Restore Point Files No longer flagged as system files

  • Thread starter Thread starter bbear
  • Start date Start date
B

bbear

XPHome, SP2; I was messing around with restore points and needed to
understand why I only could have 10 with >10Gb allocated. I finally
did something so that I can now view the System Volume Information
directory and found some points >3.5GB!!! --- but I digress. Since
doing this, all the new restore points do not show up in "blue" as
system directories nor do the have the "C" (what is that anyway)
attribute set like the older ones.

Questions: 1. is the fact that they are not listed as system files
without the "C" attribute set a problem?
2. How can I get the directories in "System Volume Information" back
to looking "normal" like the old ones WITHOUT turning off restore
points and turning it back on --- I don't want to lose the ones that I
do have, even if the are huge and >2 and 3 Gb.

3. bonus question, are restore points >1Gb normal? Based upon what I
read it doesn't seem like it and it's not like I've been making 100s of
changes.
 
Hi,

XPHome, SP2; I was messing around with restore points and needed to
understand why I only could have 10 with >10Gb allocated. I finally
did something so that I can now view the System Volume Information
directory and found some points >3.5GB!!! --- but I digress. Since
doing this, all the new restore points do not show up in "blue" as
system directories nor do the have the "C" (what is that anyway)
attribute set like the older ones.
Click to expand...

The blue file names are compressed files. System Restore should do this
automatically on NTFS partitions. Normally there may be two or three not
compressed.
Questions: 1. is the fact that they are not listed as system files
without the "C" attribute set a problem?
Click to expand...

No, as stated above. How many uncompressed folders (RPxx) do you see in
the SVI folder?
2. How can I get the directories in "System Volume Information" back
to looking "normal" like the old ones WITHOUT turning off restore
points and turning it back on --- I don't want to lose the ones that I
do have, even if the are huge and >2 and 3 Gb.
Click to expand...

The compression should be automatic. Seeing a lot of uncompressed (RPxx)
folders, could mean corruption. Have you tested System Restores
functionality? You will find instructions on this page.
Tips Fixes & FAQs http://bertk.mvps.org/html/tips.html
If the test fails, then disable SR and then enable it.
How to Disable and Enable System Restore:
http://bertk.mvps.org/html/disablesr.html
3. bonus question, are restore points >1Gb normal? Based upon what I
read it doesn't seem like it and it's not like I've been making 100s
of changes.
Click to expand...

This is the most relevant question. <g> One GB restore point (RPxx)
folders are much to large. The recommended size of the entire store is
around 1GB which normally holds approximately one to two weeks of
restore points. The first step to take is to stop SR from monitoring
drives/partitions other than the one Windows is installed on. Then
create a manual restore point and check its size in the SVI folder.
 
Bert said:
Hi,


The blue file names are compressed files. System Restore should do this
automatically on NTFS partitions. Normally there may be two or three not
compressed.
Click to expand...
Thanks for the explaination on the blue being compressed - new to me.
I assume the "C" attribute also means compressed. I do have NTFS.
Specifically I was referring to the folders as being blue (e.g. RP9xx,
etc.) None of the new ones are blue. And everything in the RP folders
is black except for that which is under "snapshot" - those are blue.

No, as stated above. How many uncompressed folders (RPxx) do you see in
the SVI folder?
Click to expand...
I had about 8, now I think I'm down to 6.
The compression should be automatic. Seeing a lot of uncompressed (RPxx)
folders, could mean corruption. Have you tested System Restores
functionality? You will find instructions on this page.
Tips Fixes & FAQs http://bertk.mvps.org/html/tips.html
If the test fails, then disable SR and then enable it.
How to Disable and Enable System Restore:
http://bertk.mvps.org/html/disablesr.html
Click to expand...
I did create another RP (two in fact) and the strange things happen.
After I created the first one, it was a respectable 64M. Then about 24
hours later that same RP was >1G!!! Now how can this happen, how can
it change size?

So I tried it again with a second RP and the exact same thing. I
created it about an hour ago an it was 73M and now it's 212M (and
growing). Very strange.

I have not tested the RP yet nor restarted it - mainly because I didn't
want to lose all my old RPs. But at this point it looks like I 'm
gonna lose them any way if they keep growing like this.
This is the most relevant question. <g> One GB restore point (RPxx)
folders are much to large. The recommended size of the entire store is
around 1GB which normally holds approximately one to two weeks of
restore points. The first step to take is to stop SR from monitoring
drives/partitions other than the one Windows is installed on. Then
create a manual restore point and check its size in the SVI folder.
Click to expand...
Yes, I did stop SR from monitoring the other drives/partitions. I
thought this had helped until I noticed the RP folders growing.

