Thread: _RESTORE Folder
View Single Post
  #4  
Old April 20th 05, 06:55 PM
heirloom
external usenet poster
  
Posts: n/a
Default
The virus indications in the Restore folder are of little consequence,
unless you perform a restoral to an infected point. The following verbose
info should cover all your questions. I believe author credit may go to Mr.
Mike Maltby, MS-MVP...
someone correct me if I'm wrong.
===================================

SYMPTOMS

When you run an antivirus program, you may receive a report that indicates
that one or more files in the
_Restore\Temp or the _Restore\Archive folders contain a virus or are
infected with a virus. Also, your antivirus
program may indicate an inability to remove the virus from the file or
files.


CAUSE

This behavior occurs because the System Restore feature in Windows
Millennium Edition (Me) protects all folders
and files in the _Restore folder on the Windows Me system partition. This
folder and all of its subfolders are the
data store that the System Restore feature uses to restore your computer's
operating system to a previous
state from a previous point in time.

Although some antivirus programs may have the ability to work with files
that have been compressed or stored in
.zip or .cab file format, the System Restore feature does not permit these
utilities to manipulate these files
within the data store. The data store is protected for data integrity
purposes, and the System Restore feature is
the only method you can use to obtain access to the data store. Because of
this, the antivirus program is
unable to remove the virus from the file or files in the data store. The
files in the data store are inactive and can
be used only by the System Restore feature.


RESOLUTION

To work around this behavior, use the appropriate method.

Use the First In First Out (FIFO) Feature

The FIFO routine purges the oldest restore points so that newer, more
current restore points can be added to
the data store. FIFO starts automatically when the files in the data store
reach 90 percent of the maximum size
of the data store. System Restore purges the oldest files first until the
files in the data store occupy no more
than 50 percent of the maximum size of the data store.

For example, if the maximum size of the data store is 400 megabytes (MB),
90 percent of this is 360 MB and 50
percent is 200 MB. If the data store is 200 MB when you view the
properties of the _Restore folder, it is 50
percent of the maximum size. If you adjust the size of the data store to
the minimum size of 200 MB, FIFO
occurs when you click Apply .

NOTE : If the data store is less than 90 percent (180 MB) of the minimum
(200 MB) value, adjusting the size
does not have any effect in purging restore points. In this scenario, you
must carefully consider the use of the
methods that are described in this article.

Over a period of time, the data store purges restore points on a FIFO
basis as the maximum size of the data
store is reached. There are a few scenarios in which FIFO can be used to
purge older restore points to retain
more recent restore points on the computer.

FIFO Method 1

No action is required if the system has been cleaned and only the data
store is reported by the antivirus tool to
have suspicious files. Until all infected files are processed out on a
FIFO basis, the antivirus tool may still report
that there are infected files that it cannot obtain access to within the
data store.

FIFO Method 2

You can trigger the FIFO feature to remove older restore points from the
data store by resizing the data store.
To use the System Restore feature to adjust the size of the data sto

1.View the properties of the _Restore folder to determine how much data
is actually in the data store. You
do this to determine if this step will have any effect on the data
store. If the data store uses less than 90
percent (less than 180 MB) of the minimum value (200 MB), this method
may have no effect on purging the
restore points. If less than 90 percent of the data store is used,
even at the minimum settings you should
consider using FIFO method 1 or using the "Manually Purge the Data
Store" method that is listed later in
this article.

2.Click Start , point to Settings , and then click Control Panel .

3.Double-click System , and then click the Performance tab.

4.Click File System .

5.Adjust the System Restore disk space use slider to the approximate
lower amount, and then click Apply