[escalated] Windows Repair/restore

Christian,


In its zeal to prevent an attack, BitDefender has successfully blocked doing a "System Restore" (rstrui.exe) to restore the system to a previously-set restore point. It also prevents a "Windows Repair" (In-place install).


I've managed to find a work-around for the "System Restore" without having to uninstall BitDefender. The "Windows Repair" does require a complete uninstall in order to do the in-place install.


Can you come up with a way to get around this, without compromising system integrity?


Thanks,


Leighton

Comments

  • I also found a couple of users having this. Any luck on this Leighton? smile2.png

  • coolcool1227
    coolcool1227 ✭✭✭
    edited August 2012

    Read this article from Microsoft


    How antivirus software and System Restore work together.


    This is an old issue reported many times on the forum


    Also read this


    Bdis2012 Prevents System Restore, on XP sp3 no restoration


    and


    Bitdefender And Windows System Restore.

  • Charyb
    Charyb ✭✭✭
    edited August 2012
    Christian,


    In its zeal to prevent an attack, BitDefender has successfully blocked doing a "System Restore" (rstrui.exe) to restore the system to a previously-set restore point. It also prevents a "Windows Repair" (In-place install).


    I've managed to find a work-around for the "System Restore" without having to uninstall BitDefender. The "Windows Repair" does require a complete uninstall in order to do the in-place install.


    Can you come up with a way to get around this, without compromising system integrity?


    Thanks,


    Leighton


    I have heard of conflicts with system restore and other antivirus solutions too. I don't trust system restore and have had it turned off for years. I rely upon system images and daily file backups. I know this doesn't provide an immediate solution to your problem but it is very reliable and safe method if you want to use it as an alternative. I take that back. After reading the last line of your post, it does provide and immediate solution.


    I use Windows 7 to create system image and Seagate Backup Manager to perform daily updates. This combination has been 100% reliable for me. There are many others (free of charge) that can be found by using google.

  • @ONT


    @Charyb


    Re: System Restore


    The Microsoft article is assuming that there is a virus and that the antivirus software is preventing Windows from doing the restore. My system is virus-free, before and after the restore. That is the obvious reason for having antivirus software in place. The usual reason I find for wanting to do a Restore is because a piece of software I was testing and uninstalled had managed to snarf-up the Registry. Doing the Restore gets me back to a point when the Registry was still good. I always set a Restore point before installing test software. While doing a backup is fine for recovery of the user's files, it doesn't protect the Registry.


    Re: In-Place install (Windows Repair)


    BitDefender seems to have gone to great lengths to prevent an attacking virus from disabling the Service. You are not permitted to either DISABLE or STOP the Service. Uninstalling is the only option. Again, the motivation to do a Repair is the fault of testing software. I had tested a piece of software that checked to see if a certain driver was present. If not, it would install the version it knew worked with their software. Upon uninstall, the ****** deleted the driver leaving me without a System driver. With BDIS installed, after whirring away for two hours, BDIS cancelled the Repair. After uninstalling BDIS, the "Windows Repair" took 45 minutes and was successful in rebuilding my System with the appropriate drivers and System Registry settings.


    Although I found a work-around for my desktop PC, it doesn't seem to work on my laptop. On the desktop PC, I can force the system to boot off a virtual X: drive where BDIS does not exist. There I am able to restore to a saved restore point without any hassle from BDIS.


    The "Windows Repair" requires the PC to be running in normal mode when you start the installer on the DVD. Normal means that BDIS is watching out for my best interests. It won't allow evil software (Windows) from altering my system (repairing itself).


    I think the ball is in developments court on this one.


    Thanks for your response,


    Leighton

  • Charyb
    Charyb ✭✭✭
    edited August 2012
    @ONT


    @Charyb


    Re: System Restore


    I always set a Restore point before installing test software. While doing a backup is fine for recovery of the user's files, it doesn't protect the Registry.


    Thanks for your response,


    Leighton


    This is why I recommended a system image along with a daily file backup. I can re-image my system in about 30 minutes. I would never test software without a system image.


    Google 'system restore' and read about how often it fails.

  • rootkit
    rootkit ✭✭✭

    Hello :)


    Everything is OK in Safe Mode with System Restore?


    Microsoft recommend running this in Safe Mode for better results:


    http://www.sevenforums.com/tutorials/700-system-restore.html


    http://www.howtogeek.com/howto/windows-vis...system-restore/


    Take care.

  • Hello :)


    Everything is OK in Safe Mode with System Restore?


    Microsoft recommend running this in Safe Mode for better results:


    http://www.sevenforums.com/tutorials/700-system-restore.html


    http://www.howtogeek.com/howto/windows-vis...system-restore/


    Take care.


