System Restore Keeping Only One Restore Point
Danno
I have the system restore turned on. The space I've allowed for storage is
3% or 1075 MB.
But System Restore is only keeping one restore point. When it creates
another automatically, it deletes the previous restore point, so
basically, it's of no value right now. If I create a restore point
manually, the previous restore point is kept.... at least right now I have
two restore points from today, because I just created one. But when SR
creates a new restore point automatically, all previous SR points will be
deleted.
I've turned off System Restore, re-booted... then turned on System Restore
and re-booted again. But it's still the same.
I'd sure appreciate any tips on this issue.
Thanks in advance,
Danno
Daave
news:YzfZj.286412$pM4.19776@pd7urf1no...
How much free space is on your drive? Assuming it's at least 30%, how
about increasing your SR storage size to 10% to see what happens? BTW,
turning off System Restore will delete restore points!
Danno
knew that turning off SR would delete all but the last restore point, but
since I only had one restore point.... nothing to lose. I'll try it by
increasing the amount of space available once more, but I doubt that will
work because even when I'd allocated 12% space (default) rather than 3%
(which should be plenty), the same thing was happening.
Danno
"Daave" <dcwash...@myrealboxXYZ.invalid> wrote in message
news:OIDtkCCv...@TK2MSFTNGP03.phx.gbl...
Gerry
Your original disk space setting for System Restore was OK and unlikely
to be the cause of the problem. Turning off System Restore removes all
restore points. Using the System Restore option on the More Options tab
of Disk CleanUp removes all except the latest restore point.
What are your anti-virus and anti-spyware arrangements? Also what
firewall are you using? These can interfere with System Restore.
http://bertk.mvps.org/html/srauto.html
http://bertk.mvps.org/html/healthy.html
--
Hope this helps.
Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~
Danno
When I use Disk CleanUp, (which is seldom because I use CCleaner instead), I
don't click the option to "remove all but the last restore point".
I have ZoneAlarm as the anti-spyware and anti-virus software, as well as
ZoneAlarm's firewall.
I also have AVG installed, but I don't let it run while ZoneAlarm is active.
I only fire up AVG once in a while but I disable ZoneAlarm before I do that.
I also have Spybot and AdAware, but they don't run in the background as far
as I can tell. I only start them up once in a while as well.
I also have jv16powertools, but I only use that on its safest mode to clean
the registry once in a while.
Danno
"Gerry" <ge...@nospam.com> wrote in message
news:%23vy970E...@TK2MSFTNGP06.phx.gbl...
Gerry
What version of Zone Alarm do you have? There were problems with version
6.5.
What drives do you have System Restore set to monitor? Do you have an
external or removable drive?
You cannot cCleaner to remove unwanted restore points. In other ways
cCleaner does a more thorough job than Disk CleanUp.
Danno
The version of ZoneAlarm is 7.0.743.000
SR only monitors my internal C: drive. I didn't know it could monitor any
other drive! I a new external DVD burner which is run by Nero. Is that
what you were asking?
I've only used cCleaner to clean up my disc because it seems pretty thorough
as you mentioned, but I never had any intentions of using it, nor any other
method... to delete restore points. I didn't mind a dozen or more restore
points in the past. It's just that now, when the computer is creating a new
restore point and deletes the previous one(s). As of this moment, there are
3 restore points because I created 2 new ones today. I wanted to test if
the system will delete those as well, when it sets a new restore point
(probably sometime in the wee hours of tonight).
Thanks again for your interest.
Danno
"Gerry" <ge...@nospam.com> wrote in message
news:Oh476bGv...@TK2MSFTNGP04.phx.gbl...
Danno
Yesterday there was one restore point which had been created automatically
by the system. That was the only restore point available. So I created two
new restore points throughout the day, to see if the SR would delete all but
the last restore point once again. Today, I updated a driver and at that
point in time, SR created a restore point, and when it did that.... it
deleted the last restore point which had been created automatically, and
deleted one of my two test restore points. The net result today is that
there are two restore points only.... one of my own points and an automatic
restore point created when I updated the driver.
I'd sure appreciate any other suggestions or input.
Thanks again...
Danno
"Gerry" <ge...@nospam.com> wrote in message
news:Oh476bGv...@TK2MSFTNGP04.phx.gbl...
Unknown
program after being told not to download anything.
My approach to this is to clean out the startup folder. (start--
run --msconfig---and remove all checks in start up.
Let the system load only Microsoft programs such as OE IE etc. Then add one
or two programs back till you find the offending program.
The offending program (in my case) was doing this to prevent uninstalling
it.
My granddaughter will never use my system again.news:mzFZj.159589$rd2.7501@pd7urf3no...
Daave
news:vTFZj.2303$Q57....@nlpi065.nbdc.sbc.com...
> This happened to me once because a granddaughter downloaded and
> installed a program after being told not to download anything.
> My approach to this is to clean out the startup folder. (start--
> run --msconfig---and remove all checks in start up.
> Let the system load only Microsoft programs such as OE IE etc. Then
> add one or two programs back till you find the offending program.
> The offending program (in my case) was doing this to prevent
> uninstalling it.
What was the name of the program?
Gerry
You should not be using a registry cleaner. I would dump jv16powertools.
ZoneAlarm 7.0.743.000 is the Freeware Firewall. What version is your
anti-spyware?
Danno
version I got when I paid good money for it (about 6 weeks ago). The entire
list of versions that came with ZA's suite are as follows:
ZoneAlarm Security Suite version:7.0.473.000
TrueVector version:7.0.473.000
Driver version:7.0.473.000
Anti-virus engine version:3
Anti-virus SDK version:5.0.1.85
Anti-virus signature DAT file version:951551049
Anti-spyware engine version:5.0.189.0
Anti-spyware signature DAT file version:01.200805.3945
AntiSpam version:5.0.6.8903
Maybe I should disable ZoneAlarm altogether for 3 or 4 days, and use the
built in Windows firewall... just to test if ZA is involved in any way with
my dilemma.
p.s.: when you get time, get your butt over here to western Canada for a
visit :-)
"Gerry" <ge...@nospam.com> wrote in message
news:%23wezKaS...@TK2MSFTNGP02.phx.gbl...
Kayman
<snip for brevity>
>
> Maybe I should disable ZoneAlarm altogether for 3 or 4 days, and use the
> built in Windows firewall... just to test if ZA is involved in any way with
> my dilemma.
>
Very, very sensible approach; IMO, ZA is not worth having.
I'd uninstall the entire ZA suite for good and ask for a refund.
If uninstalling via the Add/Remove program does not work satisfactory then
go to:
http://zonealarm.donhoover.net/uninstall.html
Revo Uninstaller
http://www.revouninstaller.com/
can also be of assistance
Consider the following:
For the average homeuser, the Windows Firewall in XP does a fantastic job
at its core mission and is really all you need if you have an 'real-time'
anti-virus program, [another firewall on your router or] other edge
protection like SeconfigXP and practise safe-hex.
The windows firewall deals with inbound protection and therefore does not
give you a false sense of security. Best of all, it doesn't implement lots
of nonsense like pretending that outbound traffic needs to be monitored.
Activate and utilize the Win XP built-in Firewall; Uncheck *all* Programs
and Services under the Exception tab.
