Does Anti Malware and Online Armor Premium block System Restore ?

[gugarci 0]

The reason i'm asking is on my Win 7 Pro x64 laptop system restore will not restore my PC to a previous state unless I do it from safe mode.

I've read on line that this issue could be cause my security programs blocking this process. The only security programs I have running on this laptop

in real time are EAM, OA Premium and Windows Defender.

Is there anything in particular I could look for in the logs? I looked at the logs briefly of both and have not found anything being blocked at the time I

was trying to use System Restore.

I also have EAM & OA Premium installed in 2 other PC but I have not tried to use sytem restore on these PC's and I will hold off trying it on these PC's because trying to use System Restore multiple times on my laptop made my laptop unstable and I had to restore my laptop with Macrium.

Anyway i'm just trying to figure out who or what is preventing System Restore from working unless I start it from safe mode.

Thanks.

[hackerman1 6]

that sounds most unlikely.

i´ve been using EAM & OA together for years, and i have never had any problems with a system restore.

but there is an easy way to find out, disable EAM & OA and then do a system restore....

[gugarci 0]

Thanks for the response. It's obvious from looking at the amount of people who looked at this thread that no one has experienced an issue with any Emsisoft

product preventing system restore from working. I'm going to try it again with them off and report back to this thread.

The reason I'm looking at security products first as the culprit is because they are the most likely to prevent this behavior.

Thanks.

[GT500 660]

There's any easy way to find out if Emsisoft Anti-Malware is causing this issue.

1. Right-click on the Emsisoft Anti-Malware icon in the System Tray / Notification Area (down by the clock).
   
2. Select Shut down Guard (you will be asked to verify by typing in the code displayed in the CAPTCHA image).
   
3. Hold down the key on your keyboard that has the Windows logo on it (usually in between the Ctrl and Alt keys) and tap the R key to open the Run dialog.
   
4. Type in services.msc and click OK.
   
5. Find the Emsisoft Anti-Malware service in the list (should be alphabetical) and click on it to select it.
   
6. Click the Stop link in the area to the left of the list.
   

This will completely disable Emsisoft Anti-Malware, allowing you to test and see if our service is what is causing the problem.

[gugarci 0]

Thanks for the response. I'm going to play with it again this week and report back.

[gugarci 0]

Just tried it and one of my Emsisoft products is the cause. I disabled both EAM and OA Premium from the configurations settings and I was able to use System Restore

successfully without having to boot into safe mode first.

[gugarci 0]

Also just before I tried successfully with the Emsisoft software disabled I tried it again with both EAM & OA Premium running and the System Restore failed to work.

[gugarci 0]

Trying it one more time. here's what I did.

1. I shut off EAM & OA Premium from auto start-up from within their configuration settings.

2. Restarted PC and neither EAM or OA Premium started with windows automatically. Not showing in system tray.

3. Manually made a restore point.

4. Asked System Restore to restore my PC to the restore point I made in step 3.

5. System Restore shut down my PC and restore my PC to the restore point I made manually in step 3.

I have to assume one or the other is causing System Restore not too work. Which one is the culprit I don't know. If I have more time to play I'll try it again

with one off at the time only. Also before I attempted diagnosing this issue today I updated OA Premium to the latest version released via the auto update.

Thanks.

[GT500 660]

Can you please try allowing Online Armor to run normally, and disable Emsisoft Anti-Malware and let me know whether or not the System Restore works with OA running and EAM disabled?

Also, if you could disable Online Armor and leave Emsisoft Anti-Malware running normally and also let me know if the System Restore works when OA is disabled and EAM is running then that would be helpful in figuring out what is going on as well.

[scottls1 4]

The only security programs I have running on this laptop

in real time are EAM, OA Premium and Windows Defender.

Windows Defender played havoc with my computers..., and is virtually worthless!-

It never finds/stops anything, and Really slows/stops some processes!

Just disabling WD does Not stop it from still monitoring/slowing most Everything, while running in the background!

To "completely" disable WD, you Must disable All of it's processes (Windows All)-

You have to temp enable WD, & open All left Menu Options. Now un-tick Every option on the right...

Some options have to be disabled from bottom up..., to get the grayed checks. Also scroll down, as some are off the page.

Open services.msc (in the Start Search box...), and be sure that WD is Disabled.

Reboot

You will be Amazed at how much faster, and less problematic your your system is!

[gugarci 0]

Thanks for your response. I will try it with WD off and EAM & OA premium on and see if it works.

However I found the culprit.

With EAM running and OA Premium turned off system restore was able to restore my PC to a restore point I created this morning.

