Windows 8.1 system restore fails with ESS7&8

[Reldel 2]

For six months I have been running ESS7, ESS8 beta and ESS 8 on three different Windows 8.1 X64 machines.  During that period I have several occasions to use system restore on those machines.  In each instance system restore would appear to run successfully but after rebooting and running, an error message appeared indicating that system restore failed because it could not read a file.  The message would indicate that the likely cause was the file was blocked by the antivirus installed.  The message said to stop the antivirus and retry system restore. 

 

I would stop ESS and rerun system restore.  The result each time was system restore would fail again with the same messages appearing.

 

After seeing these failures, I would uninstall ESS, retry system restore and it would run successfully. 

 

It appears that all three of the above listed ESS versions do something that blocks system restore from running.

 

I have presently uninstalled ESS from all machines and reverted to Windows Defender.  There are now no system restore issues.

 

Anyone else seen this conflict between ESS and system restore on Windows 8.1 64bit?

[reyl sam 0]

RELDEL,

    Try doing system restore in booting to REPAIR MY COMPUTER hitting f8 during boot,,and  it will help solve your problem ,,,In my pc i always do system restore in  repair my computer

Edited October 3, 2014 by reyl sam

[shocked 60]

i report the same issue with the latest 7.0.317.4 I can't do a system restore because a file couldn't be read.
clearly a bug in smart security

[Arakasi 549]

Av's usually always need to be disabled because some times self defense mechanisms and hips will prevent the alteration of crucial system files that gets done during a restore commonly.

Edited October 3, 2014 by Arakasi

[shocked 60]

this wasn't a problem with earlier versions of SS. even disabling it didn't do anything.

[Arakasi 549]

It really depends on what the system restore is reverting.

Its not the same all the time.

 

Its a common practice to disable security software for functions like system restores etc.

[Reldel 2]

From my experience, ESS7 and ESS8 both block system restore from completing.  IF you disable ESS, it automatically gets re-enabled when the re-boot that is part of system restore occurs.  This re-enabling is what blocks the file that causes system restore to fail.  What I have seen is that both ESS7 and 8 must be uninstalled for system restore to complete successfully in Windows 8.1 and 8.1.1.

 

To me this is a bug that should be corrected by ESET, you should not have to uninstall antivirus for a system function to complete. 

[Peter Randziak 1,130]

Hello,

 

are you able to reproduce the issue on demand?

 

If yes please perform this test:

1. Disable HIPS

2. Reboot the machine

3. Perform system restore - does it work? If yes please do following:

4. Enable HIPS and reboot the machine

5. In advanced settings, select log all blocked operations in HIPS menu

6. Clear the HIPS log

7. Perform system restore

8. In case it fails please send us HIPS log for analysis.

 

Thank you.

[shocked 60]

@peter randziak
I will do it because since ESS 8 system restore fails to me also.

[shocked 60]

my system is windows 8.1 32bit. 3gb ram fully updated

hips log.xml

[Marcos 5,074]

Does the problem occur with Self-defense disabled and HIPS enabled? If not, does disabling HIPS completely make a difference? (A computer restart will be needed for changes in these settings to take effect.)

[shocked 60]

sorry I forgot to mention my findings.

system restore is unable to complete with HIPS enabled. (the xml file is from when they were enabled)

disabling hips allows the system to restore successfully.

[rugk 397]

disabling hips allows the system to restore successfully.

So if HIPS is completely disabled it works?

And what about the other case Marcos asked:

Does the problem occur with Self-defense disabled and HIPS enabled?

[shocked 60]

I didn't try with self-defence disabled and hips enabled.

I had to format the pc due to the restore process gone badly wrong. I won't play again with it.

Edited January 4, 2015 by pavilion_alex

[rugk 397]

Oh sorry for this, but I assume ESET has nothing to the failure of this restore process...

Or do you don't think so?

[shocked 60]

of course not, eset has nothing to do with the reason I formatted my pc.

i restored the pc back and forth two times and this may have damaged some critical system files, even "startup repair" couldn't fix it.

 

let's return to the topic. i'm pretty sure that HIPS (and maybe self-defence) are locking files and that causes the restore to fail at the beginning.

that's why disabling HIPS allowed it to complete.

[shocked 60]

@Marcos any news on the subject?

[SCR 195]

Last night I had to restore my system in safe mode due to the aforesaid issues. Had I been aware this thread before hand I may have tried a few things mentioned. However I had enough going on to cause the restore in the first place that I would have been a little reluctant to add to my woes by experimenting. Plus experimenting was exactly why I needed to restore. No harm no foul I have gotten in to the habit of creating restore points and in some cases create full images before I break things. Just another lesson learned the hard way.

 

The problem with restoring from safe mode, at least in Windows 7, is that it can't be undone as it can when the restore is not using safe mode.

[rugk 397]

The problem with restoring from safe mode, at least in Windows 7, is that it can't be undone as it can when the restore is not using safe mode.

 

Yes it's this way in Windows. But what has this to do with ESET?

And was the system restoring successfully?

[SCR 195]

 

The problem with restoring from safe mode, at least in Windows 7, is that it can't be undone as it can when the restore is not using safe mode.

 

Yes it's this way in Windows. But what has this to do with ESET?

And was the system restoring successfully?

 

Nothing, just a comment as to the draw back of doing it this way because of the Eset block on on the regular method of restore..

 

Yes it was.

[JavierSeguraNA 36]

Hello,

 

Just wanted to let you all know that our developers are aware of this issue and similar issues. I have updated them using this thread as scenario. I don't have any ETA but I can tell you that issues effecting the UX of our customers is top priority.

Thank you!

[shocked 60]

have they concluded what might be the issue behind the failing restore process?

[SCR 195]

Hello,

 

Just wanted to let you all know that our developers are aware of this issue and similar issues. I have updated them using this thread as scenario. I don't have any ETA but I can tell you that issues effecting the UX of our customers is top priority.

Thank you!

Thanks for the information

[JavierSeguraNA 36]

From what we can tell in the support center, it may be the technology that prevents malicious software from corrupting or disabling protection, as implied earlier on in this thread. When you think  about it, it is something we need to handle very carefully. I'll reply when I have more information, thank you for the feedback and patience!

[rugk 397]

Okay, so it's the self-protection-system (a part of HIPS) of ESS.

That's not very surprising, but if there is an issue and it can be fixed then that's great of course.

 

However it's always not a bad idea to disable the self protection (or HIPS generally) before restoring the system, because there can be many issues and this way you can work around them.

Generally this happens to nearly all AVs - but this of course doesn't mean that you get issues in every case when you don't do this. It's just a precaution.

Edited February 17, 2015 by rugk