Read through:
Understanding Windows Firewall.
http://www.microsoft.com/windowsxp/using/security/internet/sp2_wfintro.mspx
Using Windows Firewall.
http://www.microsoft.com/windowsxp/using/networking/security/winfirewall.mspx
Exploring the windows Firewall.
http://www.microsoft.com/technet/technetmag/issues/2007/06/VistaFirewall/default.aspx
"Outbound protection is security theater—it’s a gimmick that only gives the
impression of improving your security without doing anything that actually
does improve your security."
In conjunction with WinXP Firewall use:
Seconfig XP 1.0
http://seconfig.sytes.net/
(http://www.softpedia.com/progDownload/Seconfig-XP-Download-39707.html)
Seconfig XP is able configure Windows not to use TCP/IP as transport
protocol for NetBIOS, SMB and RPC, thus leaving TCP/UDP ports 135, 137-139
and 445 (the most exploited Windows networking weak point) closed.)
Real-time AV applications - for viral malware.
Do not utilize more than one (1) real-time anti-virus scanning engine!
Disable the e-mail scanning function during installation (Custom
Installation on some AV apps.) as it provides no additional protection.
Avira AntiVir® Personal - FREE Antivirus
http://www.free-av.com/
You may wish to consider removing the 'AntiVir Nagscreen'
http://www.elitekiller.com/files/disable_antivir_nag.htm
or
Free antivirus - avast! 4 Home Edition
It includes ANTI-SPYWARE protection, certified by the West Coast Labs
Checkmark process, and ANTI-ROOTKIT DETECTION based on the best-in class
GMER technology.
http://www.avast.com/eng/avast_4_home.html
(Choose Custom Installation and under Resident
Protection, uncheck: Internet Mail and Outlook/Exchange.)
or
AVG Anti-Virus Free Edition
http://free.grisoft.com/
(Choose custom install and untick the email scanner plugin.)
Why You Don't Need Your Anti-Virus Program to Scan Your E-Mail
http://thundercloud.net/infoave/tutorials/email-scanning/index.htm
On-demand AV applications.
(add them to your arsenal and use them as a "second opinion" av scanner).
David H. Lipman's MULTI_AV Tool
http://www.pctipp.ch/ds/28400/28470/Multi_AV.exe
http://www.pctipp.ch/downloads/dl/35905.asp
English:
http://www.raymond.cc/blog/archives/2008/01/09/scan-your-computer-with-multiple-anti-virus-for-free/
Additional Instructions:
http://pcdid.com/Multi_AV.htm
and/or
BitDefender10 Free Edition
http://www.bitdefender.com/PRODUCT-14-en--BitDefender-8-Free-Edition.html
A-S applications - for non-viral malware.
The effectiveness of an individual A-S scanners can be wide-ranging and
oftentimes a collection of scanners is best. There isn't one software that
cleans and immunizes you against everything. That's why you need multiple
products to do the job i.e. overlap their coverage - one may catch what
another may miss, (grab'em all).
SuperAntispyware - Free
http://www.superantispyware.com/superantispywarefreevspro.html
and
Ad-Aware 2007 - Free
http://www.lavasoftusa.com/products/ad_aware_free.php
http://www.download.com/3000-2144-10045910.html
and
Spybot Search & Destroy - Free
http://www.safer-networking.org/en/download/index.html
and
Windows Defender - Free
http://www.microsoft.com/athome/security/spyware/software/default.mspx
WD monitors the start-registry and hooks registers/files to prevent spyware
and worms to install to the OS.
Interesting reading:
http://www.pcworld.com/article/id,136195/article.html
"...Windows Defender did excel in behavior-based protection, which detects
changes to key areas of the system without having to know anything about
the actual threat."
This may solve your original problem:
System Restore for Windows XP
http://www.kellys-korner-xp.com/xp_restore.htm
And routinely practice Safe-Hex.
http://www.claymania.com/safe-hex.html
Hundreds Click on 'Click Here to Get Infected' Ad
http://www.eweek.com/article2/0,1895,2132447,00.asp
Good luck :)
Vincent
> http://www.microsoft.com/technet/technetmag/issues/2007/06/VistaFirewall/default.aspx
> "Outbound protection is security theater—it’s a gimmick that only gives the
> impression of improving your security without doing anything that actually
> does improve your security."
Tripe written by an ex-Microsoft puppet who was in charge of security
when the Microsoft firewall was designed. Of course he wouldn't admit
that his brain child lacked useful features so in true Microsoft fashion
he insisted that he was right and that he knew what was best for the
customers, but that isn't new at Microsoft where it's corporate culture
to tell the customers to shut up because Microsoft knows what is best
for everybody. Of course, the chief of security in charge of designing
the firewall that lacked features wanted by the customers had to educate
the customers by telling them that they were dumb to ask for outbound
filtering and the way to prove his point was to embark on a mission to
discredit all firewalls except his beloved creation. To paraphrase one
MVP: "In its firewall Microsoft designed a shirt with no sleeves and
when the customers told Microsoft they wanted sleeves Microsoft embarked
on a mission to convince customers they didn't want or need sleeves."
Meanwhile, customers who knew that egress filtering was not necessarily
meant to strictly or only be a security measure against malware were
left a bit bemused by this new mantra at Microsoft. Customers who
understood the importance of data protection and who understood the
benefits of controlling which applications should be permitted to send
traffic outside the network were told not to concern themselves with the
security of their data, Microsoft had it all under control, there was no
need at all to know which applications were sending data outside the
network and there was even less need to stop any applications from
sending data outside the network. Of course this suited Microsoft the
most, without anyone knowing what was going on Microsoft could ensure
that they could have more of their brain children like WGA, Media
Player, DRM and what not spy on the customers and send data to outside
entities without anyone knowing what was going on, or at least without
anyone without egress detection knowing what was going on.
Although egress filtering should be applied at the perimeter of the
network by way of routers and firewall appliances, detection and
filtering applications at a software (personal) firewall can nonetheless
be a very useful tool and a very useful part of your network or computer
security. Those who know better and who know the place and importance
of egress detection and egress filtering take appropriate measures to
protect their data and their networks, the others, knowingly or not,
listen to and propagate tripe from Microsoft and its puppets. No
network administrator worth his salt would neglect the security risks
posed by egress traffic, SOHO and home computer users would be well
advised to do the same.
Egress Filtering FAQ
http://www.sans.org/reading_room/whitepapers/firewalls/1059.php
Firewall Best Practices - Egress Traffic Filtering
http://hhi.corecom.com/egresstrafficfiltering.htm
Vincent
Danno
Of all the links and suggestions you offered, one of them might be
surprisingly helpful. Not surprising that Kelly's Korner was helpful, but a
surprise to me at the result.
On Kelly's Korner, I found the category discussing missing SR points,
specifically this:
- Check the event logs to investigate System Restore service errors:
1. Click Start, click Control Panel, and then click "Performance and
Maintenance".
2. Click Administrative Tools, click Computer Management, double-click Event
Viewer, and then click System.
3. Click the Source tab to sort by name, and then look for "sr" or
"srservice." Double-click each of these services, and then evaluate the
event description for any indication of the cause of the problem.
I followed the advice and lo and behold, there were descriptions of events
that happened with SR. None of the events actually showed up as "errors",
but none-the-less they described that SR was "suspending" and then
"resuming" due to lack of space allocated and then more space being
re-allocated. I was convinced that 3% or 1076MB would be plenty of space,
but apparently not. If I'm not mistaken though, even when I accidentally
had 12% allocated, SR was still only allowing one restore point.
