AV & Firewall on while making Snapshots?

Discussion in 'FirstDefense-ISR Forum' started by Chamlin, Jun 16, 2008.

Thread Status:
Not open for further replies.
  1. Chamlin

    Chamlin Registered Member

    Joined:
    Aug 8, 2006
    Posts:
    449
    Is it wise to shut down NOD32, Spysweeper and Online Armor when making new snapshots? And if so, if I reboot to that new snapshot, will those programs be on or shut down?
     
  2. stapp

    stapp Global Moderator

    Joined:
    Jan 12, 2006
    Posts:
    7,285
    Location:
    England
    The recommended course of action may probably be to shut them down.

    In reality I do not shut my security software down, the only thing I do is go offline, empty any sandboxes, and close any open or minimized windows

    When you boot to that snapshot all will be as it was then (including virus definitions so they will have to be updated)
     
  3. Chamlin

    Chamlin Registered Member

    Joined:
    Aug 8, 2006
    Posts:
    449
    1. I get that I'd have to update the av definitions, but will the security software I have shut down prior to making the snapshot be shut down upon rebooting to that new snapshot?

    2. Just ran the copy of primary. The main log shows lots of errors:
    6/15/2008 22:40 4510 Snapshot "6-15-08 Snapshot w/Webcam" created
    6/15/2008 22:40 1000 CMD> COPY "Primary Snapshot" "6-15-08 Snapshot w/Webcam" EXCLUDE *.tmp
    6/15/2008 22:40 1032 Copying snapshot "Primary Snapshot" to "6-15-08 Snapshot w/Webcam"
    6/15/2008 23:28 1035 Copied 14.01 Gb (81606 files, 9791 dirs); Errors 42306; 47 minutes

    What am I doing wrong?
     
  4. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    WOW. Alot of errors. Are you running an automatic defragger ?
     
  5. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,046
    Only security stuff I run is Sandboxie,OA paid, and SSM. Obviously I don't browse when updating, but I don't do anything to OA or SSM. If they were shutdown, they would start up on reboot so that shouldn't matter.

    All those errors. What are the actual errors. I had a situation that did that, and it caused FDISR to delete all the files in the target. Just can't remember the cause at the moment.


    Pete
     
  6. Chamlin

    Chamlin Registered Member

    Joined:
    Aug 8, 2006
    Posts:
    449
    Excerpts:

    6/15/2008 22:51:41 Adding "Documents and Settings\Our\Desktop\ritePenSetup.v.3.0.15.rs.trial.exe" to "6-15-08 Snapshot w/Webcam"
    6/15/2008 22:51:41 Error - AAR::GetFileSecurity: The system cannot find the file specified.
    6/15/2008 22:51:41 Windows error number 2
    6/15/2008 22:51:41 Error - Adding "Documents and Settings\Settings\Our\Desktop\ritePenSetup.v.3.0.15.rs.trial.exe" to "6-15-08 Snapshot w/Webcam"
    6/15/2008 22:54:12 Creating folder "Documents and Settings\Settings\Our\Local Settings\Temp\26CB7BBD-700B-414F-B486-277FF06E3952" in "6-15-08 Snapshot w/Webcam"
    6/15/2008 22:54:12 Finalizing folder "Documents and Settings\Settings\Our\Local Settings\Temp\26CB7BBD-700B-414F-B486-277FF06E3952" in "6-15-08 Snapshot w/Webcam"
    6/15/2008 22:54:12 Adding "Documents and Settings\Settings\Our\Local Settings\Temp\26d8_appcompat.txt" to "6-15-08 Snapshot w/Webcam"
    6/15/2008 22:54:12 Creating folder "Documents and Settings\Settings\Our\Local Settings\Temp\30E12B95E592480F8E20708C63C39A52" in "6-15-08 Snapshot w/Webcam"
    6/15/2008 22:54:12 Adding "Documents and Settings\Settings\Our\Local Settings\Temp\30E12B95E592480F8E20708C63C39A52\fox.dll" to "6-15-08 Snapshot w/Webcam"
    6/15/2008 22:54:12 Error - AAR::GetFileSecurity: The system cannot find the file specified.
    6/15/2008 22:54:12 Windows error number 2
    6/15/2008 22:54:12 Error - Adding "Documents and Settings\Settings\Our\Local Settings\Temp\30E12B95E592480F8E20708C63C39A52\fox.dll" to "6-15-08 Snapshot w/Webcam"
    6/15/2008 22:54:12 Adding "Documents and Settings\Settings\Our\Local Settings\Temp\30E12B95E592480F8E20708C63C39A52\icu34.dll" to "6-15-08 Snapshot w/Webcam"
    6/15/2008 22:54:12 Error - AAR::GetFileSecurity: The system cannot find the file specified.
    6/15/2008 22:54:12 Windows error number 2
    6/15/2008 22:54:12 Error - Adding "Documents and Settings\Settings\Our\Local Settings\Temp\30E12B95E592480F8E20708C63C39A52\icu34.dll" to "6-15-08 Snapshot w/Webcam"
    6/15/2008 22:54:12 Adding "Documents and Settings\Settings\Our\Local Settings\Temp\30E12B95E592480F8E20708C63C39A52\icudt34.dll" to "6-15-08 Snapshot w/Webcam"
    6/15/2008 22:54:12 Error - AAR::GetFileSecurity: The system cannot find the file specified.
    6/15/2008 22:54:12 Windows error number 2
     
