Norton Anti-Virus 2004 and HD imaging

  • Thread starter Thread starter Timothy Daniels
  • Start date Start date
T

Timothy Daniels

The Dec 30th issue of PC Magazine (p. 57) has a letter
from a reader saying that Symantec advised him that Norton
AV should be uninstalled before "backups" (presumably
this mean imaging) and then reinstalled after the backup.
The reason is supposedly due to Symantec's efforts to
thwart software piracy. Has anyone had any difficulty with
Norton Anti-Virus 2004 in their imaging efforts? In my
own experience, Norton AV gave me trouble when I
tried to copy a WinXP system using Maxtor's MaxBlast
3.0 software. I had no problem using Drive Image 2002
with Norton AV 2003, though.

*TimDaniels*
 
The Dec 30th issue of PC Magazine (p. 57) has a letter
from a reader saying that Symantec advised him that Norton
AV should be uninstalled before "backups" (presumably
this mean imaging) and then reinstalled after the backup.
The reason is supposedly due to Symantec's efforts to
thwart software piracy. Has anyone had any difficulty with
Norton Anti-Virus 2004 in their imaging efforts? In my
own experience, Norton AV gave me trouble when I
tried to copy a WinXP system using Maxtor's MaxBlast
3.0 software. I had no problem using Drive Image 2002
with Norton AV 2003, though.

I'm guessing NAV is making some sort of checksum of the boot sector and
other special areas. If you clone over to new hardware, the checksum could
change. NAV may try to silently 'fix' it, and make a mess of things.

Rather than uninnstall, what may work is to configure it to NOT start up
on bootup, and maybe even change any services to DISABLED before cloning.
That way, it'll be OFF on the new hardware. Still, you may want to make
certain that ALL options to verify ANY changes are enabled.
 
Andrew Rossmann said:
I'm guessing NAV is making some sort of checksum of the boot sector and
other special areas. If you clone over to new hardware, the checksum could
change. NAV may try to silently 'fix' it, and make a mess of things.

The NAV image file of the MBR and the boot sector will be moved to the new drive
anyway, regardless of whether NAV was uninstalled or left running. It's
recommended to disable the boot inoculation option altogether in NAV's
configuration, this feature is a dangerous one for the reason given above.

A more prosaic reason for disabling NAV (or any on-access AV for that matter)
before backing up or imaging is that the AV will considerably slow down the
process, to meticulously scan every file. Some backup applications may time-out
when their backup queue is empty, due to the waiting caused by the AV.

Regards, Zvi
 
Zvi Netiv said:
The NAV image file of the MBR and the boot sector will be moved
to the new drive anyway, regardless of whether NAV was uninstalled
or left running. It's recommended to disable the boot inoculation
option altogether in NAV's configuration, this feature is a dangerous
one for the reason given above.

A more prosaic reason for disabling NAV (or any on-access AV
for that matter) before backing up or imaging is that the AV will
considerably slow down the process, to meticulously scan every file.
Some backup applications may time-out when their backup queue
is empty, due to the waiting caused by the AV.


I can't find anything called "boot inocculation" in my 2003 Norton
Anti-Virus GUI. Is it a new feature introduced for the 2004 version?
What does it do, and where is it toggled?

If the HD is accessed and copied sector-by-sector (à la Drive Image)
and not file-by-file, why would an anti-virus scan be invoked for each
file?

*TimDaniels*
 
Timothy Daniels said:
:

I can't find anything called "boot inocculation" in my 2003 Norton
Anti-Virus GUI. Is it a new feature introduced for the 2004 version?
What does it do, and where is it toggled?

"Boot inoculation" is the name used in older NAV versions. Just turn off the
boot sector protection in your NAV options, as it could do more harm than good.
There are no boot viruses around to worry about that justify the use of that
anachronistic and dangerous feature of NAV.
If the HD is accessed and copied sector-by-sector (à la Drive Image)
and not file-by-file, why would an anti-virus scan be invoked for each
file?

Drive imaging isn't done on a sector by sector basis, just on used space. Some
cloning software have a special mode for sector by sector cloning (our CloneDisk
is one), mostly for forensics use, or for the cloning of a dying drive as part
of disaster recovery.

Regards, Zvi
 
It won't work because of the activation in the new version of NAV 2004.
When you restore the clone onto a new computer, it will require
re-activation and this may cause problems depending on the severity of the
hardware change. If this image will be used on the same computer it was
created on though, then there should be no problems.
 
O... kaay... I guess it won't impact *me*. If it doesn't
work, though, I'll switch my AV software. Symantec,
are you listening?

*TimDaniels*
 
Has anyone had any difficulty with
Norton Anti-Virus 2004 in their imaging efforts?

I had problems with NAV 2002 messing with the irpstacksize. This prevented
me backingup over my LAN to a shared USB drive. I was trying to use
powerquest Drive Image and I posted the solution to other news groups at the
time. Here is a copy....

If you are sure you have set up your accounts and shares correctly but you
still can't access a machine over your LAN and you get either access
permission errors or "Not enough server storage" then his might be worth
checking.

Look in the event log on the "server". This might be an ordinary PC in the
case of a home LAN, either way it's the PC hosting the share you are trying
to contact. See if there is an entry telling you the irpstacksize is too
small.

I believe this problems may be due to Norton Antivirus S/W.

Norton have this advisory (long URL may wrap to new line and need repair)

http://service1.symantec.com/suppor...88256d03005eb145?OpenDocument&src=bar_sch_nam

and Microsoft have this one..

http://support.microsoft.com/default.aspx?scid=kb;EN-US;106167

HOWEVER the above only mention the error message being "Not enough server
storage...". I found it can also give access permission errors (something
like "Access denied" or "Insufficient acesss", I can't remember exactly).
These are really confusing to someone trying to set up a home LAN.

Here is what I found...

irpstacksize = 11 (dec) causes access permission errors.
irpstacksize = 13/14 the error changed to "Not enough server storage" or
similar.
irpstacksize = 15 and my network shares now work fine.
 
Back
Top