System Volume Information folder

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

My system volume information folder has grown to 6 GB with 30,000 files. I
know it works with System Restore, but will I damage anything if I delete the
files? If not, can I shrink it somehow?
My virus scan takes forever because I can't find a way to skip just a single
folder.
 
Hi

Please don't manually delete any files from that folder. Instead right
click on My Computer and select Properties>System Restore. Highlight the
appropriate drive, then click Settings and adjust the slider downwards. I
have mine set to 1000 MB which gives me plenty of checkpoint to revert to.

--


Will Denny
MS-MVP Windows Shell/User
Please reply to the News Groups
 
ralmquist said:
My system volume information folder has grown to 6 GB with 30,000
files. I know it works with System Restore, but will I damage
anything if I delete the files?
Click to expand...



Yes, you will probably screw up System Restore.

If not, can I shrink it somehow?
Click to expand...


You not only can, but should. By default System Restore takes 12% of your
drive. But that default of 12% is almost always considerably too large. In
practice you can seldom go back more than a week or two, because any more
than that and your registry gets out of synch with everything else. So
allocating space for more than a dozen or so restore points is a waste.

So I would give it just 1-2GB.
 
Hi,

How much disk space is System Restore set to use?

Normally the size of the SVI will be slightly larger than the of the
amount of disk space allocated to hold restore points.

If the Indexing Service has been activated, (it is turned off in Windows
XP by default, and turned on by default in Media Center Edition) it will
also store files in the SVI folders. The peasants of the catalog.wci
within the SVI folder would indicate that the Indexing Service has been
manually started. To avoid this, disable the Indexing Service, reboot,
and delete the catalog.wci folder. The catalog.wci should not be
recreated. To confirm that the "Indexing Service" is running, click
Start, click Run, and then type cmd /k net start then press enter. If
Indexing Service is present, then Indexing is turned on.

Encrypting File System (EFS) also uses the System Volume Information
folder on each partition to store the log file that is generated during
the encryption and decryption process.

Zone Alarm version 6.5 has a bug that creates very large .rdb files
within the system. These .rdb files are monitored by System Restore and
thus end up in the restore points located in the System Volume
Information folder, along with other locations on the system. The best
advise is to revert to an earlier version of Zone Alarm. Then disable
System Restore which will purge all existing restore points, then turn
it back on. For more information on this subject please visit the Zone
Labs User Forum.
http://forum.zonelabs.org/zonelabs/board/message?board.id=gen&message.id=34871
 
On Fri said:
How much disk space is System Restore set to use?
Click to expand...
Encrypting File System (EFS) also uses the System Volume Information
folder on each partition to store the log file that is generated during
the encryption and decryption process.
Click to expand...

Is there a risk of clearing SVI, if EFS is in use?
Zone Alarm version 6.5 has a bug that creates very large .rdb files
within the system. These .rdb files are monitored by System Restore and
thus end up in the restore points located in the System Volume
Information folder, along with other locations on the system. The best
advise is to revert to an earlier version of Zone Alarm. Then disable
System Restore which will purge all existing restore points, then turn
it back on. For more information on this subject please visit the Zone
Labs User Forum.
Click to expand...
http://forum.zonelabs.org/zonelabs/board/message?board.id=gen&message.id=34871
Click to expand...

You can also purge all but the last Restore Point, as follows:
- Windows Explorer, right-click disk letter (e.g. C:)
- click Disk Cleanup, then More Options tab
- click the lowermost button to clear all but last SR point
- OK

This is a good thing to do after cleaning up malware; once clean, set
a new restore point and use this to discard earlier infected ones.

How are you measuring contents of SVI? I ask, in case you are
assuming that what can't be seen elsewhere must be in SVI. That's not
the case; space can be invisibly lost in other ways, e.g. ADS on NTFS.

Last point: The SVI tree may hold multiple per-installation subtrees
of SR material, if there are or have been multiple installations of XP
that can "see" the volume. Each installation has its own ID, and that
ID forms the base of the installation's SVI data. This prevents the
WinME SR debacle, where each installation tramples all over any other
installation's SR data - but space taken by other installations may
not be taken into account when SR's usage is assessed.


------------ ----- --- -- - - - -
Click to expand...
Drugs are usually safe. Inject? (Y/n)
 
Hi Chris,

Is there a risk of clearing SVI, if EFS is in use?
Click to expand...

I haven't considered this and haven't tested it. Saying that, the best
practice would be to disable SR or use Disk Clean-up to purge restore
points rather than deleting the contents of the SVI folder.
You can also purge all but the last Restore Point, as follows:
- Windows Explorer, right-click disk letter (e.g. C:)
- click Disk Cleanup, then More Options tab
- click the lowermost button to c1lear all but last SR point
- OK

This is a good thing to do after cleaning up malware; once clean, set
a new restore point and use this to discard earlier infected ones.
Agreed.

How are you measuring contents of SVI? I ask, in case you are
assuming that what can't be seen elsewhere must be in SVI. That's not
the case; space can be invisibly lost in other ways, e.g. ADS on NTFS.
Click to expand...