So I've now allocated 10% of disc space or 3700MB to see what happens. That
is an outrageously huge amount of space to allow, but I have to do it for
now.
I'll let you know. Thanks again!
Danno
"Kayman" <kaymanDe...@operamail.com> wrote in message
news:u7r5QCXv...@TK2MSFTNGP04.phx.gbl...
> "Outbound protection is security theater-it's a gimmick that only gives
Gerry
How many restore points are you keeping? How large are individual
restore points? You should not need an allocation so large!
Can you please post a copy of the Event Viewer Information Report you
refer to.
A tip for posting copies of Error Reports! Run Event Viewer and double
click on the error you want to copy. In the window, which appears is a
button resembling two pages. Click the button and close Event
Viewer.Now start your message (email) and do a paste into the body of
the message. Make sure this is the first paste after exiting from
Event Viewer.
--
Hope this helps.
Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~
Danno
It's not really a matter of "how many restore points I'm keeping". It's
more a case of my trying to keep more than just ONE restore point. At this
moment, there are 4 restore points from yesterday, and that's it. None of
those were created automatically by the system. As I mentioned, the event
viewer is not actually cataloging any " errors" about system restore, but
here are two examples of reports (not tagged as an "error") that are
addressing what I'm experiencing:
Event Type: Information
Event Source: SRService
Event Category: None
Event ID: 107
Date: 5/22/2008
Time: 3:37:36 AM
User: N/A
Computer: DANS-COMPUTER
Description:
The System Restore service has been suspended because there is not enough
disk space available on the drive
\\?\Volume{95e0434a-0fff-11dd-8ae4-806d6172696f}\. System Restore will
automatically resume service once at least 200 MB of free disk space is
available on the system drive.
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Event Type: Information
Event Source: SRService
Event Category: None
Event ID: 108
Date: 5/22/2008
Time: 4:41:13 AM
User: N/A
Computer: DANS-COMPUTER
Description:
The System Restore service has resumed monitoring due to space freed on the
system drive.
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
For now, I've disabled ZoneAlarm and have increased the allocated disc space
for SR to the maximum. As I mentioned before, I would have hoped that 3% or
1075 MB would have been plenty of space, but apparently not. Anyway, if the
problem is corrected, I'd think I've probably narrowed it down to those two
suspects. I'll consider the problem corrected if, two weeks from now, I can
still see an available restore point that was recorded yesterday.
At your suggestion, I found the folders that hold the 4 volumes of SR
points. Apparently they are the following sizes: 627Mb, 52MB, 52Mb and
567Mb. My lord, two of those are way too big. What could be the reason for
that? That would explain why 1075Mb isn't enough space to store very many
SR points... if they're going to be that huge.
Thanks again for your interest.
Dan
"Gerry" <ge...@nospam.com> wrote in message
news:OihJBNc...@TK2MSFTNGP04.phx.gbl...
Bill in Co.
just as you said. Why not clear them all out (by temporarily turning off
System Restore), and then turn System Resore back on again (and create a
good one) to start afresh?
And 3% should be adequate space, and would be, with good restore points
(which are normally like 60 MB each - NOT 600+ MB).
Danno
Yeah, those two huge SR files are ginormous. I'm really interested in two
things here:
First, what in hell would cause SR to store files that big?
Secondly, since I've found those files, would I be asking for trouble to
delete them manually? My guess is yes, so obviously I wouldn't do that
(even if I got the green light from experts. I'd just get rid of them using
SR itself). It's more a case of just wanting to know if that would be OK,
or would that completely screw up the registry. I wouldn't be tempted to do
it... it's just that I'm on a learning curve here. Those files are hidden
for a reason, and I'm guessing it's to keep monkeys like me from playing
with them.
But ultimately, I'd like to know what's in those files to make them so big.
Dan
"Bill in Co." <not_rea...@earthlink.net> wrote in message
news:utqNOsev...@TK2MSFTNGP05.phx.gbl...
Bill in Co.
> Hi Bill in Co.,
>
> Yeah, those two huge SR files are ginormous. I'm really interested in two
> things here:
>
> First, what in hell would cause SR to store files that big?
Either something bad happened during the creation of those restore points
(like some other task was running, that screwed it up, in process), OR (and
this I think is a long shot - it was that large because of some HUGE amount
of registry and file changes that were made since the previous restore
point, and it needed that amount of disk space (but I really doubt this
possibility). Well, those are the two possible explanations that come to
mind for me, anyways.
> Secondly, since I've found those files, would I be asking for trouble to
> delete them manually? My guess is yes, so obviously I wouldn't do that
> (even if I got the green light from experts. I'd just get rid of them
> using
> SR itself).
Do it that way (not manually). Your hunch is right - let System Restore
remove them properly (like by the way I mentioned previously), and it will
do the necessary housekeeping for System Restore and its bookmarking.
Don't do it manually.
> It's more a case of just wanting to know if that would be OK,
> or would that completely screw up the registry. I wouldn't be tempted to
> do
> it... it's just that I'm on a learning curve here. Those files are hidden
> for a reason, and I'm guessing it's to keep monkeys like me from playing
> with them.
As I said, I would NOT do it manually. Yes, there is a chance it could
work, but I sure wound NOT bank on it! (I think that could and probably
would present problems for using the existing restore points that are left)
> But ultimately, I'd like to know what's in those files to make them so
> big.
Outside of what I mentioned, I don't know. I suppose you could check the
date-time stamps of those two bogus system restore points, and then search
around on your hard drive for any suspicious file or folder activity around
those dates (like the date stamps on files or folders that had changed
somewhere around those dates), to see if something suspicious shows up.
Kind of a long shot, however.
Danno
190 .RDB files, each being 2.84Mb (all the same size).
And in the other huge SR file, I found 212 .RDB files and they were all the
same size, also at 2.84 Mb each.
I've been searching on the net to find out what .RDB files are and to be
quite honest, I'm none the wiser.
Anyway, I assume this wasn't supposed to happen? I wonder if it will happen
again, next time the system automatically creates a restore point. By that
I mean, next time the system creates a restore point automatically and not
as a result of my causing it by downloading something... for example.
Can anybody tell me what an .RDB file is and why System Restore included
them in those two huge restore point files... both on the same day? Just as
an added point of interest, any defrag analysis I do always shows SR as the
most fragmented files on my computer. Is this normal?
In all fairness to ZoneAlarm, I now doubt ZoneAlarm has anything to do with
this.
Dan
"Bill in Co." <not_rea...@earthlink.net> wrote in message
news:u6sehGfv...@TK2MSFTNGP04.phx.gbl...
Kayman
Danno,
Prior flushing the System Restore cache download and execute David Lipman's
Multi-AV as suggested in my previous post.
After you completed the av scans with all 4 scanning tools in safe mode,
reboot, in normal mode flush System Restore cache and reboot again.
Good luck.
Kayman
> Kayman wrote:
>
>> http://www.microsoft.com/technet/technetmag/issues/2007/06/VistaFirewall/default.aspx
>> "Outbound protection is security theater—it’s a gimmick that only gives the
>> impression of improving your security without doing anything that actually
>> does improve your security."
>
<snipped childish over-emotive and misinformed rant>
>
Go to...
http://www.sunbelt-software.com/Home-Home-Office/Sunbelt-Personal-Firewall/
...and follow all the hype created by Sunbelt's *Marketing Department*.
[quote]
Still use the free Windows XP firewall?
