[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1050
  • Last Modified:

windows files that are constantly overwritten

I have a bunch of computers running WinXP SP3 with Symantec Endpoint installed on them and I've been noticing that several files are constantly being overwritten (like every 5 minutes).  This is proving to be a bit of problem because of some software we use (Roxio GoBack) that has a 4GB buffer and reboots the machines when the buffer fills up.  

The main culprits seem to be:
c:\windows\sytstem32\WBEM\Repository\FS\objects.data
\Program files\symantec\symantec endpoint protection\SerState.dat
\Program files\symantec\symantec endpoint protection\SerState.dat.bak

as well as all the ntuser.dat files from each profile.

If anyone knows of any way to stop these files from overwriting themselves, or at least minimize how many times a day they overwrite themselves I would be very appreciative.
0
SIT_Help
Asked:
SIT_Help
1 Solution
 
zreismanCommented:
Possible to exempt directories in GoBack?
0
 
akahanCommented:
You can't exempt directories in Goback, but you can limit it to working only the C: drive if you want.  So, if you create a D: partition, and install Symantec Endpoint Protection on the D: drive (or D: partition) during the installation process (instead of on the C: drive) then the Symantec files will be constantly overwritten on a drive that Goback's not paying attention to.  I don't think you can do anything about objects.data, other than turn off the Windows Management Instrumentation Service, in services.msc ... but if you do that, you'll likely suffer dire consequences.


0
 
SIT_HelpAuthor Commented:
Good ideas, unfortunately GoBack is a per Drive so unless I had a second physical drive in each machine I cannot exclude it.  I tried this in one of my labs by making 3 partitions (windows, applications, user profiles) but the 4gb buffer is for all three combined.  

I recognize that it's crummy software but at the moment it's the only thing that meets the needs of the facility.  We require a way to keep the machines in a clean state AND (here's the rub) we need to be able to recover student files that they have deleted.  
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
SIT_HelpAuthor Commented:
Another file is the catdb file in system32\catroot2\  That one rewrites itself about 3-4 times every hour
0
 
akahanCommented:
I actually LOVE Goback.  I wonder if Microsoft's (free!) Windows Steady State would do the job for you?  Check it out here:  http://www.microsoft.com/windows/products/winfamily/sharedaccess/support/windowsdiskprotection.mspx

0
 
SIT_HelpAuthor Commented:
I'm running steady state in one of my labs and it's decent but it has NO file recovery like GoBack.  It also is clunky to make give it scheduled reverts instead of every reboot.
0
 
akahanCommented:
I thought Steady State allowed you to retain files "behind the revert" for up to a week?  I've not used that feature, but that's what is claimed on MS's web page for the product.
0
 
xmachineCommented:
Hi,

SerState.dat (or SerState.dat.bak) is SEP's agent status information (detected applications list/HI result/etc.)  so this file will get replaced every time SEP has new status. So you can't control it, since it's working as designed.


A Symantec Certified Specialist @ your service
0

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now