G
Guest
Why Windows Defender make many Restore Points in day ?
& How can i stop that ?
& How can i stop that ?
G
Guest
Hello Mohamed,
No body can explain it in this newsgroups. Maybe is a secrete weapon in
developing ;-)
No body can explain it in this newsgroups. Maybe is a secrete weapon in
developing ;-)
N
NewScience
I take it nobody has read my solution:
Try adding the following value to registry under:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Scan
DisableRestorePoint REG_DWORD 1
Try adding the following value to registry under:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Scan
DisableRestorePoint REG_DWORD 1
G
Guest
When you do a maintence (each day , weekly, or whenever) run:
My computer, select your drive, right click Properties, Disk-Cleanup, run,
More Options, check delete old restore points (one recent checkpoint
remªins).
I hope this post is helpful, let us know how it works ºut.
Еиçеl
My computer, select your drive, right click Properties, Disk-Cleanup, run,
More Options, check delete old restore points (one recent checkpoint
remªins).
I hope this post is helpful, let us know how it works ºut.
Еиçеl
G
Guest
Engel,
Neither this, nor your previous response could really be called helpful.
Are you okay?
This is not your normal style, I am concerned.
?:-\
Tim
Neither this, nor your previous response could really be called helpful.
Are you okay?
This is not your normal style, I am concerned.
?:-\
Tim
R
robinb
We should not have to change anything to stop it.
Microsoft should figure this out and fix this problem before they come out
with the final.
robin
Microsoft should figure this out and fix this problem before they come out
with the final.
robin
N
NewScience
Then turn the option off.
robinb said:
G
Guest
Mohamed said:
If, like me, you don't feel competent to edit the registry, there are still
things you can try. The cause of the defender checkpoints seems to vary from
system to system, so you may have to experiment with the following.
1. Check in History and see if there is any particular program that is
causing Defender to object. (In my case it was an AOL driver - and Defender
created a checkpoint every time AOL started up.) Take a look in System
Restore and see if the times of the Defender checkpoints coincide with those
Defender history reports. If you find such a program, you can tell Defender
not to scan it, as follows. Go to Tools/options, and scroll down to 'Advanced
options'. Enter the full path of the program file into the box labelled 'Do
not scan these files or locations'.
2. While you're in that options section, scroll up a few lines and tick the
two boxes labelled 'Choose if Windows Defender should notify you about' ....
'software that has not yet been classified for risks', and 'changes made to
your computer by software that is allowed to run'. You may now find you get a
few notification bubbles popping up that you didn't get before, but you'll
almost certainly get a lot fewer recorded events in the history log and,
probably, a lot fewer Defender checkpoints in system restore.
Hope this helps.
G
Guest
Mohamed said:
Like others, I am uneasy about changing the registry.
I unchecked Windows Defender from the Start Menu. I'm not sure what that
does at this point, but I haven't had new ones for the past couple hours.
Wyel
G
Guest
Newscience,
You are kind of off in this thread:
1. "I take it nobody has read my solution: ..."
It was Not your solution, and is a little more difficult than you state,
if you had read BillS very good explation of the steps involved you would
know that.
2. Even given step by step instructions some people don't want to play with
the registry.
3. Do you even know what "option" it is that your turning off? (It's not
really an option by the way. It is a default setting buried in the registry
that we were not even supposed to know about till someone from MS told us).
Is this setting telling Defender to stop making restore points at the "drop
of a hat", which we want, or is it telling Defender to stop making restore
points under any circumstances, which is a bad thing. It was the intent of
the programers to have Defender make restore points at times of important
changes. This was a good idea. It's just not doing it the way they intended
and should be fixed.
The first question was WHY does defender do this ...
The answer is It's Buggy
?:-\
Tim
Geek w/o Portfolil
You are kind of off in this thread:
1. "I take it nobody has read my solution: ..."
It was Not your solution, and is a little more difficult than you state,
if you had read BillS very good explation of the steps involved you would
know that.
2. Even given step by step instructions some people don't want to play with
the registry.
3. Do you even know what "option" it is that your turning off? (It's not
really an option by the way. It is a default setting buried in the registry
that we were not even supposed to know about till someone from MS told us).
Is this setting telling Defender to stop making restore points at the "drop
of a hat", which we want, or is it telling Defender to stop making restore
points under any circumstances, which is a bad thing. It was the intent of
the programers to have Defender make restore points at times of important
changes. This was a good idea. It's just not doing it the way they intended
and should be fixed.