Unfortunately, this gives you a false sense of security. It only protects
incoming traffic. But outgoing traffic, with your credit card info, social
security number, bank accounts, passwords and other confidential
information is not protected. The WinXP firewall will let it all go out.
But... SPF will block that data if you buy the FULL version! You absolutely
need a better, commercial-grade firewall.
[/quote]
Then read in...
Windows Personal Firewall Analysis
http://www.matousec.com/projects/windows-personal-firewall-analysis/leak-tests-results.php#firewalls-ratings
...a more realistic view which obviously was drafted by the head of
Sunbelt's *Operations Department*.
Sunbelt Software - the vendor of Sunbelt Kerio Personal Firewall
2007-08-07: Here is the response we have received from this vendor:
[quote]
Sunbelt Software is committed to providing the strongest possible security
products to its customers, and we will be working to correct demonstrable
issues in the Sunbelt Personal Firewall. Users can expect these and other
continuing enhancements for the Sunbelt Personal Firewall in the near
future.
However, we have some reservations about personal firewall "leak testing"
in general. While we appreciate and support the unique value of independent
security testing, we are admittedly skeptical as to just how meaningful
these leak tests really are, especially as they reflect real-world
environments.
The key assumption of "leak testing" -- namely, that it is somehow useful
to measure the outbound protection provided by personal firewalls in cases
where malware has already executed on the test box -- strikes us as a
questionable basis on which to build a security assessment. Today's malware
is so malicious and cleverly designed that it is often safest to regard PCs
as so thoroughly compromised that nothing on the box can be trusted once
the malware executes. In short, "leak testing" starts after the game is
already lost, as the malware has already gotten past the inbound firewall
protection.
Moreover, "leak testing" is predicated on the further assumption that
personal firewalls should warn users about outbound connections even when
the involved code components are not demonstrably malicious or suspicious
(as is the case with the simulator programs used for "leak testing"). In
fact, this kind of program design risks pop-up fatigue in users,
effectively lowering the overall security of the system -- the reason
developers are increasingly shunning this design for security applications.
Finally, leak testing typically relies on simulator programs, the use of
which is widely discredited among respected anti-malware researchers -- and
for good reason. Simulators simply cannot approximate the actual behavior
of real malware in real world conditions. Furthermore, when simulators are
used for anti-malware testing, the testing process is almost unavoidably
tailored to fit the limitations of simulator instead of the complexity of
real world conditions. What gets lost is a sense for how the tested
products actually perform against live, kicking malware that exhibits
behavior too complex to be captured in narrowly designed simulators.
[/quote]
This (realistic) admission couldn't be more refreshing!
This is pretty eye-opening as well:
Firewall LeakTesting.
Excerpts:
Leo Laporte: "So the leaktest is kind of pointless."
Steve Gibson: "Well,yes,...
Leo: "So are you saying that there's no point in doing a leaktest anymore?"
Steve: "Well, it's why I have not taken the trouble to update mine, because
you..."
Leo: "You can't test enough".
Steve: "Well, yeah.
Leo: "Right. Very interesting stuff. I guess that - my sense is, if you
can't test for leaks, a software-based firewall is kind of essentially
worthless."
Read and/or listen to the entire conversation and be "educated" :)
http://www.grc.com/sn/SN-105.htm
Have a wonderful day, Vincent.
Bill in Co.
> I opened those enormous SR restore point files and in one of them I found
> 190 .RDB files, each being 2.84Mb (all the same size).
>
> And in the other huge SR file, I found 212 .RDB files and they were all
> the
> same size, also at 2.84 Mb each.
>
> I've been searching on the net to find out what .RDB files are and to be
> quite honest, I'm none the wiser.
Perhaps just for registry database (RDB) (wild guess)?
What are the extensions on the other (normal) ones? Are they similar?
> Anyway, I assume this wasn't supposed to happen? I wonder if it will
> happen
> again, next time the system automatically creates a restore point. By
> that
> I mean, next time the system creates a restore point automatically and not
> as a result of my causing it by downloading something... for example.
System Restore will normally create a checkpoint if you don't (and don't
install anything to force one), typically in 24 hours, or so. So if you
really want to know, just use your computer as normal, turn if off at night,
turn it back on the next day, use it, off again that night, and see if one
has been created by then.
> Can anybody tell me what an .RDB file is and why System Restore included
> them in those two huge restore point files... both on the same day? Just
> as
> an added point of interest, any defrag analysis I do always shows SR as
> the
> most fragmented files on my computer. Is this normal?
I believe I recall seeing something similar, so I expect that is within the
norm. Keep in mind it's around 60 MB, which uses a significant amount of
clusters and sectors, so it's not all that surprising.
Danno
contain .RDB files. One of those normal
SR points contains a single .RDB file and the other normal SR point contains
3 .RDB files. All 4 of them are the same size at 2.84Mb each.... same size
as the 400 .RDB files in the two enormous folders.
"Bill in Co." <not_rea...@earthlink.net> wrote in message
news:%23uRGYXg...@TK2MSFTNGP04.phx.gbl...
Daave
> Hi Bill in Co.,
>
> Yeah, those two huge SR files are ginormous. I'm really interested in
> two things here:
>
> First, what in hell would cause SR to store files that big?
I believe it happens whenever a new service pack is installed.
Bill in Co.
OR some huge program, possibly like Office, for example.
Actually, in retrospect, perhaps it's not out of fhe question, after
installs of very large programs. So maybe he did that (installed either
a SP or Office, or whatever)
Daave
It's not out of the question whatsoever; I'm sure that's what happened.
However, one thing *does* puzzle me, from the original post:
> I've turned off System Restore, re-booted... then turned on
> System Restore and re-booted again. But it's still the same.
Shouldn't this have taken care of the (presumably older) huge restore
points?
And Danno, regarding your two largest restore points (627 MB and 567
MB), what are their dates? Can you manually move them to another
location (in the event you don't want to delete them right away)?
Danno
yesterday. I have not installed anything large at all in the recent past.
So those huge restore points are not old ones, they are from only yesterday.
I can manually move them I suppose, but do I dare? Do you mean place them
on the desktop for now, or something like that? Do I dare... or should I
just let SR take care of them in due course?
"Daave" <dcwash...@myrealboxXYZ.invalid> wrote in message
news:OBq78Ziv...@TK2MSFTNGP02.phx.gbl...
Daave
> Event Type: Information
> Event Source: SRService
> Event Category: None
> Event ID: 107
> Date: 5/22/2008
> Time: 3:37:36 AM
> User: N/A
> Computer: DANS-COMPUTER
> Description:
> The System Restore service has been suspended because there is not
> enough disk space available on the drive
> \\?\Volume{95e0434a-0fff-11dd-8ae4-806d6172696f}\. System Restore will
> automatically resume service once at least 200 MB of free disk space
> is available on the system drive.
>
> For more information, see Help and Support Center at
> http://go.microsoft.com/fwlink/events.asp.
Something's not adding up!
In another post, you said you had 25 GB of free space on your hard
drive! So why does System Restore think you have less than 1 GB?!
Also, have a look at this page:
http://bertk.mvps.org/html/drivedisable.html
How many available drives do you have? (Look in the System Restore tab
of System Properties.) Gerry asked earlier if there was another drive
you were using SR (inadvertently) on. Let's be clear on that issue!
