System Volume Information scanning

Discussion in 'other anti-virus software' started by midway40, Mar 25, 2007.

Thread Status:
Not open for further replies.
  1. midway40

    midway40 Registered Member

    Joined:
    Jul 24, 2006
    Posts:
    1,257
    Location:
    SW MS, USA
    Norton, from what I remember, had always excluded scanning the \Systerm_Volume_Information\ directory for some reason. Norton '07 does the same as well. In the past using other AV's some would find some nasties in the \SVI folder, usually files like A#####.exe.

    In your opinion, is scanning of the \SVI directory necessary?
     
  2. GES/POR

    GES/POR Registered Member

    Joined:
    Nov 26, 2006
    Posts:
    1,490
    Location:
    Armacham
    Most virusses i found with several av's such as avira and dr web were located in system volume information restore.
     
  3. C.S.J

    C.S.J Massive Poster

    Joined:
    Oct 16, 2006
    Posts:
    5,029
    Location:
    this forum is biased!
    i aint sure about 2007, but when i had my norton 2005 licence, these could easily be added or removed in the excludes in the settings.

    you can scan system volume restores with norton midway.
     
  4. midway40

    midway40 Registered Member

    Joined:
    Jul 24, 2006
    Posts:
    1,257
    Location:
    SW MS, USA
    I just removed \S_V_I from the exclusions list. I guess I was just wondering why Norton doesn't see it as a necessity to be scanned. I have not seen this in other AV's.

    Thanks for the input :)
     
  5. C.S.J

    C.S.J Massive Poster

    Joined:
    Oct 16, 2006
    Posts:
    5,029
    Location:
    this forum is biased!
    are you sure it wasnt excluded in the 'real-time' settings only?

    i dont usually exclude anything on any AV's, but still nice to have that feature.
     
  6. midway40

    midway40 Registered Member

    Joined:
    Jul 24, 2006
    Posts:
    1,257
    Location:
    SW MS, USA
    There are two options:

    1. Which disk, folders, or files to exclude from risk scanning

    2. Which disk, folders, or files to exclude from Auto-Protect scanning

    By default \S_V_I was included in both.
     
  7. C.S.J

    C.S.J Massive Poster

    Joined:
    Oct 16, 2006
    Posts:
    5,029
    Location:
    this forum is biased!
    i personally would keep it excluded in the auto protect midway.
     
  8. midway40

    midway40 Registered Member

    Joined:
    Jul 24, 2006
    Posts:
    1,257
    Location:
    SW MS, USA
    I do exclude my backup drive (it is mainly for what used to be called My Documents in XP, now it is called [User] ) plus some of my gaming directories like Activision and Id Software.
     
  9. midway40

    midway40 Registered Member

    Joined:
    Jul 24, 2006
    Posts:
    1,257
    Location:
    SW MS, USA
    I can see why because this may slow the computer down come to think of it. I will try it a while like it is and see if any adverse effects are noticed.
     
  10. Mele20

    Mele20 Former Poster

    Joined:
    Apr 29, 2002
    Posts:
    2,495
    Location:
    Hilo, Hawaii
    It should always be excluded from both real time and on demand scans. The reason being that if your AV finds an infected file in System Restore and attempts to clean it and cannot and deletes instead that action instantly renders all restore points before and including that one null and void.

    It is more prudent to simply disable and then re-enable System Restore if you suspect viruses are in there. This action will wipe all restore points off your computer and you will start fresh.

    Another important reason for excluding System Restore from AV routine scanning is that it is possible to restore a infected restore point if you have a desperate situation and you think your restore points may be infected but you really need to use one. You can turn off your AV temporarily and then do the restore point and immediately after restore is successful you can run your AV and let it take care of the virus.

    I will never let my AV scan System Restore. I used to allow it and one day I had a terrible problem and desperately needed System Restore. I found all the restore points that could have helped me were ruined (almost 3 months of points and I tried every one of them) because I had let my AV scan System Restore. It had found eicar.zip (which I had not deleted from my downloaded programs folder) and deleted it or quarantined it and that simple action ruined that restore point and all preceding it. It could have been another file that the AV thought was a virus but wasn't and it deleted it or quarantined it from System Restore.

    Avira which I use now is one of the worst for finding viruses (extended threats category) that are FP's and Avira won't fix many of them because whether they are "threats" or not is up to the individual. So, I have to exclude them and then if the new definitions one day find a program I have that is NOT excluded and the new definitions say it is a virus then if Avira is set to scan System Restore it will try to clean that "virus" and fail and delete it or quarantine it and that will render that restore point and all before it null and void. So, I can't afford to let my AV scan System Restore.
     
  11. midway40

    midway40 Registered Member

    Joined:
    Jul 24, 2006
    Posts:
    1,257
    Location:
    SW MS, USA
    That makes sense as well. Maybe this is why Norton has it set like that. Thanks for the input :)
     
  12. Mele20

    Mele20 Former Poster

    Joined:
    Apr 29, 2002
    Posts:
    2,495
    Location:
    Hilo, Hawaii
    Today Avira's updates resulted in it almost immediately finding a new "virus" on my computer. It told me that System Information Works by Gabriel Topala is a trojan. I'm sure that is a FP as it wasn't detecting that until right after the updates today. Plus, I submitted the file to Jotti and no scanner found anything including Avira (I assume Jotti's Avira doesn't yet have the new definitions). What if Avira had updated during the night (that how I had it set until recently) and I didn't have System restore excluded? The realtime scanner might have accessed System restore and found that, deleted or quarantined it and messed up the restore points.
     
  13. FRug

    FRug Registered Member

    Joined:
    Feb 7, 2006
    Posts:
    309
    Avira doesn't delete/quarantine stuff from system volume restore since those files are protected by the OS.
     
Loading...
Thread Status:
Not open for further replies.