With EAM turned off and OA Premium running system restore failed to restore my PC to the restore point I created this morning.

OA Premium is the culprit. It must be blocking something. I'm going to try this first. I will switch OA premium to learning mode, make a new restore point,

and see if it works. I'll post back shortly.

Thanks.

[gugarci 0]

Just tried it with OA Premium in learning mode. I switch OA premium to learning mode and restarted the laptop. I then attempted to restore my PC.

Unfortunately system restore failed to restore my PC to a new restore point I created for this test. OA premium is definitely blocking something that

even in learning mode it will not unblock.

[GT500 660]

OK, we'll probably need some logs to see what the problem is. Open Online Armor, go to Options in the menu on the left, click the little check box to enable debug mode (just above the Run Safety Check Wizard, restart your computer, and then try the System Restore. After that, please ZIP your entire logs folder (normally C:\Program Files\Online Armor\Logs), upload it to RapidShare, and then copy and paste the link to download the file into a reply (or you can send it to me in a Private Message if you don't want the link posted publicly on the forums). Note that, if you don't have a utility such as 7-Zip, WinZip, or WinRar that you can ZIP files and folders by right-clicking on them, going to Send To, and clicking on Compressed (zipped) Folder.

[gugarci 0]

Ok I just PM you the link to RapidShare.

Also see link below for error message I get while using System Restore with online Armor turned on.

http://www.flickr.com/photos/[email protected]/7163763899/in/photostream

[GT500 660]

If you open Online Armor, and go to Programs in the menu on the left, does it show any processes in the list as being untrusted?

[gugarci 0]

I'll look at it tomorrow and post back.

[gugarci 0]

Sorry i have not responded sooner. Under programs I only have a couple of things marked untrusted. Some were old Adobe files which I removed from the firewall program menu. Right now I'm showing 4 items and they look like temp files. Also I found a MS dll file that was being blocked. The file was wbemprox.dll. The firewall was set to ask but according to my it was being blocked. I changed it to allow but it made no difference.

I'm posting some screenshots in my Flickr account. I will add the links as soon as I'm done with the screenshots.

http://www.flickr.co.../in/photostream

http://www.flickr.co.../in/photostream

http://www.flickr.co.../in/photostream

Thanks.

[GT500 660]

I'm going to need some more information to figure out what is causing this. Please follow the instructions below to post a DDS log:

1. Download DDS from this link, and be sure to save it on your desktop.
   
2. Disable all script blocking protection, anti-virus software, firewall/HIPS, or anti-spyware software before running it.
   
3. Double click the dds icon you saved on your desktop to run the tool.
   
4. A black window will appear that explains what DDS does and which will show you the progress near the bottom.
   
5. When done, a window will pop up explaining that two logs will open in Notepad after you click OK. Go ahead and click the OK button to continue.
   
6. Ignoring the instructions that DDS gave you, please save both of these logs on your desktop as Text Documents.
   
7. Please attach both of those logs to a reply by using the More Reply Options button to the lower-right of where you type in your reply.
   

[gugarci 0]

Here you go.

Thanks.

[GT500 660]

OK, lets try this:

1. Click on the Start button, go to All Programs, go to Online Armor, and click on the Online Armor icon to open it.
   
2. Select Programs from the list on the left.
   
3. Right-click in the programs list and select Add from the menu.
   
4. Add the file C:\Windows\system32\vssvc.exe to the list (it should be automatically trusted).
   
5. Please close Online Armor and restart your computer.
   

After that, try the System Restore again, and let me know if that helped.

[gugarci 0]

The file vssvc.exe was already in my program list as trusted.

[GT500 660]

Online Armor shouldn't interfere with the System Restore if the Volume Shadow Copy Service is trusted. According to the DDS log, the only security software you have installed is Emsisoft Anti-Malware and Online Armor. Is that correct? Please forgive me if that has been asked before, as I just want to verify that that is the case.

[gugarci 0]

Windows Defender is also installed on this PC.

[gugarci 0]

Well it's obvious to me now that whatever is causing Online Armor Premium to prevent System Restore from working properly in my PC must be something

unique to my PC. If I need to use System Restore to work in this laptop all I need to do is shut down Online Armor and I can initianize System Restore succesfully.

Don't even need to reboot, just need to wait for Online Armor to exit. Anyway thanks for the replies but I'm moving on from this topic.

[GT500 660]

You're welcome. I'm glad to know that you are able to use the System Restore at least, and I apologize for the inconvenience of needing to shut down Online Armor to use it.

[gugarci 0]

Don't worry about it. It's not that big of a deal since it doesn't require me to restart my PC before I can initialized System Restore.

It's an easy work around.