• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs
Advanced

Not what you are looking for? Ask the experts!

Kudos0

NIS 2010 and System Restore points.

Hi all:

I have known for a long time that System Restore (points) can become infected.

How come that NIS 2010 does not check these on a regular basis, rather than manually clearing them by the user?

Perhaps in the next release?

      Plankton - MCSE, CSQE     - NIS 2009 • NIS 2010 -Windows XP • Vista • 7 • IE 8

Replies

Kudos0

Re: NIS 2010 and System Restore points.

Hi all:

I have known for a long time that System Restore (points) can become infected.

How come that NIS 2010 does not check these on a regular basis, rather than manually clearing them by the user?

Perhaps in the next release?

      Plankton - MCSE, CSQE     - NIS 2009 • NIS 2010 -Windows XP • Vista • 7 • IE 8
Accepted Solution
Kudos4 Stats

Re: NIS 2010 and System Restore points.

Hi Plankton,

It is not so much that system restore points become infected. The real issue is that they can backup an infection that happens to be present on your system when a restore point is created.  Windows does not allow any outside program to modify a restore point, so even if an antivirus program were to spot the infection, it could not remove it.  The backed up infection is also not immediately dangerous since you can only reinfect your computer if you restore it using that restore point.  Were you to do that, the Norton Auto-Protect mechanism would step in and save the day.

So scanning the System Volume Information has very limited benefit and can be quite time consuming.  If a virus was found, the solution would still be to manually turn off System Restore, thereby deleting the infected restore point and all other restore points along with it.  For this reason many antimalware applications elect not to scan the SVI files and instead choose to rely on their real time protection to deal with the infection if the need ever arises. 

Kudos0

Re: NIS 2010 and System Restore points.

Hi SOJ:

Great explanation and clarification!

Perhaps a simple function could be designed for implementation in the next release of NIS to prompt the user to clear these points (disable and re-enable) when an infection is detected, since NIS will not modify the System Volume Information.

Naturally, the user would lose the existing restore points, but new ones would be created.

Thanks.

Message Edited by Plankton on 11-17-2009 09:35 AM
      Plankton - MCSE, CSQE     - NIS 2009 • NIS 2010 -Windows XP • Vista • 7 • IE 8

This thread is closed from further comment. Please visit the forum to start a new thread.