Clean Install and other Newbie Questions

Discussion in 'Returnil releases' started by winwolf, Mar 3, 2011.

Thread Status:
Not open for further replies.
  1. winwolf

    winwolf Registered Member

    Joined:
    Mar 2, 2011
    Posts:
    9
    I'm planning a clean install of Win 7. I've got a Lenovo T510 with 4 GB RAM. I need some guidance for how to implement RSS Pro. I've done too many re-images/clean installs in the past few years - they are painful and I don't want to do any more of them, and I'm hoping RSS Pro will come to the rescue.

    Background info:

    - I have a 125 GB SSD.
    - After the clean install, I'll be swapping out the DVD drive and inserting a 250GB HDD for less active data (photos, video, software exe files, etc.)
    - I really hammer my system:
    • I have around 50 pst files, totaling over 30 GB, and index them and my ost file with NEO (Nelson Email Organizer, from Caelo).
    • I also index my whole system with X1. X1 not only indexes the emails in the ost and pst files, but also indexes any attachments as well as calendar, contacts and tasks. So there is a lot of indexing going on.
    • I do not constantly add to my pst files - I create new ones every month and dump email in every 2 weeks then stop adding to the pst files.
    • I run Nuance Dragon Naturally Speaking, which updates my speaker profile whenever I close it, and runs enhancement routines weekly during off hours.
    • I run nightly backups, and they create log files.
    • I've got lots of other small utilities that I tweak every so often, which means they will store their data somewhere when I do that.
    Questions:
    1. As part of the clean install, should I partition my SSD and create a separate data partition?
    2. After the clean install, at what point should I install RSS Pro? Normally the first thing I'd do is install Microsoft Security Essentials, but I won't need that with RSS. And it looks like I don't need malware detection software either. Do I only need to install SP1 and the subsequent Windows updates?
    3. I've got tons of software to install - do I just do it all, while not in virtual mode, and then turn on virtual mode?
    4. How do apps that constantly modify their files (like NEO, X1 indexes and databases) get set up? Do I need to know where their actively updated files are located, which ones are active, and exclude them manually? Or does RSS Pro have some way of flagging them for me?
    5. How do I work with basic stuff like MS Word? If I set up a list in File Manager, it says I have to select each file, not just the folder. So even if I keep all my Word/PPT/XLS files in a c:\Data folder, when I create a new file how do I easily prevent it from going away after I reboot?
    6. From the manual I can't tell the difference between file protection and file manager.
    7. How do I set up the snapshot frequency for system restore? Can I, or is that still a future feature? If the latter, then what is the basis for the restore point RSS creates today? One reason I'm keen on RSS is that my Win 7 system refuses to create restore points, and even if it worked Win 7 no longer makes it easy to create scheduled restore points as XP did.
    8. In one post (regarding SSD support) it noted that once RAM is used up, disk gets used. Is there any reason to increase my RAM to 8GB if I'm using RSS Pro?
    9. For those small tweaks to my utilities, I presume I just go out of Virtual mode for a second, do my change, and go virtual again, correct? Or is it safer to stay virtual but know where the config file is and set it to write to disk?
    Thanks in advance !!
     
  2. Coldmoon

    Coldmoon Returnil Moderator

    Joined:
    Sep 18, 2006
    Posts:
    2,981
    Location:
    USA
    Hello winwolf and welcome to the forums :)

    It depends on what you are trying to achieve. It is a valid configuration , but an advanced one that has advantages and disadvantages. Another possible configuration is a System/Program/Data split over three partitions which works well when your goal is to minimize changes to the real System Partition while keeping it lean at the same time and to separate your programs from the system.

    RSS and MSE get along well together so you have this option available. What I would suggest is to go ahead and install MSE and then apply all the Microsoft Updates you need to get current (including optional MSE signature updates). When this is complete, go ahead and perform a full disk defragmentation and then install RSS (make sure you restart to complete its install). Next, install your other programs per your chosen configuration from question #1.

