Hello -
After reading the well written article at: http://community.norton.com/t5/Norton-Protection-Blog/Norton-Insight-A-solution-to-performance-improvement-without/ba-p/20642
This question and answer:
Q: How do you know that a trusted file was not modified when the product was not running, such as booting into safe mode or booting from a CD?
A: On startup, we analyze the NTFS file system, and if we determine that any changes were made that we cannot account for, all trust values of all files on that volume are revoked.
I use TrueCrypt on my user data partition so on my system I've got the O/S partition, C and the USER partition R. When the system boots up, R: is not present. Once the system boots and I need to access the USER partition I mount the drive with my password and the drive is mounted as R and available for use as any other NTFS volume. When I want to shut the system down, I cleanly dis-mount the volume.
I am wondering if the following situation above will cause Insight to "determine that any changes were made that we cannot account for, all trust values of all files on that volume are revoked." Since this is a significant amount of data (100GB) I would hate that not having the volume right away at boot would cause Insight to notice that ALL of the files are gone and thus not trustworthy any more. When does Insight make the determination in this situation? Surely this was thought of for external USB devices?
NAV2010 is incredible by the way since the last time I used NAV consumer version was the 2004 version.. whew.
If you need any clarification, please let me know. Thanks.