The first question was WHY does defender do this ...
The answer is It's Buggy
?:-\
Tim
Geek w/o Portfolil
N
NewScience
So I guess you aren't going to address the original poster's question on how
to Stop this!
And how do each of us know what level each poster is at ... the poster did
not state.
And after working with MS Windows systems as a developer/designer for over
25 years, yes I know what the modification does and have tested it on the 20
systems I maintain ... which has cutdown the number of restore points in our
LAN.
to Stop this!
And how do each of us know what level each poster is at ... the poster did
not state.
And after working with MS Windows systems as a developer/designer for over
25 years, yes I know what the modification does and have tested it on the 20
systems I maintain ... which has cutdown the number of restore points in our
LAN.
K
Kayman
Hello.
This application is still in BETA stage which means that it is not finished
yet and does include (major) bugs. Moreover, most experts participating in
'virus oriented' newsgroups agree that Microsoft's AV products have the
lowest detection rate in the industry.
---
You shouldn't install a BETA where you have to *depend* on it. Wait for it
to be released to the public as "real" software; it'll have a lot
fewer bugs, and hopefully none of them will be catastrophic.
In general, if you don't have a good reason to upgrade, you
should not upgrade, anyway. Being "first on the block" is also
"first to discover the bugs", the hard way. If you're not
computer savvy, wait until about 6 months after it's released, if
you really think you need it. If you don't know that you need
it, don't do it.
This application is still in BETA stage which means that it is not finished
yet and does include (major) bugs. Moreover, most experts participating in
'virus oriented' newsgroups agree that Microsoft's AV products have the
lowest detection rate in the industry.
---
You shouldn't install a BETA where you have to *depend* on it. Wait for it
to be released to the public as "real" software; it'll have a lot
fewer bugs, and hopefully none of them will be catastrophic.
In general, if you don't have a good reason to upgrade, you
should not upgrade, anyway. Being "first on the block" is also
"first to discover the bugs", the hard way. If you're not
computer savvy, wait until about 6 months after it's released, if
you really think you need it. If you don't know that you need
it, don't do it.
G
Guest
Very Well, The following was posted by Bill Sanderson"
I know of no change to this issue. However, we do have a set of registry
editing instructions to create a new key which will modify this behavior--so
if doing that is acceptable to you I'll post that (once I find it!) ......
------------------------------------------------------------------------------
Steve Dodson has posted a workaround to eliminate the behavior, and I
have taken the liberty of expanding on his somewhat terse treatment:
-------------------------------------------------------------------------
It is possible to stop this activity, but it takes some care and registry
editing.
Important: This message contains information about how to modify the
registry. Make sure to back up the registry before you modify it. Make
sure that you know how to restore the registry if a problem occurs. For
more
information about how to back up, restore, and modify the registry, click
the following article number to view the article in the Microsoft
Knowledge Base:
256986 (http://support.microsoft.com/kb/256986/) Description of the
Microsoft Windows registry
Start, run, Regedit <enter>
Navigate to:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Scan
Right click that folder in the left tree view, and choose "Permissions"
With your username highlighted, click Full Control in the Allow column,
and "Apply"
With the Scan folder highlighted choose:
Edit, New, DWORD value, and type in "DisableRestorePoint"
and hit enter.
Double-click DisableRestorePoint in the right column, and set the Value
to 1, hexadecimal.
Right-click Scan in the left tree view, and choose "Permissions"
With your username highlighted, Uncheck "Full Control" in the Allow
column, and "Apply"
Close the registry editor by hitting the X in the upper right corner, or
File, Exit.
I know of no change to this issue. However, we do have a set of registry
editing instructions to create a new key which will modify this behavior--so
if doing that is acceptable to you I'll post that (once I find it!) ......
------------------------------------------------------------------------------
Steve Dodson has posted a workaround to eliminate the behavior, and I
have taken the liberty of expanding on his somewhat terse treatment:
-------------------------------------------------------------------------
It is possible to stop this activity, but it takes some care and registry
editing.
Important: This message contains information about how to modify the
registry. Make sure to back up the registry before you modify it. Make
sure that you know how to restore the registry if a problem occurs. For
more
information about how to back up, restore, and modify the registry, click
the following article number to view the article in the Microsoft
Knowledge Base:
256986 (http://support.microsoft.com/kb/256986/) Description of the
Microsoft Windows registry
Start, run, Regedit <enter>
Navigate to:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Scan
Right click that folder in the left tree view, and choose "Permissions"
With your username highlighted, click Full Control in the Allow column,
and "Apply"
With the Scan folder highlighted choose:
Edit, New, DWORD value, and type in "DisableRestorePoint"
and hit enter.