    Keep the Virtual Mode off when installing your programs. This is due to the fact that installing anything in Virtual Mode and then restarting your computer will result in any changes to the real system being lost. If you were to use the more advanced setup I describe in #1, then you may have a program installed physically in the program partition, but the required changes to the System registry would be lost resulting in a damaged install with the program not able to function properly unless all your programs are mobile versions (no drivers and no need to change the registry. From your descriptions above, I would highly doubt that this would be valid).

    The best way to go at this would be to use the File Manager autosave feature. Define the files and/or folders where the data is stored on the system and then have the FM save the content to disk at regular intervals (1 minute to 24 hours available). Defining a folder will save all changes to files and sub-folders within the defined folder in the FM list automatically.

    If you are saving only the data to a non system partition, then you do not need to save the data itself on said partition, but you may need to save content on the system that points to that data.

    As mentioned above, the FM will include all files and sub-folders inside a defined folder in the list. So if you were to add "C:\Users\someuser\Documents" to the FM list, all files, sub-folders, and the files within said sub-folders would also be included in the save to the real disk. What is saved here however is not the entire file itself, but any changes to the files between when the Virtual Mode was enabled and when you restarted the computer.

    For frequent and/or heavy data or content changes, you should use the autosave interval to ensure a smooth save operation and less to deal with at computer shutdown and/or log-off (optional save times).

    File Manager: allows you to save content to the real system partition manually or automatically as described previously.

    File Protection: removes the access malware often needs to make changes in content protected by this feature. What it does is to remove write permission for content on non-system drives/partitions only.

    An example of the use might be:

    1. I have a complicated document structure in My Documents with files, folders, sub-folders, etc. To deal with this I would use the File Manager with Autosave to ensure my work documents get updated and those changes remain after a computer restart while in Virtual Mode.

    2. I have a factory restore image saved on a non-system partition "D:\". To protect that content from unwanted or malicious changes, I would use the File Protection feature to keep malware from corrupting or adding itself to the image by denying it access to that entire drive.

    This is a strange situation. RSS will not allow backups while in Virtual Mode to ensure that the real system does not become damaged or corrupted. It is also a useless endeavorer as is trying to defragment the drive while virtualized as the changes are really only happening within the virtual system. When you restart, those changes would be gone.

    The System Restore in the current generation of RSS makes use of the native Windows Volume Shadow Copy service which is what Windows itself uses to create its own restore points with some extras:

    1. ANY restore operation will be noticed by RSS regardless of whether this was initiated in Windows or via the feature in RSS. After the restore, RSS will give you access to the File Restore feature that will allow you to recover specific files on the system partition from the previous machine state if required. So for example lets say you apply an upgrade to one of your programs, but the upgrade did not work properly. In your investigation you discover that a new file added is not compatible or is damaged in some way making the program non-functional. You can grab the original pre-upgrade file you need using the File Restore, get the program back up on its feet so to say, without having to reapply a different restore point thus saving a great deal of time and effort to get your system productive again.

    2. The System Restore in RSS is tightly coupled with the included Virus Guard component that will scan your restore point before you can apply it when invoking the restore from within RSS. This makes it very convenient and efficient to identify a clean restore point and avoid the old bouncing ball issue where a malware infects your restore points and you simply reinfect yourself...

    Have you tried to investigate why the Win 7 Backup and Restore feature is not working as expected on this specific computer?

    http://support.microsoft.com/kb/973455

    Simple answer? More RAM is always a good thing ;)

    Is it required or recommended for use with RSS? Not specifically, but better overall performance is usually a by-product/goal of a RAM upgrade so my suggestion is to max out your RAM if economically possible.

    Both are valid. One caution here though is that if the change you are going to make needs to made within the registry, you will need to exit Virtual Mode to save the change to your real system. There is an advanced way to do this while the Virtual Mode is active, but it is not recommended normally. This is to change the Virtual Mode setting to "SAVE ALL CHANGES" rather than drop all changes.

    You need to be 100% certain that all the changes however are not malicious to use this method so we recommend approaching it with extreme caution and only use it in very specific situations where the changes will be small in number or very targeted.

    Mike
     
  3. winwolf

    winwolf Registered Member

    Joined:
    Mar 2, 2011
    Posts:
    9
    Thanks for the very thorough response.

