locked
How to exclude Specific Files or Programs for Windows SteadyState ? RRS feed

  • Question

  • Hi.

     

    Windows XP Professional SP2

     

    I'm in trouble for updating Virus Definition File.

    I want to exclude Virus Definition File for Windows SteadyState

    instead of configuring Virus Definition File update schedule.

    Also, I cannot install Virus Protection Software to Another drive (e.g.D: drive)

     

    I think it can be possible.

    EventLog Files seem to be excluded for initialization by Windows SteadyState.

     

    What should I do?

     

    (Sorry for incorrect English...  I'm Japanese)

     

    Wednesday, October 3, 2007 6:22 AM

Answers

  •  

    Hi Rio1130,

     

    Please understand that Windows Disk Protection (WDP) monitors the whole system drive instead of some specific folders. Thus, it's impossible to exclude some specific files or programs.

     

    As I know, most of security programs need to be installed on the system drive. You may consult your antivirus program producer to confirm if the product can be installed on other drives.

     

    If you would like to retain definition changes with WDP enabled, one method is update from SteadyState Schedule Software Updates. Another method is temporarily change WDP to "Retain all changes permanently" mode when updating.

     

    Actually, if you try to log off/turn off computer from an administrator account, the following warning message will occur. You can choose "Save changes and then continue" to retain changes. After restarting the computer, WDP will be restored to “Remove all changes at restart”.

     

    ~~~~~~~~~~~~~~~~~~

    Windows Disk Protection Is On

     

    The computer is about t o restart or shut down. You must select one of the following three options in the time remaining or the computer will automatically continue and remove all changes.

     

    Time remaining: 00:30

     

    Continue and remove all changes

    -----------

    If you choose this option, you will lose all changes when the computer is restarted or shut down because Windows Disk Protection is set to Remove all changes at restart.

     

    Save changes and then continue

    -----------

    After the changes are saved, the Remove all changes at restart settings will be turned back on for the next session.

     

    Cancel and go back

    -----------

    If you choose this option, the computer will not restart or shut down.

     

               OK

    ~~~~~~~~~~~~~~~~~~

     

    Best Regards,

    Thursday, October 4, 2007 3:04 AM

All replies

  •  

    Hi Rio1130,

     

    Please understand that Windows Disk Protection (WDP) monitors the whole system drive instead of some specific folders. Thus, it's impossible to exclude some specific files or programs.

     

    As I know, most of security programs need to be installed on the system drive. You may consult your antivirus program producer to confirm if the product can be installed on other drives.

     

    If you would like to retain definition changes with WDP enabled, one method is update from SteadyState Schedule Software Updates. Another method is temporarily change WDP to "Retain all changes permanently" mode when updating.

     

    Actually, if you try to log off/turn off computer from an administrator account, the following warning message will occur. You can choose "Save changes and then continue" to retain changes. After restarting the computer, WDP will be restored to “Remove all changes at restart”.

     

    ~~~~~~~~~~~~~~~~~~

    Windows Disk Protection Is On

     

    The computer is about t o restart or shut down. You must select one of the following three options in the time remaining or the computer will automatically continue and remove all changes.

     

    Time remaining: 00:30

     

    Continue and remove all changes

    -----------

    If you choose this option, you will lose all changes when the computer is restarted or shut down because Windows Disk Protection is set to Remove all changes at restart.

     

    Save changes and then continue

    -----------

    After the changes are saved, the Remove all changes at restart settings will be turned back on for the next session.

     

    Cancel and go back

    -----------

    If you choose this option, the computer will not restart or shut down.

     

               OK

    ~~~~~~~~~~~~~~~~~~

     

    Best Regards,

    Thursday, October 4, 2007 3:04 AM
  • I confirmed the security log would be updated even though WDP with SteadyState.

    I think some API exist to update files permanetly. I would like to update the Virus Protection File and Windows Update Fines in SteadyState.

     

    I've understand the update would be restored if updater was using normal I/O interface. The Virus Protection Program may  need to change if it will use some hidden API instead of normal I/O interface.

     

    How would you think about updates was done in the security log in WDP SteadyState ?

    Thursday, October 4, 2007 4:22 AM
  • Before we go any further, I would like to confirm if WDP has configured to “Remove all changes at restart”.

     

    If so, I am sure that your security log is not continuous.

     

    Based on my test, if you remove changes with WDP, Event viewer can only display the oldest record which were created before configure WDP to “Remove all changes at restart” and the new records created after this start. All the other records have been removed by WDP.

     

    You can capture a screenshot of the current log and then restart the computer to compare the logs.

     

    To capture a screenshot, complete the following steps:

    ----------------------------------

    1. Press the Print Screen key (PrtScn) on your keyboard.

    2. Click "Start", click "Run", type "mspaint", and click "OK".

    3. In Paint, click Paste under the Edit Menu, click Save under the File menu, type a file name for the snap shot, choose JPEG as "Save as type", save it to another drive.

     

    Regards,

    Thursday, October 4, 2007 8:16 AM