Endpoint Protection

 View Only

  • 1.  Symantec Emergency Repair CD

    Posted Jun 09, 2010 08:24 AM
    KUDOS!
    The SEP bootable CD for repair/scanning, etc. is great. I created the CD for a co-worker here, computer had the old pop-up fake av stuff and nothing was finding, multiple attempts at finding and cleaning were made.
    I got this idea and suggested that he try the repair CD.
    Booted the computer, it updated the defs, scanned, found not only that bugger but a couple of others, cleaned the computer and life is good.
    Makes sense since you are booting into a totally and fully clean uninfected environment so the bug can't be sitting in memory waiting for you to find and delete parts of it, only so it can recreate or reinstall itself.
    A clean boot CD is often the answer, geesh, that goes back to about 1987  as far as booting from a known clean disk to do analysis and repairs. What was old is new again, and proves that sometimes old proven methods are still best.
    Thanks for giving us the option of a clean bootable CD that will grab current updates and scan from a clean environment.


  • 2.  RE: Symantec Emergency Repair CD

    Posted Jun 09, 2010 10:45 AM
    Thanks to the ideas portion of the forum for that addition!!!


  • 3.  RE: Symantec Emergency Repair CD

    Posted Jun 09, 2010 12:07 PM
    Great tool. Just add proxy support so I can auto download the latest defs instead of loading it each time on a usb stick! :)


  • 4.  RE: Symantec Emergency Repair CD

    Posted Jun 09, 2010 09:53 PM
    Has anyone figured out a way to use this if you have a drive encrypted with bitlocker or Guardian Edge Hard Disk?  There has been a couple of times I needed this but couldn't use due to the encryption on the system.  I have used a couple of times on machines without encryption and it worked just great.


  • 5.  RE: Symantec Emergency Repair CD

    Posted Jun 10, 2010 10:13 AM
    We use a well known encryption product and I was able to get it to work by modifying the WIM image and adding our encryption filter drivers. I haven't worked with Bit Locker or Guardian Edge. I'll see if I can get some time to look at Bit Locker.


  • 6.  RE: Symantec Emergency Repair CD

    Posted Jun 10, 2010 10:18 AM
    What is WIM?

    We use SecureDoc encryption. We hate it and figure we'll move to BitLocker since it's basically part of W7 and managable via SCCM and GPOs.
    But agreed, what do you do to work on a computer that has encryption, esp securedoc or others?


  • 7.  RE: Symantec Emergency Repair CD

    Posted Jun 10, 2010 10:53 AM
    When you extract the ISO you will find a WIM file (Windows Image Format). You can download Windows AIK so you can mount the WIM and edit it using imagex. Once you add the needed files/drivers then you can unmount and save the edited WIM. The you can need to make it an ISO again.

    There are the steps I used to convert WIM to ISO

    Download the Windows Automated Installation kit from microsoft.com/downloads/. While the file downloads, ensure that the WIM file from which you wish to make an ISO is located in the root c:/ directory. (Name it discovery.wim for ease of use.) When the Windows Automated Installation has downloaded, follow the prompts to install the software.
    Step 2
    Open the Deployment Tools Command Prompt. Open the Start Menu in Microsoft Windows and click "All Programs" then "Microsoft Windows AIK". The Command Prompt is in this folder.
    Step 3
    Open a Windows Preinstallation Environment and copy the WIM file into it; do so by typing "CopyPE <architecture> C:\Winpe" to create the environment, then "Copy /y c:\discover.wim c:\Winpe\ISO\Sources" to copy the file into the environment.
    Step 4
    Navigate back into the PETools folder by typing "Cd C:\Program Files\Windows AIK\Tools\PETools".
    Step5
    Type "Oscdimg -n -bc:\winpe\ISO\boot\etfsboot.com c:\winpe\ISO c:\<imagename>.iso" to create an ISO image from the contents of the Preinstallation Environment (your WIM file).
    Alternatively, if the WIM image to be converted to ISO is larger than a standard CD (700 MB), type "Oscdimg -m -bc:\winpe\ISO\boot\etfsboot.com c:\winpe\ISO c:\winpe.iso" at Step 4.
    Step 6
    Make a disc from your ISO image using a utility that can burn CD or DVD media.