    Will there be any caveats with partitioning my SSD as you described? Any other SSD issue? I had seen something about turning TRIM off, etc. after I posted last night, and want to know what, if any, tradeoffs there are.

    Also, where can I find info on how big to make each partition?
     
  4. Coldmoon

    Coldmoon Returnil Moderator

    Joined:
    Sep 18, 2006
    Posts:
    2,981
    Location:
    USA
    The most compelling reasons for separation when using an SSD are to minimize disk writes for the system partition and to improve the read performance for program data due to the nature of flash based media (ref: limited number of lifetime writes as well as being slower for writes than a traditional platter drive).

    When you partition however (one of those disadvantages I mentioned previously) you are actually restricting the amount of free space available on the System drive itself (ex: 120 GB drive single partition would yield a maximum cache size of roughly 40 to 45 GB of space. If you partition as say C:\ with 60 GB, the default cache maximum would then drop to somewhere around 20 - 25 GB). As RSS/RVS keep the virtualization cache for the system on the system, and the cache is based on a percentage of free space available, you may actually overuse some of the sectors and thus reach the lifetime maximum number of writes for those sectors much faster than the rest of the disk. It is a trade-off that you should take into account; especially with SSDs.

    When the Virtual Mode is active, no defragmentation of the disk is allowed as this can lead to file damage. As TRIM is essentially a form of defragmentation, it too is stopped for the very same reasons. If you use Virtual Mode in always on mode, only deactivating to make specific changes, this becomes unnecessary as the real system remains defragmented.

    What I suggest here is to define a focused goal for your reasons to partition and then weigh the pros and cons before you go forward. Once you have defined this, then the rest is just implementation and configuration.

    You are there ;)

    There are a wide range of discussions here in the wider Wilders forums where this question has been asked and answered/discussed in many scenarios. I would start with some of the older threads in our section then check out other discussions in the virtualization and sandboxing forum as well as the Leapfrog section. In the final analysis however, cache size tends to be a local environment issue rather than one with a set of specific answers.

    For example, a gamer may need a very large cache to save sessions; especially as the games become more complex and graphics rich whereas someone who only needs to make and save changes made to office documents/presentations may need far less space.

    The best advice here that I can give is one where you experiment with your cache size. If you get frequent messages indicating you are running out of cache and need to restart, it may be an indication that you need a larger cache. If you never see a warning, you either have the cache size "just right" or unnecessarily large allowing you to reclaim space that could be used more efficiently.

    Mike
     
  5. winwolf

    winwolf Registered Member

    Joined:
    Mar 2, 2011
    Posts:
    9
    Thanks, great info.

    I've discovered that I can use my OEM disk to repair Win7, and that's in progress (3 hours so far, but I'm installing windows updates already). After that I'll repair Office and see how the system is performing to determine if I still need a clean install. MSE is running and up to date since I didn't have to reinstall it, so that's good for now while I do all the windows updates.

    I've been reading what I can on the forums about SSD's, but could not find much about partitioning of SSDs. But here's what I'm thinking. Sorry if it's a bit rambling... it's been a long 3 days ...

    My primary issue is disk i/o performance. RAM and CPU don't help with apps that are doing a lot of disk thrashing. With the multiple products I have indexing my system, having it all on the SSD has vastly improved my performance. But even after pulling photos etc. off the SSD, it's already almost full (I had to delete some stuff to do the Win 7 repair). Even without partitioning, if the cache is going to be on the SSD, then there won't be much space available. Won't that impact the Returnil cache? For performance, won't I want the cache on SSD vs. HDD? From what you wrote, I'd want 60GB of cache if possible, so adding 4 additional GB of RAM doesn't seem to be likely to buy me much (I read somewhere you indicated cache = RAM + disk). Or, is 60GB the max, but the amount actually used depends on how much actual new data is written? Do I presume that the cache only needs to store disk writes, not reads? So, if I edit and modify 20 200MB files at the same time, but only add 10k to each file, then the Returnil cache will only require an incremental 200k? And, when the File Manager flushes the cache to physical disk that 200k is freed up? If so, not being a gamer, the primary data written on my laptop will be new email in my ost file and new entries (for that email) in the DB and Index files for NEO and X1. If I flush the NEO and X1 data regularly, then I could conceivably need a very small cache - a few GB vs. 60 GB. Am I right about that?

