads to a reply for the second question:

    Can the status of the Virtual Mode feature be determined via local or remote command line? No, this is not supported. For customers with multiple seating and Returnil Commander management console access, status of the Virtual Mode for each client is available from the client > target client > Settings tab in your RC account.

    Mike
     
  4. cruchot

    cruchot Registered Member

    Joined:
    Apr 20, 2009
    Posts:
    126
    Location:
    Germany
    Yes, there is a way ;)

    This is no fake screen! It's an AutoIt script. I'll offer it later this week...

    screenshot.png
     
    Last edited: Jan 26, 2011
  5. Coldmoon

    Coldmoon Returnil Moderator

    Joined:
    Sep 18, 2006
    Posts:
    2,981
    Location:
    USA
    Did you have to set the option to allow all users to enable the Virtual Mode or did you do this from your admin account?

    Mike
     
  6. cruchot

    cruchot Registered Member

    Joined:
    Apr 20, 2009
    Posts:
    126
    Location:
    Germany
    Hi Mike,

    I'll send you a PM.
     
  7. VanguardLH

    VanguardLH Registered Member

    Joined:
    Sep 10, 2007
    Posts:
    96
    I was hoping for a means that didn't require installation of 3rd party software for a workaround.

    Also, I gave more examples than just defrag. Presumably RSS would interfere with the defrag API so an app trying to use it would fail. But if that API isn't used then just how would RSS know it isn't supposed to let the app does its job?

    Defrag was an example. Disk cleanup utilities were more examples. Antivirus scans would be another example (if I'm in Safe Mode then I really don't need an AV scan looking for quiescent malware files). I only listed some of the tasks that *I* have that shouldn't run while Safe Mode is active. Other users would come up with many other jobs or tasks that shouldn't happen or are a waste of time or resources during Safe Mode. There might even be some situation where harm or corruption might occur.

    I can see possibly a reason why this test of Safe Mode is active has not been provided: malware could easily test if it was running under a virtualized environment and remain quiescent. It would stay dormant in Safe Mode waiting until it ran outside of Safe Mode (if it survived the discard of the virtual hard disk).

    So I see a reason why I would like to know if Safe Mode is active and write batch files as wrappers to apps or scheduled events to alter their behavior when run under Safe Mode and when not. But I also see a reason why this status isn't so easily admitted to deter malware from knowing when to remain quiescent. Of course, as cruchot has demonstrated, malware could look at the screen contents (windows, their titles, and objects defined therein) along with entries for the system notification area (system tray) to see if RSS was on the host and if Safe Mode were active. I don't know if it was Returnil's intention to hide Safe Mode from malware since that state seems detectable.
     
  8. cruchot

    cruchot Registered Member

    Joined:
    Apr 20, 2009
    Posts:
    126
    Location:
    Germany
    You're right.

    Let's wait if they remove the info that is read by the script.
     
  9. Coldmoon

    Coldmoon Returnil Moderator

    Joined:
    Sep 18, 2006
    Posts:
    2,981
    Location:
    USA
    No, nothing so involved as that. There was simply no reason to have a command line feedback option because the following are valid:

    1. Single seat and multi seat home users will not have a network that requires remote installation of the client software and the clients would be managed directly. This means that all the authorized user needs to do is hover the mouse pointer over the tray Icon and the status for both Virtual Mode and the Virus Guard real time monitor are shown quickly.

    2. Network customers with remote management and/or configurations requirements. As an important part of remote client management is to determine the status of program features, the Returnil Commander console provides that information to the Admin from their account. Again, no need for a command line option.

    Mike
     
  10. VanguardLH

    VanguardLH Registered Member

    Joined:
    Sep 10, 2007
    Posts:
    96
    "no need for a command line option"

    I disagree. If that were true, this thread would not have been started. I have a need to have the computer help regulate its activities without me having to hover constantly at the monitor. I won't be at the monitor during the events that I wish NOT to happen in my absence. I really don't want to be terminating processes when I'm at the monitor that should run, either. I don't want the computer wasting memory, CPU cycles, and data bus bandwidth to reduce responsiveness of the host for tasks that are superfluous while Safe Mode is active. That you wish for me not to have this need doesn't eliminate that need.
     
  11. cruchot

    cruchot Registered Member

    Joined:
    Apr 20, 2009
    Posts:
    126
    Location:
    Germany
    VanguardLH, if you're interested to give it a try:

    Readme
    Executable


    Note: the scanner in RSS flagged the executable, but don't worry.
     
    Last edited: Jan 27, 2011
  12. Coldmoon

    Coldmoon Returnil Moderator

    Joined:
    Sep 18, 2006
    Posts:
    2,981
    Location:
    USA
    You misinterpret my reply. It was about why the idea was not considered during the design phase, not what we think you need or want.

    One point to consider however is that the Virtual Mode is configured to be turned off by default while Windows is in Safe Mode to aide general troubleshooting. As there have been discussions about this going back as far as RVS 2007, I incorrectly assumed that you knew of the setting and its purpose. The setting is adjustable and located in preferences > Advanced tab

    This is another reason why a determination of Virtual Mode status via command line while in Safe Mode would be redundant.

    Mike
     
  13. VanguardLH

    VanguardLH Registered Member

    Joined:
    Sep 10, 2007
    Posts:
    96
    Not considered in the design phase is not the same as a function being redundant. Looks like I'm getting nowhere on this with you. You argue that the feature would be redundant when I don't even see the feature is available.

    At this point, the argument is moot. I had left Returnil awhile ago and decided to try it again; however, I ran into the same problem as before and has been encountered by many users lately - of smacking 100% CPU usage which makes the host sluggish or unusable. The typical response is to send in a report but this problem has been reported for several months now. After install Returnil and noticing the 90%, or higher, CPU usage, I remembered why its trial got terminated last time. I'll have to wait until the product has bug fixes that address this excessively high CPU usage so I don't have it on my host anymore. I needed to go onto other tasks.

    Thanks for the debate, though.
     
  14. Coldmoon

    Coldmoon Returnil Moderator

    Joined:
    Sep 18, 2006
    Posts:
    2,981
    Location:
    USA
    VLH,
    If you are encountering this, please send in a full report with the usual logs as we have been unable to reproduce this in the lab. You should also temporarily uninstall any other security applications, install RSS, and then reinstall the other programs. This has shown to be effective in many cases and due to interference from the other programs and not a defect or issue in RSS itself.

    Mike
     
Thread Status:
Not open for further replies.