  7. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,046
    You've got something protecting or locking out those files. What security software are your running.
     
  8. Chamlin

    Chamlin Registered Member

    Joined:
    Aug 8, 2006
    Posts:
    449
    nod 32
    online armour
    spysweeper

    above were turned off

    trueimage
     
  9. stapp

    stapp Global Moderator

    Joined:
    Jan 12, 2006
    Posts:
    7,285
    Location:
    England
  10. Chamlin

    Chamlin Registered Member

    Joined:
    Aug 8, 2006
    Posts:
    449
    Yes, I saw that. Question is...what program? If I Quit Spysweeper, NOD32, and Online Armour, what could be operating?

    Acronis true image?
    Mozy online backup?
     
    Last edited: Jun 16, 2008
  11. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,046
    I don't think it would be Acronis. Not familiar with Mozy Online backup, but if it is a continous backup maybe.

    Pete
     
  12. Chamlin

    Chamlin Registered Member

    Joined:
    Aug 8, 2006
    Posts:
    449
    Got it working. I used task manager to close a bunch of things and FDISR had no problems with the snapshots. Hassle, yes, but mission accomplished.

    Thanks for the assistance!
     
  13. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    So what was the actual culprit? I am just curious.
     
  14. Chamlin

    Chamlin Registered Member

    Joined:
    Aug 8, 2006
    Posts:
    449
    Not sure since I pretty much turned off all I could. I think their was some part of either NOD32 or Online Armor still running that got in the way.

    Next time I'll do it systematically, but I didn't have time for that as I needed the snapshot done asap to protect the system.
     
  15. stapp

    stapp Global Moderator

    Joined:
    Jan 12, 2006
    Posts:
    7,285
    Location:
    England
    I run OA full non av and don't shut it down by the way.
     
  16. Chamlin

    Chamlin Registered Member

    Joined:
    Aug 8, 2006
    Posts:
    449
    You leave Online Armor on and FDISR works fine? Hmmm. I'll try it.

    What do you mean non av?
     
  17. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,046

    I also leave OA on when I update FDISR. There is an AV version of Online Armor. Note I don't run any AV here.
     
  18. Chamlin

    Chamlin Registered Member

    Joined:
    Aug 8, 2006
    Posts:
    449
    I'll give it a shot with OA on and kill NOD32 next time.
     
  19. pbernard

    pbernard Registered Member

    Joined:
    Nov 1, 2006
    Posts:
    46
    Location:
    Florida, USA
    I leave on OA AV+ and have not had any problems creating/updating snapshots or archives.
    Pat
     
  20. Acadia

    Acadia Registered Member

    Joined:
    Sep 8, 2002
    Posts:
    4,048
    Location:
    SouthCentral PA
    The only program that I turn off when updating something on ISR is Anti-Executable; I leave NOD and Comodo firewall version 2 turned on. Actually, I have accidentally left AE enabled a couple of times and ISR still updated just fine.

    Acadia
     
  21. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,046
    Makes sense. It's probably copy protection, so once copied, AE doesn't affect it.
     
  22. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    I don't turn anything OFF : not my firewall, not DefenseWall, not Anti-Executable and that's all I have as security.
    It's impossible for me to turn anything OFF, because I work with a frozen snapshot. You can only freeze the current snapshot and freeze is nothing but a copy/update from current snapshot to archive (Freeze Storage.arx).
    If I turn everything OFF and I reboot, then I boot each time in an unprotected online snapshot and I'm not going to activate my security after each reboot, too inconvenient and not necessary either.
    AE was a big problem in the past, not anymore after configuring AE properly.

    The only error I get sometimes in FDISR is a known bug in FDISR, that has never been solved and will never be solved, since FDISR is dead. The bug was not important enough.
    The bug only appears sometimes when snapshots are VERIFIED, an option that is OFF by default, which means that most users don't get these errors. :)
     
    Last edited: Jun 18, 2008
Thread Status:
Not open for further replies.