Right click on SVI or the _restore{xxx} folder and properties.
Last point: The SVI tree may hold multiple per-installation subtrees
of SR material, if there are or have been multiple installations of XP
that can "see" the volume. Each installation has its own ID, and that
ID forms the base of the installation's SVI data. This prevents the
WinME SR debacle, where each installation tramples all over any other
installation's SR data - but space taken by other installations may
not be taken into account when SR's usage is assessed.
Click to expand...

I have not seen this. A screen shot would be nice. <g> I wonder is Disk
Clean-up would clean ALL SR data in this case except for the most recent
RP.
 
On Sat said:
Hi Chris, Hi!

"cquirke (MVP Windows shell/user)" wrote
Click to expand...
I haven't considered this and haven't tested it. Saying that, the best
practice would be to disable SR or use Disk Clean-up to purge restore
points rather than deleting the contents of the SVI folder.
Click to expand...

Yes. I'm concerned about that in the context of malware cleanup
(where SVI may be relocated or purged) and also because bad exits tend
to bit-rot the contents of SR backup data, and if that hits the EFS
templates as well, that could cause quite a crisis.
Agreed.
Click to expand...

I'd seldom rename away SVI from outside the OS, unless I had doubts
about detecting everything and reason to suspect active use from (or
use of) the SVI material. It's hard to get into SVI (say, to drop a
file there) unless SR sweeps you along, but malware may make the
effort because it's also so hard for av to scan and manage SVI.
Right click on SVI or the _restore{xxx} folder and properties.
Click to expand...

Are you on NTFS, and doing this from XP? I ask, because in my
experience I don't get straight answers under those circumstances;
instead, XP tells me there's "nothing there", and I can't navigate in,
delete, copy off to another volume, etc.

There's none of that if the SVI is on a FATxx volume, tho.
I have not seen this. A screen shot would be nice. <g> I wonder is Disk
Clean-up would clean ALL SR data in this case except for the most recent
RP.
Click to expand...

I think Disk Cleanup is quite conservative (which is why it's safe-ish
to use). For example, when it cleans Temp, it leaves "recent"
material in place, and may not clear the various Temp locations other
than the one for the current user account.

That makes Disk Cleanup a lot less useful for post-process cleanup,
e.g. to clear out Temp straight after installing sware etc. because at
that time, the material you are trying to get rid of is still "recent"

On FATxx, you can usually delete the whole SVI as long as SR is not
enabled on that volume. But on NTFS, you can't delete SVI even if
it's disabled altogether - it's a permissions thing, I guess, unless
it's a hardcoded OS behavior.

So if you pass an NTFS HD around between XP PCs, you should have the
opportunity to see an SVI with multiple installation's subtrees.
You'd prolly have to be in orbit (Bart PE CDR boot) to see it, tho.


------------ ----- --- -- - - - -
Click to expand...
Drugs are usually safe. Inject? (Y/n)
 
Yes. I'm concerned about that in the context of malware cleanup
(where SVI may be relocated or purged) and also because bad exits tend
to bit-rot the contents of SR backup data, and if that hits the EFS
templates as well, that could cause quite a crisis.



I'd seldom rename away SVI from outside the OS, unless I had doubts
about detecting everything and reason to suspect active use from (or
use of) the SVI material. It's hard to get into SVI (say, to drop a
file there) unless SR sweeps you along, but malware may make the
effort because it's also so hard for av to scan and manage SVI.
Click to expand...

Most antivirus apps will find infections within the SVI folder, but
AFAIK none can clean them.
Are you on NTFS, and doing this from XP?
Yes.

I ask, because in my experience I don't get straight answers under
those circumstances;
instead, XP tells me there's "nothing there", and I can't navigate in,
delete, copy off to another volume, etc.
Click to expand...

FWIW, I have disk usage set to 1319mb's in SR. Properties of the SVI
show 1.79GB's.
There's none of that if the SVI is on a FATxx volume, tho.



I think Disk Cleanup is quite conservative (which is why it's safe-ish
to use). For example, when it cleans Temp, it leaves "recent"
material in place, and may not clear the various Temp locations other
than the one for the current user account.

That makes Disk Cleanup a lot less useful for post-process cleanup,
e.g. to clear out Temp straight after installing sware etc. because at
that time, the material you are trying to get rid of is still "recent"
Click to expand...

I personally don't use Disk Cleanup. I prefer manual cleanup.
On FATxx, you can usually delete the whole SVI as long as SR is not
enabled on that volume. But on NTFS, you can't delete SVI even if
it's disabled altogether - it's a permissions thing, I guess, unless
it's a hardcoded OS behavior.
Click to expand...

The contents of the SVI folder (NTFS) can be deleted by taking ownership
and disabling the System Restore service.
So if you pass an NTFS HD around between XP PCs, you should have the
opportunity to see an SVI with multiple installation's subtrees.
You'd prolly have to be in orbit (Bart PE CDR boot) to see it, tho.
Click to expand...

Ok.
 
Back
Top