    Of course, most of my data is static after a certain point, so I could move most of my older data to my D: HDD. But I've got nearly 40GB of pst files (and growing) that are indexed. That, I think, is where I wonder how Returnil will operate. Thinking aloud here... Outlook opens those dozens of files and does modify them somewhat (the last modified date always changes, and they seem to grow in size over time even though I don't modify them - not sure what Outlook is up to). Plus, X1 and NEO scan (read) them to index them. That all leads to the potential for them to get corrupted. So, with Returnil restoring them after every reboot (actually never allowing them to be modified), I've already improved my data integrity. Moving them to the HDD will be a royal pain (if you've ever added a bunch of pst files to outlook you'll know what I mean). But the question is: if I were to move them to the HDD and the scanning and indexing is taking place on the HDD drive but all my other operations are on the SSD, will I still have super fast performance for the rest of what I do since it will be the HDD getting thrashed independently of my other work? As for my active email, I'd still keep my .ost file on the SSD. Since Outlook is prone to crashing, I think I'd set that file up as an exclude i.e. always write to disk, since even a 1 minute write to disk from virtual is, IMHO, risky. Do you agree? BUT: can I set up a particular file (or folder) to write directly? Or am I forced to use File Manager to flush to disk? How does Returnil handle crashes or power interruption? Short of putting the cache in non-volatile RAM, I don't see how that would work. If the cache is on the SSD, then that should solve the issue if there is a way for just the .ost file to be set to "save all changes" - if Returnil has some sort of crash-recovery capability.

    Sorry for the long post. It will take hours to relocate the pst files to the HDD as it's so painfully manual intensive with Outlook. If I'm right about not needing a huge cache, then I think I can leave things as-sis as long as I can find a way to ensure that the .ost file is not at risk. Worst case if it's corrupted I can restore it from the Exchange server, of course, and I do try to keep it trimmed to around 200 MB and let it grow no more than 500 MB.

    Is there a hidden utility or a log that can tell me over time how much of the cache is used, how much is in RAM vs. on disk? That could tell me how much I'd benefit from adding more RAM to my system.

    Let me know what you think, I'll be buying Returnil once all the updates are done (I'm posting from a different laptop).

    Thanks!
     
  6. winwolf

    winwolf Registered Member

    Joined:
    Mar 2, 2011
    Posts:
    9
    So, installs are all done. I repaired Office as well and reinstalled my VPN software. After installing RSS, I ran a full scan on all 3 drives (C: SSD, D: HDD and a USB HDD).

    One quick question:

    There was one piece of malware that RSS blocked, and then a long list of files that it couldn't act on because they were in use etc. I moved away from that screen and now I can't find it. Should I be worried? Where can I find that list again?

    My next step is to set up my File Manager and get into virtual mode...
     
  7. Coldmoon

    Coldmoon Returnil Moderator

    Joined:
    Sep 18, 2006
    Posts:
    2,981
    Location:
    USA
    Take a deep breath and remain calm :)

    1. When performing a scan with any AV/AM, there will be files that can't be scanned because they are in use by Windows or another program you have open at the time. This is normal and expected, as well as being nothing to be too concerned over. The good news is that because the files were locked by Windows, nothing could infect them while being used as any malware seeking to infect them would also meet the same "roadblock".

    If you suspect that one of these files MAY be infected for whatever reason, you can try slaving the drive to another computer and then perform a file scan on that drive as required. This could also be done from a boot disk or CD with a mobile scanner or solution from the disk, usb, CD\DVD, etc.

    2. For any content detected in the Full Scan, Quick Scan, or Real-Time monitor, the information will be detailed in Virus Guard > Log. This also includes any Anti-Execute blocks (Virtual Mode > Settings > Additional Protection Options) that may have happened while in Virtual Mode.

    3. The initial list of detected items will be listed as you go in the Full Scan Results screen (Virus Guard > Scan > Full Scan > Results screen).