Double-click DisableRestorePoint in the right column, and set the Value
to 1, hexadecimal.
Right-click Scan in the left tree view, and choose "Permissions"
With your username highlighted, Uncheck "Full Control" in the Allow
column, and "Apply"
Close the registry editor by hitting the X in the upper right corner, or
File, Exit.
G
Guest
Mohamed said:
The following was posted by Bill Sanderson ...
I know of no change to this issue. However, we do have a set of registry
editing instructions to create a new key which will modify this behavior--so
if doing that is acceptable to you I'll post that (once I find it!) ......
------------------------------------------------------------------------------
Steve Dodson has posted a workaround to eliminate the behavior, and I
have taken the liberty of expanding on his somewhat terse treatment:
-------------------------------------------------------------------------
It is possible to stop this activity, but it takes some care and registry
editing.
Important: This message contains information about how to modify the
registry. Make sure to back up the registry before you modify it. Make
sure that you know how to restore the registry if a problem occurs. For
more
information about how to back up, restore, and modify the registry, click
the following article number to view the article in the Microsoft
Knowledge Base:
256986 (http://support.microsoft.com/kb/256986/) Description of the
Microsoft Windows registry
Start, run, Regedit <enter>
Navigate to:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Scan
Right click that folder in the left tree view, and choose "Permissions"
With your username highlighted, click Full Control in the Allow column,
and "Apply"
With the Scan folder highlighted choose:
Edit, New, DWORD value, and type in "DisableRestorePoint"
and hit enter.
Double-click DisableRestorePoint in the right column, and set the Value
to 1, hexadecimal.
Right-click Scan in the left tree view, and choose "Permissions"
With your username highlighted, Uncheck "Full Control" in the Allow
column, and "Apply"
Close the registry editor by hitting the X in the upper right corner, or
File, Exit.
G
Guest
NewScience said:
Well y'know, I'm feeling kind of invisible here! If you take a look at my
earlier post in this thread, you'll see that I offered Mr Mohamed a number of
simple things to try which may very well reduce, if not eliminate, the
problem - without editing the registry.
I take no credit for the methods, having learned all the tricks from others
- but it patched up my own restore point problem and may well resolve his.
Maybe he'll come back and tell us?
G
Guest
Optimism people build airplanes.
Pessimism people build parachutes.
Pessimism people build parachutes.
G
Guest
As there are several directions this thread has taken, I've chosen Alan's
since it's the most open to alternatives.
Bill, others and I have attempted to explain this situation several times,
though it's difficult without an exact specification from Microsoft as to the
potential purposes behind all such checkpoint creation. I'm only going to
touch on the high points and include some additional information gleaned from
other locations.
The primary fact is that these additional checkpoints created by Defender
are there for the same reason as application installation checkpoints, to
allow the backout of all OS critical actions (Registry, Files) taken when
Defender detects and/or performs an action, whether the item is known bad or
'not yet classified'.
There's been much discussion whether some of these checkpoints are
appropriate, since some of these checkpoints occur when a Real-time module
detects an unknown (not yet classified) device driver or application at
system startup. Since I don't know [all] the specific decisions originally
and recently made in this area, I won't attempt to resolve that here. Suffice
it to say that this is the primary area of contention and also workaround
discussed by most here who have this issue.
Since the Defender standalone GUI hasn't been upgraded since April, the most
recent version available is contained in the Vista RC releases. This version
includes a checkbox Advanced option to 'Create a restore point before
applying actions to detected items', which modifies the exact same registry
entry mentioned elsewhere in this thread. Thus, the ability to completely
disable Defender created checkpoints is an option in later versions.
Until the final version for XP is released we won't know exactly how similar
it will be to that in Vista, but I'd be surprised if there were much
difference. There is also a major drive by Microsoft to require developers to
digitally sign their code for identity purposes, both for malware protection
and operating system stability reasons. I've seen this in all of their
antimalware products and Vista specifically, so it's not a small undertaking.
My conclusion from all of this is that Microsoft is unlikely to ease the
situation with unsigned code receiving a 'pass' on any current OS. This
implies to me that these drivers and applications will continue to be flagged
by Microsoft with the decision of what to do being left to the owner of each
PC. Many will simply 'buy' their way out as they have in the past, purchasing
a new PC with all current software. Those not in this position will need to
either return to the vendors where they purchased their systems for updates
or decide to perform one of the 'workarounds' already discussed here and
elsewhere.
