windows files that are constantly overwritten
I have a bunch of computers running WinXP SP3 with Symantec Endpoint installed on them and I've been noticing that several files are constantly being overwritten (like every 5 minutes). This is proving to be a bit of problem because of some software we use (Roxio GoBack) that has a 4GB buffer and reboots the machines when the buffer fills up.
The main culprits seem to be:
c:\windows\sytstem32\WBEM\
\Program files\symantec\symantec endpoint protection\SerState.dat
\Program files\symantec\symantec endpoint protection\SerState.dat.ba
as well as all the ntuser.dat files from each profile.
If anyone knows of any way to stop these files from overwriting themselves, or at least minimize how many times a day they overwrite themselves I would be very appreciative.
The main culprits seem to be:
c:\windows\sytstem32\WBEM\
\Program files\symantec\symantec endpoint protection\SerState.dat
\Program files\symantec\symantec endpoint protection\SerState.dat.ba
as well as all the ntuser.dat files from each profile.
If anyone knows of any way to stop these files from overwriting themselves, or at least minimize how many times a day they overwrite themselves I would be very appreciative.
Possible to exempt directories in GoBack?
You can't exempt directories in Goback, but you can limit it to working only the C: drive if you want. So, if you create a D: partition, and install Symantec Endpoint Protection on the D: drive (or D: partition) during the installation process (instead of on the C: drive) then the Symantec files will be constantly overwritten on a drive that Goback's not paying attention to. I don't think you can do anything about objects.data, other than turn off the Windows Management Instrumentation Service, in services.msc ... but if you do that, you'll likely suffer dire consequences.
ASKER
Good ideas, unfortunately GoBack is a per Drive so unless I had a second physical drive in each machine I cannot exclude it. I tried this in one of my labs by making 3 partitions (windows, applications, user profiles) but the 4gb buffer is for all three combined.
I recognize that it's crummy software but at the moment it's the only thing that meets the needs of the facility. We require a way to keep the machines in a clean state AND (here's the rub) we need to be able to recover student files that they have deleted.
I recognize that it's crummy software but at the moment it's the only thing that meets the needs of the facility. We require a way to keep the machines in a clean state AND (here's the rub) we need to be able to recover student files that they have deleted.
ASKER
Another file is the catdb file in system32\catroot2\ That one rewrites itself about 3-4 times every hour
I actually LOVE Goback. I wonder if Microsoft's (free!) Windows Steady State would do the job for you? Check it out here: http://www.microsoft.com/windows/products/winfamily/sharedaccess/support/windowsdiskprotection.mspx
ASKER
I'm running steady state in one of my labs and it's decent but it has NO file recovery like GoBack. It also is clunky to make give it scheduled reverts instead of every reboot.
I thought Steady State allowed you to retain files "behind the revert" for up to a week? I've not used that feature, but that's what is claimed on MS's web page for the product.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.