If nothing else works, perhaps you should reinstall System Restore:
http://bertk.mvps.org/html/reinstall.html
Danno
I do indeed have a 40 gig hard drive (the internal C: drive). That main
internal hard disk has 15 gigs used up leaving 25 gigs of free space. The
only external device I'd call a "drive" is an external DVD Burner which is
recognized as the F: drive. I also have an internal D: drive, which is a
CDROM device (empty most of the time), and an internal E: drive which is a
CD burning device. The only external item is the F:drive, and it basically
does nothing until I utilize it to make a backup of something. I checked
the System Restore tab, and the only drive being monitored by SR is drive C:
When the SRService report came up, I assumed it was complaining that not
enough "allocated space" was available... space "allocated for SR storage".
I don't think it was referring to the overall available space on the hard
drive. Anyway, I'm gonna hit the ole phart sack for tonight, and over the
next few days we'll see if more restore points are created, now that I've
allocated a full 12% of the total disk space to System Restore.
The biggest mystery to me still is.... why are there so many .RDB files
appearing on those two huge SR folders, and what are .RDB files? I assume
that as the space allocated to SR gets filled to the brim, SR will
eventually start dropping off the earliest restore points... eventually
deleting these huge ones. It will be interesting to see if any more of
these gigantic SR folders get created in the next few days. I'll keep you
all informed, and I really appreciate the honest efforts of all of you in
getting to the bottom of this with me.
Have a great night!
Dan
"Daave" <dcwash...@myrealboxXYZ.invalid> wrote in message
news:e67tXmiv...@TK2MSFTNGP03.phx.gbl...
Bill in Co.
> All 4 restore points that I've discussed here are all from the same
> date....
> yesterday. I have not installed anything large at all in the recent past.
> So those huge restore points are not old ones, they are from only
> yesterday.
THAT is really, really, weird!
But at any rate, those large restore points sound quite erroneous, so maybe
it's time to start afresh, ya think? (see below).
> I can manually move them I suppose, but do I dare? Do you mean place them
> on the desktop for now, or something like that? Do I dare... or should I
> just let SR take care of them in due course?
Not in due course, do it now. Use System Restore to turn them off, and
after it finishes, turn it back on again (as I mentioned in an earlier
post). Then you will have CLEAN restore points from that point forward
(unless there is still something else wrong with your system). What do you
have to lose? (You don't need those restore points as it is now, right?
Right).
The only exception I can think of to that might be if the FIRST one (the
earliest time stamp) of those four WAS normal in size, in which case you
could (possibly) consider restoring back to that one, (under the assumption
that something happened to your system after that first restore point (IF it
is a normal size restore point).
But this also sounds like a long shot (for trying to "fix" whatever
happened).
Gerry
Your rdb files relate to Zone Alarm
Specifically the file IAMDB.RDB. It's ZoneAlarm's database of logged
intrusion information. If ZoneAlarm is giving you trouble (or causing
other programs to not work) the file may be corrupt and you should be
able to shut ZoneAlarm down then go to C:\Windows\Internet Logs\ and
delete the IAMDB.RDB and, if it exists, BACKUP.RDB, and then restart
your computer. A non-corrupt version of IAMDB.RDB will be automatically
created.
Source: http://filext.com/file-extension/rdb
You should not manually tinker with any entries in the System Volume
Information folder.
I vaguely remember reading about this problem in the past. I will do
some research and see if I can find what was the solution. It's
obviously not a problem for now given that you have turned Zone Alarm
off.
--
Hope this helps.
Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~
Gerry
Zone Alarm version 6.5 has a bug that creates very large .rdb files
within the system. These .rdb files are monitored by System Restore and
thus end up in the restore points located in the System Volume
Information folder, along with other locations on the system. The best
advise is to revert to an earlier version of Zone Alarm. Then disable
System Restore which will purge all existing restore points, then turn
it back on. For more information on this subject please visit the Zone
Labs User Forum.
Source: http://bertk.mvps.org/html/srfail.html
It would seem Zone Alarm has not rectified the bug in later versions.
--
Hope this helps.
Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~
Kayman
<snip for brevity>
> ...It will be interesting to see if any more of these gigantic
> SR folders get created in the next few days.
You will Danno, you will! You really should be educating yourself about ZA
and other 3rd party (so-called) firewalll applications.
--
Security is a process not a product.
(Bruce Schneier)
Daave
In retrospect, I agree with Gerry that this would not be a good idea. I
suppose you *could* do something like this provided you image your hard
drive first. Then if you bork your system, you could just restore the
image. But first, you should definitely uninstall Zone Alarm to see if
that's the culprit. If you still have the huge points, I would say it's
time to reinstall System Restore. Again, for your reference:
http://bertk.mvps.org/html/reinstall.html
You know, even if you don't manually delete the files (and again, I
agree with Gerry that you shouldn't), you *still* should check into
imaging your hard drive with a program such as Acronis True Image. It's
easiest to save the image to an external hard drive, but CDs/DVDs work,
too.
Danno
"Educating myself" is exactly what I'm doing with this long drawn out,
patient exercise.
If I had a thousand years to live, I still wouldn't have enough time to
"educate myself" about all the things that could go wrong with a computer.
Especially problems caused by software I paid hard earned money for. I
declare my innocence, not my ignorance.
"Kayman" <kaymanDe...@operamail.com> wrote in message
news:un8Tt1jv...@TK2MSFTNGP04.phx.gbl...
Danno
This morning there were no new SR points, although I shouldn't necessarily
expect one. So I've created a new SR point and have turned off SR, and
re-started it. So now there is only the one new SR point. ZoneAlarm is
still turned off and will remain turned off for at least two weeks. I have
AVG on my computer but have kept it inactive while ZoneAlarm was active. I
can't see any harm in using AVG for the next two weeks (and probably
beyond).
For you fine folks who have so kindly contributed your thoughts in this
thread, it might be several days before I have the evidence I need that
things are back to normal. Or maybe they won't be back to normal and I
might have to resort to further measures like re-installing System Restore
as detailed by Daave.
But out of respect for your help, I'll keep posting here (for those who are
still interested), as time goes by. We're still in the investigatory stage
here. If Zone Alarm is truly the culprit, I'd like to be able to provide
the evidence so others won't have to deal with this.
Thanks very much for your determination and interest. I'm very impressed
with you guys.
Dan
"Danno" <danre...@shaw.ca> wrote in message
news:ayd_j.162924$rd2.119094@pd7urf3no...
Vincent
> On Sat, 24 May 2008 09:14:09 -0300, Vincent wrote:
>
>> Kayman wrote:
>>
>>> http://www.microsoft.com/technet/technetmag/issues/2007/06/VistaFirewall/default.aspx
>>> "Outbound protection is security theater—it’s a gimmick that only gives the
>>> impression of improving your security without doing anything that actually
>>> does improve your security."
> <snipped childish over-emotive and misinformed rant>
>
>
If you think that my post was meant as a ringing endorsement of third
party firewalls and their marketing hype you misunderstood what I said.
I think that 75% or more of the third party firewalls out there are
nothing more than junk being marketed and sold with rather dubious
claims. If you think that my post was meant to say that the Windows
firewall isn't a good firewall you also misunderstood my view of the
Windows firewall, the Windows firewall does what it was designed to do
very well. Third party software vendors who make claims that the
Windows firewall is insecure are engaging in deceptive marketing, I do
not dispute this and I agree with you that these companies are engaging
in shoddy practices.
