ntbackup does not restores system state exactly in presence of AV

A

adi

After going through a series of articles on ntbackup and system restore on
microsoft KB,i thought to give it a try .i created a restore point and backed
system state using ntbackup then i did following
step-1 i deleted a leftover key from registry and used system restore Result
-Null
step-2 I deleted one key from registry and used ntbackup to restore system
state data ,Result : deleted key was restored but surprisingly additional
keys were introduced in system

The new key introduced at wrong place was the one "which was excluded from
restore" in registry at
HKLM\system\currentcontrolset\control\backuprestore\keysnot torestore =
HKLM\software\symatec\sharedDef

after doing restoration of systemstate data i found
above(HKLM\SW\Symantec\sharddef ) got restored at (inserted) at
HKLM\SYSTEM\syamntec\shredDef

1) My post is "is ntbackup a unreliable program" only suitable to backup
personal data file or the presence of Norton is causing it to behave so.

2) when i checked the eventViewer I found system restore was encountering
error while acessing a sysmatic temporay file SrtEMP and hence stopped
monitoring the volume. still the new restore points were created
when trying torestore using those points a standard message" system restore
incomplete" no change in system has ocuured.
does any body has a siilar experience and what methode he used to correct it
 
S

smlunatick

After going through a series of articles on ntbackup and system restore on
microsoft KB,i thought to give it a try .i created a restore point and backed
system state using ntbackup then i did following
step-1 i deleted a leftover key from registry and used system restore Result
-Null
step-2 I deleted one key from registry and used ntbackup to restore system
state data ,Result : deleted key was restored but surprisingly additional
keys were introduced in system

The new key introduced at wrong place was the one "which was excluded from
restore" in registry at
HKLM\system\currentcontrolset\control\backuprestore\keysnot torestore =
HKLM\software\symatec\sharedDef

after doing restoration of systemstate data i found
above(HKLM\SW\Symantec\sharddef ) got restored at (inserted) at
HKLM\SYSTEM\syamntec\shredDef

1) My post is "is ntbackup a unreliable program" only suitable to backup
personal data file or the presence of Norton is causing it to behave so.

2) when i checked the eventViewer I found system restore was encountering
error while acessing a sysmatic temporay file SrtEMP and hence stopped
monitoring the volume. still the new restore points were created
when trying torestore using those points a standard message" system restore
incomplete" no change in system has ocuured.
does any body has a siilar experience and what methode he used to correct it
Click to expand...

The "major" problem is known to be Norton and it's "Auto-protect"
feature. Norton has a seting which protects the software from being
modified.
http://service1.symantec.com/SUPPORT/norton2008.nsf/0/fa8500b78e0a207b6525738e006ca954?OpenDocument

BTW: It is valid for all older versions also.
See Symantec's own notes:
 
A

adi

this article recommends turning the Norton Protection OFF while performing
system Restore But real problem is more serious as it appears, if you look in
eventviewer you will many error messeges with tis text system restore sevice
has encounterd a error while reading from symTemp on disk0 error code
------- and has stopped monitoring the volume. is this implies that snapshots
of system state are invalid?( huh Dont Know?) However on system restore
interface you will see many restore points marked on calender!. None of them
works.
Cant Microsoft do something to prevent Norton doing like this as it is
significantly limiting a users experience on windows ( infact it is making
one of the vital apps to be unavailable).
what will the best soln should i purchase a third party disk imaging
software with system snapshot feature like driveclone3.5 Pro . Any comment
will be welcomed
 
Top