FIRST DEFENSE users: a concern

That screenshot is what I see when I open the C: drive.

 

Tony, that's really weird. With your "Show hidden files and folders" I would think that you should be able to see it.

Acadia

 

Similar to Tony, I have Folder options to show hidden files and folders, but I can't see $ISR anywhere

Looking through the various threads on FD there seems to be lots of inconsistencies between different users!

 

What I see:

 

Like this one on C:

 

Perhaps you guys have 'Hide protected operating system files' unchecked. I've found that if I uncheck that, I can see the $ISR folder, but for safety reasons, I've re-checked it.

 

Same deal with me, TonyW. I can see $ISR with 'Hide protected operating system files' unchecked, can't see $ISR when 'Hide protected operating system files' is checked.

I recently installed System Mechanic 6 (Iolo). I tried out the "fix broken shortcuts" feature. For every "broken" shortcut it found in my "live" files, it found a corresponding "broken" shortcut in the snapshot stored in my $ISR snapshot structure !!! This was before I knew enough about the settings in SM6 to not allow it to delete stuff at will -- which it PROCEEDED TO DO ! -- including the "broken" shortcuts in my stored snapshot !

Since I felt it had probably corrupted the snapshot and was generally extremely ill at ease, I restored my Retrospect backup from the night before. Retrospect stores EVERYTHING including The $ISR structure.

From all the timestamps and configuration settings, it was clear that Retrospect put things back exactly as they had been the night before -- even the timestamp and size of the stored snapshot.

 

Indeed, Pete, me too, as I mentioned in another thread about registry cleaners. The jv16 pt '05 reg cleaner only gave me a very minor problem on one occasion. I could have fixed it manually, but used the opportunity to restore the reg cleaner backup just as a "real life" test (although I HAD tested, this was more "real").

 

I doubt this is any different than system restore, as far as scanning inside them goes. Just about anything can scan inside them, but I don't think there's much that can remove. Permissions can be set very granularly, it's possible that a scanner could scan inside but no more.. that doesn't necessarily mean there's a security hole. I would definitely try what Peter suggested and create a snapshot with the eicar test file inside, scan it and see what happens.