On the other hand, would you fail and discredit all anti-virus programs
because viruses or other malware foiled them? Why not? Anti-virus
software programs are foiled and fail every day of the week, why do you
not froth at the mouth and tell users to stop using these programs?
No one ever said that firewalls cannot be foiled, that is not the point,
nothing is fail proof and that includes Microsoft products! What you
and others fail to understand is that outbound filtering can foil "some"
malware and as such it can alert users of potential problems, a firewall
that monitors outbound traffic can be another tool in the fight against
pests, get off your high horse with your claims that firewalls can be
foiled, we all know that and no one disputes this, your argument is
nothing but a red herring! Door locks don't stop all home intrusions,
yet few homeowners would do without them! If you say that firewalls are
0% effective at outbound monitoring you are wrong and you are no
security expert! If you say that egress traffic is a non issue you
truly lack in basic security concepts!
But, as I said earlier, that is not the point, the point is that
customers have asked Microsoft for a method, via the firewall or by
other means, of detecting and controlling egress traffic be it malware
related or not. Not all customers want all of their applications to be
allowed to send data outside, some customers want to control outbound
traffic, they want to know what is sending data outside and that is not
an outrageous demand! It is none of yours, or Microsoft's business to
be telling customers that they don't need to monitor or control egress
traffic, be it malware related or not! If Microsoft doesn't want to
supply such a tool that is fine, customers will look to others for
solutions, stop berating customers just because they make a simple
request for a useful tool to help them with their computing needs!
You or Microsoft and others who rant about firewall hypes have not
supplied any easy useful solutions to the egress filtering request.
Instead, anytime that a Microsoft customer has asked for a way to
control egress traffic what you and Microsoft have done is automatically
froth at the mouth and engage in a tirade about third party firewalls
and the fact that they are not 100% fail safe! No one disputes this and
no one has asked or insisted for a 100% fail proof solution, if they did
they wouldn't run any Microsoft products because not a single Microsoft
product has a 100% mark! Some customers want to control egress traffic
for reasons that are completely unrelated to malware, they have a need
for egress traffic control, what business of yours is it to tell them
that they shouldn't be concerned with egress traffic?
Customers have made a simple request, it isn't for you or Microsoft to
dictate to customers what they should or should not want to do with
their computers. If you cannot supply any useful solutions to that
simple demand STFU and stop telling customers what they should want or
not want. I repeat once again, anyone who claims that people should not
concern themselves with egress traffic and that it should be allowed to
go on unchecked is no security expert!
Vincent
Kayman
Wasn't meant to be! But since you object to 'educate' maybe 'fine-tune' or
'improve' would've been a more suitable choice of word(s); Sorry for
hurting your feelings. And I declare my inability reading (any) posters
emotional stance.
BTW,
A: Because it messes up the order in which people normally read text.
Q: Why is it such a bad thing?
A: Top-posting.
Q: What is the most annoying thing on usenet and in e-mail?
Daave
> Good morning!
>
> This morning there were no new SR points, although I shouldn't
> necessarily expect one. So I've created a new SR point and have
> turned off SR, and re-started it. So now there is only the one new SR
> point. ZoneAlarm is still turned off and will remain turned off for
> at least two weeks. I have AVG on my computer but have kept it
> inactive while ZoneAlarm was active. I can't see any harm in using
> AVG for the next two weeks (and probably beyond).
>
> For you fine folks who have so kindly contributed your thoughts in
> this thread, it might be several days before I have the evidence I
> need that things are back to normal. Or maybe they won't be back to
> normal and I might have to resort to further measures like
> re-installing System Restore as detailed by Daave.
>
> But out of respect for your help, I'll keep posting here (for those
> who are still interested), as time goes by. We're still in the
> investigatory stage here. If Zone Alarm is truly the culprit, I'd
> like to be able to provide the evidence so others won't have to deal
> with this.
Thanks for your efforts, too, Danno. We look forward to a definitive
cause for future reference!
Gerry
>> Q: What is the most annoying thing on usenet and in e-mail?
People who forever want to debate the merits of top v bottom posting!
bojimb...@aol.com
Putting my oar in <G> - why not use the ERUNT system ; I use it all
the time and have turned SR off .
Bill in Co.
right tool for the right job is the key here.
Bill in Co.
you see that in the title? It doesn't belong here." LOL.
Unknown
<bojimb...@aol.com> wrote in message
news:r26j34p6dsd6oa8hn...@4ax.com...
Danno
Not burning and screaming like his passengers.
"Bill in Co." <not_rea...@earthlink.net> wrote in message
news:ePEgxNqv...@TK2MSFTNGP05.phx.gbl...
Kayman
<snipped to reduce excessive quoting>
> <snipped make believe security expert drivel>
I feel honored... but I am not a security expert and never claimed to be
one, though I think of myself as reasonable 'informed'.
> If you think that my post was meant as a ringing endorsement of third
> party firewalls and their marketing hype you misunderstood what I said.
You're quite right, I haven't read you response very thoroughly - mea
culpa. Nevertheless, I trust you enjoyed reading the quoted text.
> I think that 75% or more of the third party firewalls out there are
> nothing more than junk being marketed and sold with rather dubious
> claims.
Given the old adage that 75% of quoted statistics are made up on the spot,
I dare to say that the 75% is a conservative estimate.
> If you think that my post was meant to say that the Windows
> firewall isn't a good firewall you also misunderstood my view of the
> Windows firewall, the Windows firewall does what it was designed to do
> very well.
It does it even better when closing a variety of ports etc.
> Third party software vendors who make claims that the
> Windows firewall is insecure are engaging in deceptive marketing, I do
> not dispute this and I agree with you that these companies are engaging
> in shoddy practices.
Yes, user don't realize that 3rd party firewalls are rendered virtually
useless after the introduction of the NT system (to the disgust of the
makers of these 'Phony-Baloney Ware' aka 'Illusion Ware'). Which btw also
applies to (so-called) Registry Cleaners (yuck).
> On the other hand, would you fail and discredit all anti-virus programs
> because viruses or other malware foiled them? Why not? Anti-virus
> software programs are foiled and fail every day of the week,
It happens mostly when the (quality) software isn't updated to its most
current definitions/signatures.
> why do you not froth at the mouth and tell users to stop using these
> programs?
Hold your horses and don't jump to conclusions which appears to be your
preferred way communicating. I wouldn't discredit AV apps entirely, they
have their place and are not as deceptive as the makers of 3rd party
software fw's. But (after removing the [beer] froth from my mouth) I have
indeed communicated on numerous occasions to this and other groups that one
can safely operate without AV app (so much for your research). As usual, I
provided pertinent links (authored by *experts*) in relation to this
subject and effective alternatives; This kind of advice is expectedly not
very well received; It is perceived as too 'outlandish' by the
inexperienced user, which is quite understandable (even users much more
experienced than I am have their reservations to do without AV app). Heck,
you just have to look at responses when suggesting that 3rd party fw apps
are of no beneficial use and are incapable of functioning usefully.... It
boils down that *Marketing* does a great job and is very effective! The
user gets blinded by all the hype! Unfortunately, not many are interested
reading publications/websites opposing what marketers instill to the
public.
> No one ever said that firewalls cannot be foiled, that is not the point,
> nothing is fail proof and that includes Microsoft products!
We're living in an imperfect world...say no more.
> What you
> and others fail to understand is that outbound filtering can foil "some"
> malware and as such it can alert users of potential problems, a firewall
> that monitors outbound traffic can be another tool in the fight against
> pests, get off your high horse with your claims that firewalls can be
> foiled, we all know that and no one disputes this,...