Thanks for the replies.

I suspect you are still recommending I stop and restart the RP system?
 
Update: I bit the bullet, disabled Sys Restore, rebooted, reenabled
it. The first restore point was 60M. Then I manually created a second
restore point and it was 63M. But now, the second (and current one)
is growing. it's 300M now after less than a day and is still growing.
It would appear that I am going to have the same problem with large RP.

Any ideas on why the RPs are growing and what I can do now to stop
this?

Also, looks like the non-current RP points eventually get compressed.
But not the current one that keeps growing in size. Thanks.
 
bbear said:
Update: I bit the bullet, disabled Sys Restore, rebooted, reenabled
it. The first restore point was 60M. Then I manually created a second
restore point and it was 63M. But now, the second (and current one)
is growing. it's 300M now after less than a day and is still growing.
It would appear that I am going to have the same problem with large RP.

Any ideas on why the RPs are growing and what I can do now to stop
this?

Also, looks like the non-current RP points eventually get compressed.
But not the current one that keeps growing in size. Thanks.
Click to expand...
Are you sure it's a restore point that's growing? See the FAQs re other
growing things in the SVI folder (EFS and Indexing Service) at the link
in Bert Kinney's first response to you.
 
Are you sure it's a restore point that's growing? See the FAQs re other
growing things in the SVI folder (EFS and Indexing Service) at the link
in Bert Kinney's first response to you.
Click to expand...
OK thanks for the tip. I did go back and read that FAQ. If I am
looking at the Indexing Service correctly (from windows explorere,
right click on the drive / properties / General tab / then look at the
check box "Allow Indexing Service to index this disk for fast file
searching". In my case it is Unchecked. So I assume I'm not using
the Indexing service - and this is the only NTFS drive that I have.

Now regarding EFS, I have no idea on how to determine if that's on or
off - any clues? And what would be the ramification of turning it off
it was on and vica-versa.

And if it helps, the exact thing which is growing are the addition of
more and more .RDB files. all beginning with A0000xxx.RDB and in
sequential order. They are all the same size at 3,576Kb. and have time
created stamps about every 1-3 minutes. They are in the SVI directory
under _restore... and under a particular RPxx. Does that help?
 
Thanks for the explaination on the blue being compressed - new to me.
I assume the "C" attribute also means compressed. I do have NTFS.
Specifically I was referring to the folders as being blue (e.g.
RP9xx,
etc.) None of the new ones are blue. And everything in the RP
folders
is black except for that which is under "snapshot" - those are blue.
Click to expand...

Yes, the "C" attribute indecates compression.
Opening the C:\System Volume
Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69} folder should
look like this. http://bertk.mvps.org/svifolder.jpg
I had about 8, now I think I'm down to 6.
Click to expand...

As far as I know compression will not take place unless the there is
sufficient system idle time. Viewing "System Idle Process" in Task
Manager may help determine idle time.
I did create another RP (two in fact) and the strange things happen.
After I created the first one, it was a respectable 64M. Then about
24
hours later that same RP was >1G!!! Now how can this happen, how can
it change size?
Click to expand...

Are you by chance using file encryption?
So I tried it again with a second RP and the exact same thing. I
created it about an hour ago an it was 73M and now it's 212M (and
growing). Very strange.

I have not tested the RP yet nor restarted it - mainly because I
didn't
want to lose all my old RPs. But at this point it looks like I 'm
gonna lose them any way if they keep growing like this.
Click to expand...

I agree, I would suggest reinstalling System Restore rather than
disabling.
 
bbear said:
OK thanks for the tip. I did go back and read that FAQ. If I am
looking at the Indexing Service correctly (from windows explorere,
right click on the drive / properties / General tab / then look at the
check box "Allow Indexing Service to index this disk for fast file
searching". In my case it is Unchecked. So I assume I'm not using
the Indexing service - and this is the only NTFS drive that I have.

Now regarding EFS, I have no idea on how to determine if that's on or
off - any clues? And what would be the ramification of turning it off
it was on and vica-versa.

And if it helps, the exact thing which is growing are the addition of
more and more .RDB files. all beginning with A0000xxx.RDB and in
sequential order. They are all the same size at 3,576Kb. and have time
created stamps about every 1-3 minutes. They are in the SVI directory
under _restore... and under a particular RPxx. Does that help?
Click to expand...

