FBWF Related

[Guest]

Hi All,

Please try to answer the following questions related to FBWF (File Based
Write Filter)
1.If write filter is enabled we can perform commit operation on protected
volume during runtime without needing to reboot the machine? For e.g. by
using FbwfCommitFile API
2.Can we protect the entire volume using FBWF?
3.We can enable or disable FBWF during runtime without needing to reboot the
machine? For e.g. by using FbwfProtectVolume API
4.If antivirus is running on XPe system then how to provide virus updates if
write filter is enabled with out needing to shutdown the system?
5.FBWF can be used to provide registry based updates or Registry Filter have
to be used. In both the cases the system is required to be rebooted?

Thanks & regards
Roshan.

 

[Sean Liming \(eMVP\)]

1. Difficult to answer since you can commit inidividual files on the disk
with out having to reboot. Files that don't exist, but are created inthe
overlay need a re-boot. I might be mistaken.
2. Yes.
3. No. You have to re-boot.
4. FBWF allows you to create holes in the protection so you could open a
hole to the location of the virus definition files.
5. Registry updates - not exactly. Registry filer by default protects two
registry keys - TSCALs and domain secret key. It might be possible to modify
to support other keys.


Regards,

Sean Liming
www.sjjmicro.com / www.seanliming.com
XP Embedded Book Author - XP Embedded Advanced, XP Embedded Supplemental
Toolkit

 

[Guest]

Hello Sean,

Thank you very much for the reply; actually I am looking for a write filter
solution on my XPe device so that I will be able to update my device in field
by committing changes without needing to reboot the device. The device is
reading updates through DUA service and protecting the hard disk from hard
shutdown impacts.
The device is also running with antivirus software so all these updates are
required to be committed to the device without the need of frequently
rebooting the device.
We have EWF and FBWF options in XP embedded as write filter, which option
will be best for me to use in this scenario?
If I choose FBWF for protecting hard disk against impacts of hard shutdown
then I will have to perform commit on hard disk at a regular interval, in
this case if I don’t reboot my system all the committed data will be lost
during next boot? How the frequent commits will affect the performance of the
system?

Thanks & Regards
Roshan.

 

[Sean Liming \(eMVP\)]

It sounds as if FBWF with the Registry filter are the way to go. You will
have to open holes for the virus files. If you know what you are going to
update on a regular basis such as a custom application that I would open a
hole for this too.

The Registry Filter would only be needed for registry keys that need to be
udpated on a regular bases. Once again I would look into the solution for
adding extra registry keys to the Registry Filter.

How many times do you ahve to re-boot and when should you do it, is
application dependent....Someone else might have a different opinion.

Regards,

Sean Liming
www.sjjmicro.com / www.seanliming.com
XP Embedded Book Author - XP Embedded Advanced, XP Embedded Supplemental
Toolkit

 

[Milong Sabandith [MS]]

Just to clarify 1.
You can commit new files which only exist in the cache
provided the directory it exists in was already on the device.

-milong

 

[Guest]

Hello,

I just want to know if write filter is enabled (EWF or FBWF) on the device
and commit is performed with out disabling the write filter and if the system
restarts after a hard shutdown, In this case will the previously committed
data will be lost or retained during next boot and what will be the effect on
write filter at the next boot.

Thanks & Regards
Roshan Dalvi.