Who is *we*? And which company product/company you are representing?
> ...your argument is nothing but a red herring!
What is that supposed to mean?
(Stepping down from my high horse). I understand pretty well how things
work without claiming to be an expert knowing the innards of an OS. (Common
sense plays a significant part which unfortunately is not so common
anymore, so it seems,) oh well.
> Door locks don't stop all home intrusions,yet few homeowners would do
> without them!
Closing ports is *impressively* more effective than you think.
> If you say that firewalls are 0% effective at outbound monitoring you are
> wrong...
Don't put *your* words in my mouth, I've never claimed this, re-read my
post, carefully! But be that as it may, who cares, the game is lost anyway
[PERIOD]
> ...and you are no security expert!
Never claimed to be one, never stated such! (You repeated baseless
assertions are boring!)
> If you say that egress traffic is a non issue you truly lack in basic
> security concepts!
Now, getting back on my high horse; My security concept *is* working, I
know so because I do as I say! And how would you know what security concept
I have in place anyway?
> But, as I said earlier, that is not the point, the point is that
> customers have asked Microsoft for a method, via the firewall or by
> other means, of detecting and controlling egress traffic be it malware
> related or not. Not all customers want all of their applications to be
> allowed to send data outside,...
There is nothing wrong for *trusted* applications sending data outside. Why
would anybody in his right mind download/install a 'chancy' application?
How would the user know if the apps is risky? Education! But suggesting
this raises resentment (you don't have to look far in this thread).
> some customers want to control outbound traffic, they want to know what
> is sending data outside and that is not an outrageous demand!
I don't speak for MSFT. You and other readers have the choice to ignore my
suggestions. Some will others won't, c'est la vie. So save your energy
Vincent...'nuff said.
> It is none of yours, or Microsoft's business to
> be telling customers that they don't need to monitor or control egress
> traffic, be it malware related or not!
See above comment. Nobody is telling anything to anybody. You appear to
have a challenging comprehension issue on your hands coupled with
disturbing opinionated tendencies.
> If Microsoft doesn't want to supply such a tool that is fine, customers
> will look to others for solutions,
Wouldn't expect anything different in a free and open society!
> stop berating customers just because they make a simple
> request for a useful tool to help them with their computing needs!
I couldn't give a flying fart how *you* or anybody else for that matter
perceive my posts. This is usenet, get it?
> You or Microsoft and others who rant about firewall hypes have not
> supplied any easy useful solutions to the egress filtering request.
> Instead, anytime that a Microsoft customer has asked for a way to
> control egress traffic what you and Microsoft have done is automatically
> froth at the mouth and engage in a tirade about third party firewalls
> and the fact that they are not 100% fail safe! No one disputes this and
> no one has asked or insisted for a 100% fail proof solution, if they did
> they wouldn't run any Microsoft products because not a single Microsoft
> product has a 100% mark! Some customers want to control egress traffic
> for reasons that are completely unrelated to malware, they have a need
> for egress traffic control, what business of yours is it to tell them
> that they shouldn't be concerned with egress traffic?
>
> Customers have made a simple request, it isn't for you or Microsoft to
> dictate to customers what they should or should not want to do with
> their computers. If you cannot supply any useful solutions to that
> simple demand STFU and stop telling customers what they should want or
> not want. I repeat once again, anyone who claims that people should not
> concern themselves with egress traffic and that it should be allowed to
> go on unchecked is no security expert!
>
You're repeating yourself... you're not ranting, are you?
Have a great day :)
Marianne
> On Sun, 25 May 2008 10:52:07 -0300, Vincent wrote:
>
> <snipped to reduce excessive quoting>
Your point of view and opinions are well presented. We know that you
think that securing private personal data is unimportant.
You have made it known that you think that users should have no concerns
whatsoever as to what data flows from their computers or networks, users
should not concern themselves as to where their data flows to. Any and
all data can leaves your computer or network for unknown destinations
and that is perfectly normal, it is a good thing. No one should worry
about these things and the best way to not worry about the security of
your private personal data is to be completely oblivious as to what
might be flowing out, out of sight out of mind.
Kayman
Hello Vincent *and* (LOL) Marianne,
Evidently you're either a very immature person or you've got a serious bout
of split-personality. When you keep the Dissociative Identity Disorder
untreated it can worsen to multiple-personality. Now, that really would
confuse the hell out of us newsgroup participants.
You need help! Go to:
http://www.drphil.com/contact_main/
Good luck and speedy recovery.
Unknown
mis-informed.
"Marianne" <nog...@notvalid.com> wrote in message
news:g1f8a7$op5$1...@aioe.org...
Vincent
> Hello Vincent *and* (LOL) Marianne,
>
> Evidently you're either a very immature person or you've got a
> serious bout of split-personality.
???
Are you really that stupid? How many computer/internet users do you
think there are in Italy? Astonishing coincidence that two persons in
Italy use computers and even more astonishing that both of them should
agree that you are spreading misguided advice! I expect to see you here
soon telling us the virtues of One Care AV products and telling users
how all other AV products are not good. The depth of your ignorance
increasingly shows with each post that you make. I agree with the
previous poster, you have little knowledge of computer security and your
understanding of securing private data is laughable to say the least.
Vincent
Danno
seems to be working properly, except for one issue.
There are now 11 restore points instead of only one. Ten of those 11 SR
points are a normal size of approx. 65 Mb. But once again, there is one
restore point that is abnormally large at 462 Mb. And that one occurred
with ZoneAlarm turned OFF, as did the other ten. And once again, that huge
file is filled with 100 .RDB files that are all the same size of 2.87 Mb
each. So far, we've suspected ZoneAlarm as being the culprit. But I don't
think we can say that now, considering that ZA was shut off when this big
restore point was created. If this keeps up (creation of huge SR points),
I'm gonna be back at stage one. I'd be concerned about that.
Any thoughts?
Danno
"Danno" <danre...@shaw.ca> wrote in message
news:ERd_j.164791$Cj7.160654@pd7urf2no...
Unknown
Daave
> In the past few days, ever since ZoneAlarm was turned off, System
> Restore seems to be working properly, except for one issue.
>
> There are now 11 restore points instead of only one. Ten of those 11
> SR points are a normal size of approx. 65 Mb. But once again, there
> is one restore point that is abnormally large at 462 Mb. And that one
> occurred with ZoneAlarm turned OFF, as did the other ten. And once
> again, that huge file is filled with 100 .RDB files that are all the
> same size of 2.87 Mb each.
What is the date of that point? What activity occurred at that time? Was
it after any updates were installed (Windows or Microsoft)?
Danno
was the last restore point (created last night), and it's the only one of
the 11 that was an automatically created point. The other ten were either
created my me manually (for test purposes), or created when I was updating
drivers, etc.
"Daave" <dcwash...@myrealboxXYZ.invalid> wrote in message
news:OPz5VuNw...@TK2MSFTNGP04.phx.gbl...
Daave
update Windows or Office yesterday (manually or automatically)?
"Danno" <danre...@shaw.ca> wrote in message
news:tqf%j.173850$Cj7.34779@pd7urf2no...
Danno
"Daave" <dcwash...@myrealboxXYZ.invalid> wrote in message
news:%23K2hRDO...@TK2MSFTNGP06.phx.gbl...