Whether you like it or not Microsoft is forcing vendors, through their
customers in some cases, to clean up their acts. This is already causing them
trouble in the 'Security' realm and the release of Vista, but they've
realized it's necessary for their future and have obviously committed to
what's required to make it happen.
Personally, I'm happy to see this progressive direction by an organization
that's been languishing in the results of previous half steps. It truly shows
a commitment to their Trustworthy Computing initiative and the guts to back
it up. I'm fully behind this move even if it requires me to make some tough
decisions with my own PC and those of my family. It will only help to provide
us all with better safer computing in the long run.
Bitman
since it's the most open to alternatives.
Bill, others and I have attempted to explain this situation several times,
though it's difficult without an exact specification from Microsoft as to the
potential purposes behind all such checkpoint creation. I'm only going to
touch on the high points and include some additional information gleaned from
other locations.
The primary fact is that these additional checkpoints created by Defender
are there for the same reason as application installation checkpoints, to
allow the backout of all OS critical actions (Registry, Files) taken when
Defender detects and/or performs an action, whether the item is known bad or
'not yet classified'.
There's been much discussion whether some of these checkpoints are
appropriate, since some of these checkpoints occur when a Real-time module
detects an unknown (not yet classified) device driver or application at
system startup. Since I don't know [all] the specific decisions originally
and recently made in this area, I won't attempt to resolve that here. Suffice
it to say that this is the primary area of contention and also workaround
discussed by most here who have this issue.
Since the Defender standalone GUI hasn't been upgraded since April, the most
recent version available is contained in the Vista RC releases. This version
includes a checkbox Advanced option to 'Create a restore point before
applying actions to detected items', which modifies the exact same registry
entry mentioned elsewhere in this thread. Thus, the ability to completely
disable Defender created checkpoints is an option in later versions.
Until the final version for XP is released we won't know exactly how similar
it will be to that in Vista, but I'd be surprised if there were much
difference. There is also a major drive by Microsoft to require developers to
digitally sign their code for identity purposes, both for malware protection
and operating system stability reasons. I've seen this in all of their
antimalware products and Vista specifically, so it's not a small undertaking.
My conclusion from all of this is that Microsoft is unlikely to ease the
situation with unsigned code receiving a 'pass' on any current OS. This
implies to me that these drivers and applications will continue to be flagged
by Microsoft with the decision of what to do being left to the owner of each
PC. Many will simply 'buy' their way out as they have in the past, purchasing
a new PC with all current software. Those not in this position will need to
either return to the vendors where they purchased their systems for updates
or decide to perform one of the 'workarounds' already discussed here and
elsewhere.
Whether you like it or not Microsoft is forcing vendors, through their
customers in some cases, to clean up their acts. This is already causing them
trouble in the 'Security' realm and the release of Vista, but they've
realized it's necessary for their future and have obviously committed to
what's required to make it happen.
Personally, I'm happy to see this progressive direction by an organization
that's been languishing in the results of previous half steps. It truly shows
a commitment to their Trustworthy Computing initiative and the guts to back
it up. I'm fully behind this move even if it requires me to make some tough
decisions with my own PC and those of my family. It will only help to provide
us all with better safer computing in the long run.
Bitman
G
Guest
Okaay ???
Engel said:
J
JRosenfeld
Kayman said:
Whilst I agree that Superantispyware is very good (I use it myself), it is
not quite correct to say that the free version can replace Windows Defender.
The free version is an on demand scanner only, without active monitoring,
which Windows Defender does have. To get active monitoring with
Superantispyware you need to buy the Pro version.
K
Kayman
This is correct; didn't mean to be misleading. Just wanted to emphasise that
WD's 'catch rate' is considered poor and installing 'Beta' ware requires
somebody who is computer savvy.
I should've add:
SpywareBlaster - FREE
http://www.javacoolsoftware.com/spywareblaster.html
and
SpywareGuard - FREE
http://www.javacoolsoftware.com/spywareguard.html
WD's 'catch rate' is considered poor and installing 'Beta' ware requires
somebody who is computer savvy.
I should've add:
SpywareBlaster - FREE
http://www.javacoolsoftware.com/spywareblaster.html
and
SpywareGuard - FREE
http://www.javacoolsoftware.com/spywareguard.html