How to update a SysRescue install with the latest definitions

Discussion in 'ESET NOD32 Antivirus' started by Proactive Services, Jun 19, 2009.

Thread Status:
Not open for further replies.
  1. Proactive Services

    Proactive Services Registered Member

    Joined:
    Jan 10, 2006
    Posts:
    153
    Location:
    Petersfield, Hampshire, UK
    For those of you who are new to the Windows Automated Installation Kit (WAIK), a prerequisite of Eset's SysRescue feature, I thought I'd share a bit of knowledge on updating the bootable USB install with the latest NOD32 definitions.

    The WAIK is needed as it allows the user to create bootable Windows Vista images. NOD32 is then added to the image and starts automatically when booted, to become SysRescue. SysRescue does have the ability to update itself via the Internet but it can be helpful to have the latest updates pre-installed.

    ImageX is the program which creates and modifies these images. To update the definitions the image will need to be mounted to a directory, the necessary files copied over, and then unmounted.

    You will need to run this set of commands as a member of the Administrator group and with Elevation if you're on Vista. This batch file assumes the following:
    The WAIK is installed to C:\Program Files\Microsoft\Windows AIK
    The USB device you're using has the drive letter E:
    You're using a 32-bit operating system (change to the appropriate directory under Tools for the AIK path if not)
    You have Microsoft's Robocopy.exe tool available in your PATH. If not, apply your own copy command. Robocopy is useful as it will delete old update files in the image.

    Batch file code:
    Code:
    @echo off
    rem When opening images, one mounts the image file to a directory then make changes to the files and directories inside.
    if not exist "%temp%\SysRescue mount" mkdir "%temp%\SysRescue mount"
    
    rem Mount the image for read/write access to the temporary directory. The "1" specifies the first entry in the image.
    "C:\Program Files\Microsoft\Windows AIK\Tools\x86\imagex.exe" /mountrw "E:\sources\boot.wim" 1 "%temp%\SysRescue mount"
    
    rem Copy the update files from the local machine.
    robocopy "%programdata%\ESET\ESET NOD32 Antivirus\Updfiles" "%temp%\SysRescue mount\ProgramData\ESET\ESET SysRescue\Updfiles" *.nup /MIR /COPY:DAT
    
    rem Unmount the image and commit the changes.
    "C:\Program Files\Microsoft\Windows AIK\Tools\x86\imagex.exe" /unmount /commit "%temp%\SysRescue mount"
    
    rem Remove the temporary directory.
    rmdir /s /q "%temp%\SysRescue mount"
    
    I can probably rustle up something for the ISO as well if anyone needs help.
     
  2. Fidelius

    Fidelius Registered Member

    Joined:
    Oct 2, 2006
    Posts:
    146
    Very interesting, thank you.
    I have a question : why doesn't Eset make things easier ? Burning a DVD, installing the "fatware" from microsoft and then creating the rescue CD.

    Wouldn't it be easier to have a Live CD with Nod32 ?
    Did the programmers think of this feature for a minute ?
    I bet most users will be reluctant to Install AIK...
     
  3. JohnnyDollar

    JohnnyDollar Guest

    Once you have booted into the sysrescue cd doesn't it update from your eset update files on your hard drive?
     
  4. Proactive Services

    Proactive Services Registered Member

    Joined:
    Jan 10, 2006
    Posts:
    153
    Location:
    Petersfield, Hampshire, UK
    The AIK means Eset know exactly what environment they're booting into. It's also reliable and pretty much "is Windows" in many respects. This means that SysRescue is on much more solid footing than a lot of the other live CD environments.
     
  5. Proactive Services

    Proactive Services Registered Member

    Joined:
    Jan 10, 2006
    Posts:
    153
    Location:
    Petersfield, Hampshire, UK
    If I'm booting a PC from SysRescue then I don't trust a single byte on the hard drive! Also there's no saying NOD32 is up-to-date if the computer has been infected; not even Eset's products are immune to being broken or tampered with by malware.
     
  6. Fidelius

    Fidelius Registered Member

    Joined:
    Oct 2, 2006
    Posts:
    146
    AIK

    I have the ISO on my hard drive but I have not yet installed AIK on my HD because I am not sure if it will work with my Windows XP home SP3 32 bits. The documentation says it is a Vista based version.
    I do not know if I can remove AIK after creating a sysrescue CD. I guess not.
    Will AIK be removed properly without leaving traces , not sure.

    Apart from that, I have a software which uses a plugin CAB for a live cd.
     
  7. trencan

    trencan Eset Staff

    Joined:
    Nov 21, 2008
    Posts:
    120
    Re: AIK

    Yes, it is Vista based, what means than once you boot Rescue CD, you have WinPE OS, which is based on Vista SP1. But you can build the CD on XP too. Files for WinPE are in AIK installation folder.

    You can uninstall AIK once CD is built. You need AIK installed only for building process. Then you can boot your CD on every PC, regardless of OS, even without HDD in PC.
     
  8. Fidelius

    Fidelius Registered Member

    Joined:
    Oct 2, 2006
    Posts:
    146
    AIK

    I have a question. I have burnt AIK 1.1 (1.3 Gb) on a DVD. Next step, how do I install it on my PC. I am a bit lost because there are several menus, don't know which one to use.
    Thank you.
     
  9. JohnnyDollar

    JohnnyDollar Guest

    Re: AIK

    Click on windows aik setup
     
  10. JohnnyDollar

    JohnnyDollar Guest

    Isn't your tutorial about using eset's updates located on the hard drive? What about updating from eset servers once you have booted into sysrescue cd. I noticed there is a command prompt before the eset gui appears, can you update from it.

    Edit: I probably forgot to add my network driver when I created the iso.
     
    Last edited by a moderator: Jul 3, 2009
  11. Fidelius

    Fidelius Registered Member

    Joined:
    Oct 2, 2006
    Posts:
    146
    Re: AIK

    I did it and now it complains MSXML 6.0 is not installed. What's next ? :rolleyes:
     
  12. Fidelius

    Fidelius Registered Member

    Joined:
    Oct 2, 2006
    Posts:
    146
    Re: AIK

    I have manage to create the sysrecue cd ! :)
    Now I can update the virus database from the hard drive. Internet connection obviously doesn't work. I just need to configure the deep analysis.
    Sysrescue cd scan less files than in the normal windows xp.

    Thank you for helping Proactive, trencan and Johnny.
     
  13. trencan

    trencan Eset Staff

    Joined:
    Nov 21, 2008
    Posts:
    120
    Re: AIK

    If internet connection doesn't work, then you most probably don't have driver for your NIC installed in WinPE. If you are on 32 bit OS, you have 2 possibilities: First one si to use "Aut.Search" button in advanced settings of SysRescue Wizard. It searches all NIC and SCSI drivers on your machine and injects found drivers into WinPE. Second one is to download NIC driver from manufacturer website and put the path to .inf file of driver package into SysRescue wizard. On 64bit OS, you have only the second possibility.
     
  14. Proactive Services

    Proactive Services Registered Member

    Joined:
    Jan 10, 2006
    Posts:
    153
    Location:
    Petersfield, Hampshire, UK
    Yep there is the option to download once booted but if a computer doesn't have a wired connection it can cause problems and as I have this in a batch file that updates my USB drive it saves the download time.
     
Thread Status:
Not open for further replies.