Jump to content

Improved default exclusions for Bare Metal Recovery


MrWrighty

Recommended Posts

Having just started doing bare metal recovery using BackupAssist and in particular a Hyper-V and Hyper-V host there are a number of additional exclusion required to allow the backup to complete.

Eset have a KB about the additional exclusions but wondering why they cannot be included as part of the standard list of Exclusions for Server file security.

Link to comment
Share on other sites

BackupAssist has an article on this here: https://www.backupassist.com/support/en/knowledgebase/BA2513-Unable-to-backup-volume.html .

The problem is the exclusions have to be made for the referenced files on the drive being used for the backup. Eset has no way of determining what drive is being used for backup purposes.

Link to comment
Share on other sites

But bdedit will identify the volumes or as per the BackupAssist article above, the registry hivelist. Surely this can be checked on install and the exclusions added. 

This article explains how to check the volume number so what’s the difference for an automated exclusion list.

https://support.eset.com/en/kb6121-windows-backup-failing-error-message

Link to comment
Share on other sites

  • Administrators

Automatic exclusions are those recommended by Microsoft. They are hardcoded in the program and paths are read from the registry. As far as I know, we do not currently plan to support automatic exclusions for non-MS products.

Link to comment
Share on other sites

10 hours ago, Marcos said:

Automatic exclusions are those recommended by Microsoft. They are hardcoded in the program and paths are read from the registry. As far as I know, we do not currently plan to support automatic exclusions for non-MS products.

The issue is not about automatic exclusions for Microsoft products or not. I am currently helping another Eset user in another thread on the same issue in regards to Win 7 backup utility.

First it should be noted that the Eset KB article specifically notes the issue manifests when a backup is attempted to an external drive. Also and obviously, one should not be creating exclusions for Eset's real-time scanning of files that reside in the UEFI partition itself. The locking issue appears to be related to the named file exclusions that presently reside on the backup drive. Why this happens I have no clue.

Edited by itman
Link to comment
Share on other sites

  • Administrators

@itman,I was referring to OP's question "Eset have a KB about the additional exclusions but wondering why they cannot be included as part of the standard list of Exclusions for Server file security". I'd better quote it next time ;)

Link to comment
Share on other sites

The Eset article refers specifically to Windows Backup failing and not a result of 3rd party applications.  If Windows Backup is installed then Eset should handle the exclusions. The role is only likely to be installed if it’s going to be used.

Link to comment
Share on other sites

I have a pretty good idea of what is going on in regards to the file exclusions noted. These files contain sensitive device data. Eset is putting a lock on the files to prevent them from being copied to anything externally. I am sure if an attempt was made to copy them to cloud backup media, the same blocking would occur. It should be noted that there is no issue with the Win 7 backup in image backup mode to a locally attached hard drive.

Now one could argue that if an external drive is permanently attached which BTW is a no-no security-wise, Eset should auto allow these files to be backup. The problem is that Eset has no way of knowing if any external media use is legit in regards to these file exclusions.

BTW - the Eset KB article assumes the Win 7 Backup is running in file backup mode. Most backup utilities including the Win 7 backup in image backup mode will create a separate folder/directory on the backup drive and store EFI\* data within this created directory. Therefore the exclusions must be prefixed with this backup utility created directory. For example, the Win 7 backup exclusions for image backup mode are:

E:\WindowsImageBackup\EFI\Microsoft\Boot\BCD

E:\WindowsImageBackup\EFI\Microsoft\Boot\BCD.LOG

E:\WindowsImageBackup\EFI\Microsoft\Boot\bootmgfw.efi

E:\WindowsImageBackup\%WINDIR%\system32\winload.efi

Assuming E: is the assigned drive letter of the external media.

Finally, Eset is not alone in requiring these EFI file exclusions. Avast, AVG, TrendMicro and I assume other AV solutions require these file exclusions: https://www.winhelponline.com/blog/windows-backup-failed-exclusive-lock-efi-partition-avast/ . Also as this article notes, it is not just AV solutions that can conflict with these UEFI based files.

Edited by itman
Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...