    Christian,


    I'm not as much concerned about the "System Restore", since I have a work-around (with the recovery disk). It's the ability to do a "System Repair" (In-place install) with which I have the biggest issue. In order to do a "System Repair", the system has to be rebooted normally (BDIS running), and the "Installer" started on the installation DVD. After going through two painful hours of BDIS sniffing every file that is being installed, BDIS will not let the installation complete. BDIS has to be completely uninstalled in order to do a "System Repair".


    After uninstalling BDIS, it only took 45 minutes to run the installation (Repair), and it worked perfectly. Since the BitDefender Service cannot be disabled from the console, it is running and blocking the installation. I realize that by providing a way to turn it off introduces an attack vector, but there has to be a way for BDIS to realize that this is an authorized Windows installation and should be allowed to continue to its fruitful conclusion.


    Thanks,


    Leighton

  • Can we disable AVC and IDS drivers (.sys files) to perform System Restore/Repair? I doubt that they may prevent from doing so.

  • rootkit
    rootkit ✭✭✭

    Hello :)


    This issue was escalated to our developers. I will post here when I have new information for you.


    Thank you in advance for your patience!

  • rootkit
    rootkit ✭✭✭

    Hello :)


    I am back here because we need more information.


    We tried to reproduce the issue with the default settings in the product(Auto Pilot turned on) and the repair-install process is working properly.


    Do you have any custom settings in the product?


    Thank you!

  • We tried to reproduce the issue with the default settings in the product(Auto Pilot turned on) and the repair-install process is working properly.


    Do you have any custom settings in the product?


    No! I also have Auto Pilot turned on. As I stated before, after an arduous 2 hour wait, the installer responded with the fact that it was unable to complete the installation. What could there be to complain about if Windows had just rewritten the complete OS? It has to be that BDIS was not allowing something that Windows installer wanted to do. Since the "Repair" (In-place install) has to be executed with Windows running in "Normal" mode, BDIS must be monitoring all of the activities that the installer is performing and blocking what it considers to be an attack.


    If all else fails, uninstalling and re-installing BDIS takes less time than it does to have BDIS monitor the installation and possibly fail.


    Uninstall BDIS 5 min.


    Install Windows 45 min.


    Re-install and configure BDIS 20 min.


    ----------------------------------


    Total time: approximately 70 min.


    If BDIS is installed, it takes over 2 hrs and the results are questionable.


    Maybe that is the easiest way after all.


    Thanks,


    Leighton

  • rootkit
    rootkit ✭✭✭

    Hi Leighton :)


    Thank you for your feedback!


    I have forwarded all the new data to the testing team.


    I will come back to you if I will need more information.


    Have a wonderful day!

  • Neither Windows Restore nor Windows Start up Repair works with Bitdefender installed. I’ve tested this many times with Bitdefender 2011, 2012 and 2013 versions on Windows XP SP3 and Windows 7 SP1 and got no success. In the end I try to repair with SFC or chkdsk commands and if they also fail then I re-install the Windows but I didn’t try to Repair the Windows XP from the Windows Setup CD.


    Windows and installers are of 32bits. And I always interested in to keep the products in User customized state.

  • rootkit
    rootkit ✭✭✭

    Hello :)


    In this whole process, IDS was turned on?


    Thank you!

  • Hello :)


    In this whole process, IDS was turned on?


    Thank you!


    What is IDS? Not familiar with that acronym. Settings were as indicated in previous posts.


    Thanks,


    Leighton

  • Hello :)


    In this whole process, IDS was turned on?


    Thank you!


    I tried with IDS, AVC, RTP (permanently), Firewall disabled from the product interface, but the said issue remains and the following error occurred. Kindly see the attachment.


    How can I disable IDS and AVC drivers by renaming them in Safe Mode? I mean what files are that for doing so?

    post-31288-1347124181_thumb.jpg

  • What is IDS? Not familiar with that acronym. Settings were as indicated in previous posts.


    Thanks,


    Leighton


    Hello Leighton :)


    IDS is Intrusion Detection System and is located in the Firewall Module.


    Please check it you and let me know if it is turned on.


    Take care.

  • IDS is Intrusion Detection System and is located in the Firewall Module.


    Please check it you and let me know if it is turned on.


    Aha! Yes, IDS on (Normal) and all other options are set to "ON".


    Thanks,


    Leighton

  • Any new information about the above said issue?

  • Any update?

  • I am also having this windows Restore failing problem.


    IDS is turned off and the problem still occurs.

  • Is there any update from Bitdefedner on this issue?


    It's only been out there for at least 4-5 months ....

  • Is there any update from Bitdefedner on this issue?


    It's only been out there for at least 4-5 months ....


    Why you are in a hurry? Just replace months with years in your statement. Christian may be very very busy in some other projects as like in the past, and there is no other competent engineer from this top ranked company who can respond to forum replies......so just wait wait wait and continue to wait.

This discussion has been closed.