To stay updated on your favorite discussions, please create an account or log in. Then, click the Bookmark icon to subscribe and receive notifications.

Restore Point unexpected...

Vincent
Vincent Posts: 3 Security Scout

Hi,

 

We pushed FSCS 10.00 on some computers from FSPMS and I do not know why but some of them have automatically made a restore point to an earlier date.

I need to know if anyone has suffered this problem?
I would also need to know if I can find more informations in logfiles on computers other than the Windows event log? If yes, which logfiles?

 

Best regards,

 

Vincent

Comments

  • Vad
    Vad Posts: 1,069 Cybercrime Crusader

    Hello Vincent,

     

    The information about restore points created during F-Secure product setup is available in c:\windows\fssetup.log.

    Could you, please, share this log from one of affected computers.

     

    Thanks in advance,

    Vad

  • Vincent
    Vincent Posts: 3 Security Scout

    Hello Vad,

     

    I put the logfile in attachment... FYI, the installation was completed on February 25.

     

    My logfile is here. I hope yopu will be able to read it.

     

    best regards,

     

    Vincent

  • Vad
    Vad Posts: 1,069 Cybercrime Crusader

    We disabled creating Windows Restore point by CS product installer in version 10.00.

    And I can see this from the log of CS 10.00 installation:

     

    1    13/02/25 13:10:09    { StartSystemRestore()
    2    13/02/25 13:10:09       Creating System Restore Point is disabled in INI file
    1    13/02/25 13:10:09    } StartSystemRestore()
    ...

    1    13/02/25 13:11:21       { EndSystemRestore()
    2    13/02/25 13:11:21          System restore is not started.
    1    13/02/25 13:11:21       } EndSystemRestore()

    So, according to the log, Restore point wasn't created by F-Secure CS 10.00 product installer.

     

    The only Restore point created by installer of CS 9.32 was done 14.08.2012:

    1    12/08/14 08:46:08    { StartSystemRestore()
    1    12/08/14 08:46:08       { CallSRSetRestorePoint(100,0)
    1    12/08/14 08:46:08          restorePointInfo.szDescription = [F-Secure Client Security 9.32 build 112 Installation]
    1    12/08/14 08:46:22          SRSetRestorePoint succeed.
    1    12/08/14 08:46:22          Assigned sequence number is [43]
    1    12/08/14 08:46:22       } CallSRSetRestorePoint(100,0)
    1    12/08/14 08:46:22    } StartSystemRestore()

    What is the name of your unexpected restore point? As you can notice, we give them names like "F-Secure Client Security x.x build x Installation"

     

    Best regards,

    Vad

  • Vincent
    Vincent Posts: 3 Security Scout

    Hi,

     

    There is a misunderstanding I think...
    After installing F-Secure, the user restarts his computer. This was then automatically restored to an old restore point.

    So I'm not talking about the creation of a restore point but about an automatic rollback of the computer.

     

    It's very strange and honestly I'm not sure F-secure has done this action but I have to investigate because the user told me he has done nothing wrong.

     

    best regards,

     

    Vincent.

     

  • Gary
    Gary Posts: 18 Digital Defender

    Hi Vincent,

     

    Have you check if the F-Secure installation went through successfully before the reboot? What if the user reinstall the F-Secure software after the system restore, will there be any similar problem happened after that? Additionally, was there anything in common between those machines that had a system restore after the F-Secure installation? (eg: OS, other vendors of Anti-Virus products installed, etc)

     

    Best regards,

    Gary


     

This discussion has been closed.

Categories