Weird activity with restore point use.

[Guest]

Well, I've been having problems running both the free version of AVG and the
beta they put out to test with Vista. Both versions had trouble loading at
startup. The beta version keeps giving a kernel interface fault.

On to the weird activity of Vista. I used a restore point of one week ago,
which was prior to the beta download. After I did the restore, the
downloaded AVG beta file disappeared from my pc. Restore is not supposed to
delete your files but it did. Then I restored to the current date and guess
what? The file is still not there. I did a search for grisoft on my pc and
all it found was the download page. When I clicked on that link in the
search menu, it asked if I wanted to save the file and downloaded it.

It's still bugging me because the only way that I can load the resident
shield for AVG is to load it myself after everything is booted up and with
Defender and UAC turned off. Anybody have any insight as to why AVG beta
cannot load and what to do.

 

[Jill Zoeller [MSFT]]

It is by design that System Restore removes new executables (added after the
restore point creation). This is the same behavior as XP and Millennium.
Check out the FAQ in the Help and Support. There is a question/answer called
"What files are changed during a system restore?" that explains this.

 

[Guest]

I'm sorry but I don't ever recall that happening in XP. And I don't quite
understand why it would target the downloaded files. There are many reasons
why a person would want to use system restore and not necessarily because of
downloaded exes. I used it because I had made some changes based on some
suggestions in these forums and couldn't go back on the changes. I'll have
to look at the blogs to try to understand that reason. All traces of AVG
were removed eccept the link to the download. I had the downloaded freeAVG
exe to install it and search couldn't find any trace of AVG except the link
to the beta download. Even after I re-downloaded the beta install file, a
search couldn't find the file that was on my desktop. I know MS doesn't
support AVG but how did it selectively get rid of all traces except that
link? In a prior post I made, I mentioned how I used an external hd to copy
some data files to. When I went to get them from the ext. hd, I couldn't
many of the files.

Thanks for the link to research this further.

 

[Guest]

After reading the blogs and the system restore faqs, I still don't understand
why system restore would delete a file that was sitting in my user documents
folder. But I guess that means that a person would have to rename all
executables that Vista may be hunting down to destroy. Deleting the
installed program files I understand. I knew that it did that. But going
after files that the user has put in a personal folder seems like overkill.

Still not understanding this behavior. How are users supposed to protect
themselves against this behavior? How am I going to know which files I have
to protect against Vista's restore behavior?

 

[Mark D. VandenBerg]

After reading the blogs and the system restore faqs, I still don't
understand
why system restore would delete a file that was sitting in my user
documents
folder. But I guess that means that a person would have to rename all
executables that Vista may be hunting down to destroy. Deleting the
installed program files I understand. I knew that it did that. But going
after files that the user has put in a personal folder seems like
overkill.

Still not understanding this behavior. How are users supposed to protect
themselves against this behavior? How am I going to know which files I
have
to protect against Vista's restore behavior?

Well, Jewels, you can always use a different partition for your data, and
naturally you can always restore any of these files from your backup
drive/tape.

 

[Jill Zoeller [MSFT]]

I showed your email to one of our developers and asked him to respond. I'll
paraphrase his response below and I hope to add it to our blog as well. You
ask very good questions, but like you might guess, there is a good reason
why System Restore works the way it does.

The job of System Restore is to bring the system state (registry, WMI, COM+
etc) and _all_ executables back to exactly the state at the time of the
restore point. Programs and drivers (including spyware) can be "installed"
just about anywhere, including your own personal folders. However, we have
no way of knowing whether an executable was installed, simply downloaded, or
there for some other reason. When you run System Restore, we restore all
"interesting" files on all protected volumes. On Vista, interesting files
are defined by monitored extensions outside of Windows, and everything under
Windows.
Here is the list of monitored extensions for XP:
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/sr/sr/monitored_file_extensions.asp,
for Vista we added couple new extensions, but basically it is the same since
Millennium.

System Restore is big hammer, but this is what most of the people would
like. It's designed to help out situations like "My system used to work
yesterday, my cousin installed something from a web site and now everything
is broken. Please make it exactly as it was yesterday."

If you are more interested in selective removals of executables, you can try
uninstalling the application. If you still want to use use System Restore
but keep some executables, you can go to the previous version of the parent
folder on the undo snapshot and copy back the file in question.

By the way, exactly the opposite artifact exists as well: if there was a
download captured on the restore point, which later turned to be garbage and
deleted by the user, when we restore to that specific restore point, we are
going to resurrect the unnecessary file. because we have no way of knowing
the fact it is unnecessary.






--
This posting is provided "AS IS" with no warranties, and confers no rights.

Want to learn more about Windows Server file and storage technologies? Visit
our team blog at http://blogs.technet.com/filecab/default.aspx.

 

[Guest]

I typed up a post last night after reading your post Jill but like some
posts, it disappeared. I just wanted to thank you for following up on my
questions. I'm always looking to learn a thing or two and your additionally
links are very helpful.

And Mark, I missed a word in the post you responded to.
When I went to get them from the ext. hd, I couldn't "find" many of the
files.

I did save some files and folders to an external drive when I first loaded
Vista. They were on an XP drive that wouldn't boot or repair and I was
attempting to save them by copying them to the external drive. When I look
at the drive now, not all the files that were in the folder are there. So
I'm not sure about copying to an external drive at this point unless I can
find out where my files are.