    Mike
     
  8. winwolf

    winwolf Registered Member

    Joined:
    Mar 2, 2011
    Posts:
    9
    Thanks. I figured I didn't need to worry.

    Looks like I may have to reinstall Office, Outlook is still acting odd. I'll try safe mode and see what is up.

    Regarding #3, once the scan is over I can't see the list anymore. But that's OK. I clicked under Full Scan Start > Files from all users > UAC > Results and both malware and skipped files are empty. But that's OK. Next time, is there a way to export the list?

    Back to my long-winded inquiry, is there a hidden utility or a log that can tell me over time how much of the RSS cache is used, how much is in RAM vs. on disk? That could tell me how much I'd benefit from adding more RAM to my system.

    If it turns out I do have to re-install Office to fix Outlook, then does my pst strategy (putting them on the HDD) make sense from a performance perspective?
     
  9. Coldmoon

    Coldmoon Returnil Moderator

    Joined:
    Sep 18, 2006
    Posts:
    2,981
    Location:
    USA
    Yes, as described in my previous post, scan results are listed in Virus Guard > Log. If there was anything detected, it would be listed there. You can also right click the Tray Icon and then select "View Log" to go directly to the log screen.

    To export the detections list, select all or your target listing(s) and then click the "Export" button. The output will be in XML format.

    No. You will however get a warning when either 10% or 1GB (whichever is larger) of space is remaining in the cache.

    It depends. If you are using POP3 for your e-mail, I would suggest backing up your .pst or change the default save location in Outlook to a non-system drive or partition as you would loose any e-mails downloaded locally at restart while using the Virtual Mode.

    Mike
     
  10. winwolf

    winwolf Registered Member

    Joined:
    Mar 2, 2011
    Posts:
    9
    Regarding file mgr vs. file protection, I understand the difference, but the manual needs correction:

    File Manager
    (Availability: Paid versions)
    The File Manager allows you to save a list of frequently changed files and/or folders to the real disk
    when using the System Safe virtual protection. Possible uses include updating a shared document on
    your computer, allowing an administrator to "White list" non-registry changes he/she wants to make
    without turning off protection on the client system, using custom lists for different situations or users,
    etc.
    Note
    The software sees files and folders as unique objects, meaning that if you want to save all the
    files inside of a selected folder, you must include each of the files in the list individually.

    File Protection
    (Availability: All versions)
    The File Manager allows you to save a list of frequently changed files and/or folders to the real disk
    when using the System Safe virtual protection. Possible uses include updating a shared document on
    your computer, allowing an administrator to "White list" non-registry changes he/she wants to make
    without turning off protection on the client system, using custom lists for different situations or users,
    etc.
    Note
    The software sees files and folders as unique objects, meaning that if you want to save all the
    files inside of a selected folder, you must include each of the files in the list individually.
     
  11. winwolf

    winwolf Registered Member

    Joined:
    Mar 2, 2011
    Posts:
    9
    Things are progressing with my clean-up. I've installed Win 7 SP1, reinstalled iTunes (had to uninstall to do the update) and now I'm creating my file manager list. It's tedious to determine and select the minimum files and folders so that I am best protected.

    I'm wondering if it's relatively safe to simply select my entire User directory (C:\users\me) , or at least the whole C:\users\me\AppData directory. I think I've grabbed what I need, but then get error messages like: "C:\users\me\ntuser.dat is in use by another process" AND then I can't select it as a file to add to the list. What's the solution to that? Or is that a file that is OK to get reset whenever I reboot? Does most malware only work if it's able to affect the Registry?

    Also, where are all of the system log files for the Event Viewer located, so that I can include them in the file manager list.

    Also, I've turned on System Restore. Do I need to make an image backup if I have that running?

    To make room for an image backup, I tried to delete a file that was over 1GB in size. MSE then went into action to scan the file, even though my action was <shift> <delete>. OMG! My laptop was hung at high CPU and total disk thrash until I shut MSE down. Do I really need it anymore now that I've got RSS up and running with real time protection on?

    Thanks for any insights.
     
Thread Status:
Not open for further replies.