Sorry, I don't know anything more about this than what I can see on
Bert's site, but it sure sounds as if it's the restore point that's
growing rather than IS or EFS. I would have guessed it was the Indexing
Service, but if that's disabled (and there is no catalog.wci in the SVI
folder) I guess it isn't that. And if you're not encrypting/decrypting
files, there wouldn't be any EFS log to grow.

What you're describing does not seem normal to me, although SR is not
enabled on the PC where I am now, so I can't check. There's a ton of
info re SR on Bert's site. You can either start there or wait for Bert
or someone else with more knowledge to respond.

The only thing I can think of is that by "messing around with restore
points" and making the SVI folder visible, you've somehow managed to get
SR recursively backing itself up (among other things, SR backs up *.RDB
files). Why don't you try reversing ALL of the steps you took to get
access to the SVI folder, then disable and re-enable SR, and see if the
issue persists.
 
.....
Are you by chance using file encryption?

....
--
Regards,
Bert Kinney MS-MVP Shell/User
http://bertk.mvps.org
Member: http://dts-l.org
Click to expand...

I did reinstall RP per the instructions - no change. See updated
earlier in thread.

I have no idea if I'm using file encryption - how do I tell? how do I
change it? Again, please see update and thanks for your help.
 
OK thanks for the tip. I did go back and read that FAQ. If I am
looking at the Indexing Service correctly (from windows explorere,
right click on the drive / properties / General tab / then look at
the
check box "Allow Indexing Service to index this disk for fast file
searching". In my case it is Unchecked. So I assume I'm not using
the Indexing service - and this is the only NTFS drive that I have.
Click to expand...

The check box in windows explorer and the Indexing Service are two
different things.
To check if the "Indexing Service" is running, click Start, click Run,
and then type cmd /k net start then press enter. If Indexing Service
is present, then Indexing is turned on.
Now regarding EFS, I have no idea on how to determine if that's on or
off - any clues? And what would be the ramification of turning it off
it was on and vica-versa.
Click to expand...

For more information on EFS, take a look at this article.
Best practices for the Encrypting File System
http://support.microsoft.com/?kbid=223316&sd=RMVP

And if it helps, the exact thing which is growing are the addition of
more and more .RDB files. all beginning with A0000xxx.RDB and in
sequential order. They are all the same size at 3,576Kb. and have
time
created stamps about every 1-3 minutes. They are in the SVI
directory
under _restore... and under a particular RPxx. Does that help?
Click to expand...

Yes, by chance is Zone Alarm installed?
 
Our replies must have crossed. Let me see if I can update all this.

EFS is NOT enabled. That is, the check box "Encrypt contents to secure
data" is greyed out on all the directories in the root directory. I
checked them all.

Indexing service, is not listed when doing "cmd /k net start " from run
menu.

Yes I am using Zone Alarm. Have been for years and never had this
problem. What's up with that?
 
My reply went above to #9. Not sure how this "groups" thing works, so
I hope you'll see it even though it's out of order. Thanks.
 
Bert, thanks for hanging in there with me to resolve this issue.
That's it. The free Zone Alarm 6.5 with XP home SP2 is the culpret.
Here's more details in case someone else needs the info. I read that
the ZA forum is deleted after 90 days.

Every 1-3 minutes Zone Alarm"saves" the files c:\windows\Internet
logs\IAMDB.RDB and BACKUP.RDB into your restore points directory. Each
one is labelled something like: Axxxxxxx.RBD where xxxxxxxx are
consecutive numbers. At this rate you can see how quickly it is before
the restore directory RPxxx is over 1Gb. You will also notice that the
size of the .rdb files mentioned here are exactly the same, all of
them.

My ultimate solution to this problem so far was to resort back to ZA
6.1. Here's the link if someone else needs an older version
http://download.zonelabs.com/bin/free/information/znalm/zaReleaseHistory.html

I read somewhere there was speculation that the files:
c:\windows\Internet logs\IAMDB.RDB and c:\windows\Internet
logs\BACKUP.RDB were corrupt and all you had to do was to delete them
and then ZA will recreate them an all will be well - not true in my
case. I tried all 6.5 versions of ZA; entered SAFE MODE; deleted those
two files; rebooted. In at least on case it worked for about a half
hour, but then after a few ZA pop up prompts, it resorted to the 1-3
mins. of "saving" the .rdb files into the RP directory. So I don't
recommend that path.

IMHO, I think ZA saving it's state in the RP directory is irresponsible
and poor programming. I'm very disappointed in a product that I used
to have a very favorable opinion of. This 6.5 was just one of several
recent ZA issues that tells me, it's not what it used to be. Anybody
know of a good 2 way fireway :) ?
 
Back
Top