G
Grijsbaard
Since I downloaded a new Rosetta Stone course onto one of my systems, Norton Ghost 15 fails backing up my documents. When it fails, Ghost logs an error to the Windows application log
Error EC8F1C50: Cannot create file backup for job: My Documents Backup.
Error E7D1001D: Unable to open '//./SymantecSnapshot0/Users/Ed/Documents/Rosetta Stone/data/ae/1/ae138e0a5dcdb6e4035164eb9b68c59785ff3d16'.
Error EBAB03F1: Access is denied.
Error E7D10049: Device SymantecSnapshot0 appears to be offline, disconnected, or otherwise unavailable.
Error E4BC0004: Unable to backup file C:/Users/Ed/Documents/Rosetta Stone/data/ae/1/ae138e0a5dcdb6e4035164eb9b68c59785ff3d16. (UMI:V-281-3215-7248)
Details:
Source: Norton Ghost
Almost simultaneously, Security Essentials reports an alert for "Exploit:Win32/APSB08-11.gen!A" and the indication is that the file has been quarantined. However, the full message shows:
The following error occurred:
Error code 0x80508023. The program could not find the malware and other potentially unwanted software on this computer.
Category:
Exploit
Description:
This program is dangerous and exploits the computer on which it is run.
Recommended action:
Remove this software immediately.
Items:
file:\Device\SymantecSnapshot\Volume0\Users\Ed\Documents\Rosetta Stone\data\ae\1\ae138e0a5dcdb6e4035164eb9b68c59785ff3d16->(SWC)
Get more information about this item online.
I have excluded the Rosetta Stone data file that's on the disk at Users\Ed\Documents\Rosetta Stone, but that has not helped. I believe that what's happening is that when Norton is performing the backup, it creates some sort of virtual device to build a snapshot of the drive (SymantecSnapshot\Volume0), and it is possibly doing its compression routine before writing to this virtual device. This compressed image has the bit pattern corresponding to the signature of Win32/APSB08-11.gen!A. Microsoft Essentials detects it and locks it in preparation for quarantining. Norton can no longer access its work file and fails, clearing the virtual device. Then ME can no longer find the file it's attempting to quarantine, throwing the 0x80508023 error.
I have tested running the Ghost backup with MSE real-time scanning disabled until the process has completed the Rosetta Stone directory and have confirmed that Ghost completes the backup successfully. However, the Ghost backup typically runs at scheduled times when I'm asleep, in order to avoid CPU or I/O contention when I’m on the system, so I'm not around to disable real-time scanning every time the backup runs. When Ghost is performing incremental backups, it doesn't encounter the problem because the Rosetta Stone data file is static. However, I will face this problem again every time it creates another recovery point. So I need a better solution than to remember to turn off real-time scanning and to disconnect from the Internet during the period while scanning is disabled before every scheduled full recovery-point backup.
So far, I haven't been able to figure out how to tell MSE to exclude this phantom file or to figure out how to prevent its triggering of quarantine processes. Anybody have any suggestions?
Continue reading...
Error EC8F1C50: Cannot create file backup for job: My Documents Backup.
Error E7D1001D: Unable to open '//./SymantecSnapshot0/Users/Ed/Documents/Rosetta Stone/data/ae/1/ae138e0a5dcdb6e4035164eb9b68c59785ff3d16'.
Error EBAB03F1: Access is denied.
Error E7D10049: Device SymantecSnapshot0 appears to be offline, disconnected, or otherwise unavailable.
Error E4BC0004: Unable to backup file C:/Users/Ed/Documents/Rosetta Stone/data/ae/1/ae138e0a5dcdb6e4035164eb9b68c59785ff3d16. (UMI:V-281-3215-7248)
Details:
Source: Norton Ghost
Almost simultaneously, Security Essentials reports an alert for "Exploit:Win32/APSB08-11.gen!A" and the indication is that the file has been quarantined. However, the full message shows:
The following error occurred:
Error code 0x80508023. The program could not find the malware and other potentially unwanted software on this computer.
Category:
Exploit
Description:
This program is dangerous and exploits the computer on which it is run.
Recommended action:
Remove this software immediately.
Items:
file:\Device\SymantecSnapshot\Volume0\Users\Ed\Documents\Rosetta Stone\data\ae\1\ae138e0a5dcdb6e4035164eb9b68c59785ff3d16->(SWC)
Get more information about this item online.
I have excluded the Rosetta Stone data file that's on the disk at Users\Ed\Documents\Rosetta Stone, but that has not helped. I believe that what's happening is that when Norton is performing the backup, it creates some sort of virtual device to build a snapshot of the drive (SymantecSnapshot\Volume0), and it is possibly doing its compression routine before writing to this virtual device. This compressed image has the bit pattern corresponding to the signature of Win32/APSB08-11.gen!A. Microsoft Essentials detects it and locks it in preparation for quarantining. Norton can no longer access its work file and fails, clearing the virtual device. Then ME can no longer find the file it's attempting to quarantine, throwing the 0x80508023 error.
I have tested running the Ghost backup with MSE real-time scanning disabled until the process has completed the Rosetta Stone directory and have confirmed that Ghost completes the backup successfully. However, the Ghost backup typically runs at scheduled times when I'm asleep, in order to avoid CPU or I/O contention when I’m on the system, so I'm not around to disable real-time scanning every time the backup runs. When Ghost is performing incremental backups, it doesn't encounter the problem because the Rosetta Stone data file is static. However, I will face this problem again every time it creates another recovery point. So I need a better solution than to remember to turn off real-time scanning and to disconnect from the Internet during the period while scanning is disabled before every scheduled full recovery-point backup.
So far, I haven't been able to figure out how to tell MSE to exclude this phantom file or to figure out how to prevent its triggering of quarantine processes. Anybody have any suggestions?
Continue reading...