Daave
> In the past few days, ever since ZoneAlarm was turned off, System
> Restore seems to be working properly, except for one issue.
"Turning off" ZA may not be enough (there's a chance that part of it is
still running without your knowledge). I would uninstall it to detemine
once and for all if it's responsible.
I'm not sure you need ZA anyway. :-)
Gerry
Do you have any other rdb files elsewhere other in the System Volume
Information folder or a Zone Alarm. Zone Alarm is not the only programme
that generates rdb files.
Do you have Apache on your system?
--
Hope this helps.
Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~
Gerry
That thought had crossed my mind. Autoruns might reveal part of Zone
Alarm still running.
--
Regards.
Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~
Danno
is in "system volume information". There are currently a total of 183 of
them. 150 are in one single SR point, and the balance are in the other 10
SR points. Strangely, two of the SR points have zero .RDB files.
Apparently there are no .RDB files in ZoneAlarm.
I do not have Apache on my system.
"Gerry" <ge...@nospam.com> wrote in message
news:OQhIT3Ow...@TK2MSFTNGP04.phx.gbl...
Danno
files ever appear again. Besides, I find ZA to be a big bloated pain in the
ass. I'll do that and let ya know the result.
"Daave" <dcwash...@myrealboxXYZ.invalid> wrote in message
news:Oug6apOw...@TK2MSFTNGP05.phx.gbl...
Danno
annoying process running in the background continually called
"ScanningProcess.exe". For the most part it is pretty quiet, but every
minute or more it pops in to action and takes up a minimal amount of CPU
resources, but none the less it's active... it's not really sleeping.
What's even more annoying is that there is another process called vsmon.exe
that also pops in and out of action on a regular basis... along with
ScanningProcess. And lo and behold.... I discovered that both of these
processes are a part of ZoneAlarm's fire wall.
I'm not very computer savvy, but I'd sure like to know why these annoyances
are running in the background when I have ZoneAlarm turned off. When I
switch it off, I expect it to be OFF.
I'm pretty certain you guys have helped me zero in on the culprit. If so,
then the original question I posted has been answered. Honestly, I wouldn't
have possibly have figured this without your guidance. Detectives you
should be. lol
I'll uninstall Zone Alarm and give you the results in a couple of days.
It's going to be good news, I'm quite certain.
Thanks again for your determination.
Dan
"Gerry" <ge...@nospam.com> wrote in message
news:O1X%23UQPwI...@TK2MSFTNGP02.phx.gbl...
Bill in Co.
> I've searched the entire machine and the only place where .RDB files occur
> is in "system volume information".
I would expect that to be the case (since they are for the System Restore
function)
> There are currently a total of 183 of
> them. 150 are in one single SR point, and the balance are in the other 10
> SR points. Strangely, two of the SR points have zero .RDB files.
> Apparently there are no .RDB files in ZoneAlarm.
But that does NOT mean that ZoneAlarm wasn't involved in all of this.
Gerry
With Zone Alarm swtched off (?) is the Windows Firewall working?
--
Hope this helps.
Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~
Gerry
I have searched to see if there are any reports of other software
producing multiple RDB files. I only found ones relating to Zone Alarm.
You can get very large restore points after major system changes but
Danno has not said anything about carrying out this type of activity
immediately before this latest restore point.
~~~~
Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~
was created.
Danno
turned Zone Alarm off, ZA would automatically switch the built-in firewall
back on. But by un-installing ZA, that feature went with it, so..... I
forgot to turn it back on until you just reminded me. Thanks again!
"Gerry" <ge...@nospam.com> wrote in message
news:ev0IrjQw...@TK2MSFTNGP05.phx.gbl...
Danno
week.
"Gerry" <ge...@nospam.com> wrote in message
news:OB3jqjQw...@TK2MSFTNGP05.phx.gbl...
Gerry
All part of the service <G>.
Although a long thread it was interesting to see how Zone Alarm actually
causes System Restore problems. I have read Bert Kinney references
previously but not got involved with resolving the issue before. I am
surprised we do not see more problems of this sort. I suppose many users
rely on Acronis True Image for backups. In this situation they can turn
off System Restore and use Zone Alarm without the problems you have
experienced.
--
Regards.
Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~
Danno
[''']D
"Gerry" <ge...@nospam.com> wrote in message
news:eUvwi2Rw...@TK2MSFTNGP06.phx.gbl...
Danno
space allocated for System Restore set at.... say 6%. System Restore
eventually sets enough points that the full 6% is taken up. Then I opt to
adjust the allocated space to 4%. I assume SR would delete enough of the
restore points to meet the new criteria.... starting with the earliest?
"Gerry" <ge...@nospam.com> wrote in message
news:eUvwi2Rw...@TK2MSFTNGP06.phx.gbl...
Bill in Co.
happens - it drops the oldest restore points to meet the new criteria.
Danno
"Bill in Co." <not_rea...@earthlink.net> wrote in message
news:eNrjnCTw...@TK2MSFTNGP06.phx.gbl...
bojimb...@aol.com
Just butting in here Danno , <G> , I haven`t used ZA in years ; the
one I prefer is Comodo v.2 ( can`t get used to v.3 ) and that is
completely free .
Danno
welcome. I agree, I don't want Zone Alarm anymore. It's just way too
bloated, too intrusive and an absolute pig if it's going to cause these
gigantic restore points for no good reason. Zone Alarm also added at least
a minute to boot-up time. I have AVG and it's 'resident shield' can zap all
the resources of the CPU as well. So I'll take a look at Comodo.
All the best,
Danno
<bojimb...@aol.com> wrote in message
news:9mns349t512hf0p28...@4ax.com...
Daave
> Thanks Bojimbo! You're not butting in, you're offering advice, which
> is welcome. I agree, I don't want Zone Alarm anymore. It's just way
> too bloated, too intrusive and an absolute pig if it's going to cause
> these gigantic restore points for no good reason. Zone Alarm also
> added at least a minute to boot-up time. I have AVG and it's
> 'resident shield' can zap all the resources of the CPU as well. So
> I'll take a look at Comodo.
AVG is an antivirus app, and Comodo is a firewall: two totally different
things!
The resident shield is a *good* thing. Whenever you run a program, it
makes sure you're not running a virus. Since you already have a firewall
(Windows firewall), Comodo is optional. One advantage Comodo has it that
it blocks certain outgoing traffic in addition to incoming. The Windows
firewall only does the latter. Personally, I believe that as long as you
practice safe hex, which includes running antivirus/anti-spyware apps
and an incoming firewall, you have all you need to be secure. If, for
some reason, you are still feeling insecure and think it's possible that
a virus slipped through and turned your machine into a spambot, then a
firewall like Comodo would be useful.
bojimb...@aol.com
My bad :-) , I use free Avast .
Gerry
Item 3 in the latest version of 29 March 2008
http://www.avast.com/eng/avast-4-home_pro-revision-history.html
The Self Defense function does not work in safe mode. There is also a
programme setting whereby this function can be disabled.
--
Hope this helps.
Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~
bojimb...@aol.com wrote:
> On Thu, 29 May 2008 08:56:15 -0400, "Daave"
bojimb...@aol.com
>Avast interferes with System Restore.
>
>Item 3 in the latest version of 29 March 2008
>http://www.avast.com/eng/avast-4-home_pro-revision-history.html
>
>The Self Defense function does not work in safe mode. There is also a
>programme setting whereby this function can be disabled.
I use the ERUNT system , disabled system restore .