Excluding \Device\HarddiskVolumeShadowCopy1

Discussion in 'ESET NOD32 Antivirus' started by binslp, Jan 11, 2011.

Thread Status:
Not open for further replies.
  1. binslp

    binslp Registered Member

    Joined:
    Apr 1, 2009
    Posts:
    4
    This seems to have been discussed some time ago, but I can't find it in any current forums, and didn't see an answer in Google search results.

    Apparently, some time ago, I got a Trojan virus in a Java file. (I assume NOD32 found it at the time.) It seems to have been captured in a VSS snapshot. I back up my computer using Migo PG Backup 10, and every time I do so, NOD32 flags the file. This is the log entry:

    1/11/2011 12:37:18 AM Real-time file system protection file \Device\HarddiskVolumeShadowCopy1\Documents and Settings\MyName\Application Data\Sun\Java\Deployment\cache\6.0\62\4721cb3e-30f94164 a variant of Java/Exploit.Agent.NAL trojan error while cleaning MY-COMPUTER\MyName Event occurred on a file modified by the application: C:\Program Files\MigoMobile\MigoMobile PC Backup\mgService.exe.

    Not surprisingly, the error message says that it cannot clean the file. As I usually run backups overnight, I rarely see the message, and the backup finishes with an error. So...

    1) Is there a way to tell NOD 32 not to scan \Device\HarddiskVolumeShadowCopy1? Can I do it as a general exclusion, or, specifically, on this file from the log? (Maybe this should go in "feature wish", but it would be nice to have a context menu entry like "Exclude from future scans.")

    2) Is there a way to clean or empty my VSS snapshots? (Yeah, this is not an ESET question, but someone who understands what this post means might know the answer!;))

    Thanks much for any help.

    Oh, yes - I use Windows XP Pro with all service packs.
     
  2. TyeF

    TyeF Former Eset Moderator

    Joined:
    Feb 19, 2010
    Posts:
    78
  3. binslp

    binslp Registered Member

    Joined:
    Apr 1, 2009
    Posts:
    4
    Thanks for the reply. I should have mentioned that I read those articles, but on your suggestion I went through them again.

    My problem is, I don't know which of the options to select. I cannot enter \Device\HarddiskVolumeShadowCopy1\, because it is not a "complete" file name. I thought about selecting the System Volume Information file for drive C:, but, before excluding it, I ran a scan against it; it found nothing.

    By the way, I do have an exclusion for C:\Program Files\MigoMobile\MigoMobile PC Backup\mgService.exe, but that's been on for a while and does not prevent the problem.

    What am I supposed to select from the Exclusions menu?

    Thanks, again.
     
Thread Status:
Not open for further replies.