DeepFreeze Standard - Real-Time AntiVirus issue

[exchange keys]

I bought a couple of copies of DeepFreeze Standard to keep a standard image on a few public terminals at my office. It's great so far, but unfortunately, I can't keep an updated Symantec Anti-Virus virus definition list.

In order for me to keep it updated, I have to "thaw" out the DeepFreeze'd partition, and update it, then "freeze" again with that day's updated list.

Kind of annoying.

I thought if I could partition the hard drive, and just freeze one of the partition, that would work. However, it seems that the virus definition list changes a registry key that flags SAV to inform it is "up to date." Unfortunately, after a reboot, the registry key gets turned back and the virus definition list needs to be updated again, growing bigger and bigger at start up.

I figured, maybe, I could just use a secondary Anti-Virus scanner (portableapps.com > ClamAV) to run on the machine, which should work. However, the portable version of ClamAV for Windows isn't a real-time av scanner, so someone has to manually run the scan to detect viruses and what not.

Maybe someone else has encountered a problem like this? Any suggestions would be helpful. Thank you.

 

[Dan_D]

I've had this problem before. The way I solved it was to schedule AV and Windows updates during a maintenence window I set in Deep Freeze. So at 4AM the system would thaw itself, perform maintenence tasks including any reboots needed, then refreeze itself at 6:30AM. I was using the Enterprise version of the Deep Freeze though. I don't know if this can be done in the standard version or not. I've never used it.

 

[exchange keys]

Yeah, I don't think I have that option in the Standard Edition of DeepFreeze. Sucks, lol.

I guess if I can find a way to make a real-time "portable" anti virus scanner, that should work until I update SAV.

 

[Dan_D]

Yeah, I don't think I have that option in the Standard Edition of DeepFreeze. Sucks, lol.

I guess if I can find a way to make a real-time "portable" anti virus scanner, that should work until I update SAV.

What you'll probably need to do is configure a new deployment of Deep Freeze and see if you can set a maintenence schedule. You can't do that once the client is installed. So you'll have to create a new deployment, remove the old one, and install the new one before you can do what you want to do. I believe the Standard Edition can do this. I seem to recall working with it prior to getting the Enterprise version.

 

[exchange keys]

I'll give it a shot. I didn't try to uninstall the client and reinstall it. I'll keep you informed.

 

[Dan_D]

I'll give it a shot. I didn't try to uninstall the client and reinstall it. I'll keep you informed.

Well you have to create a new client installation with their configuration wizard thing. Its been awhile since I used it, but it isn't as if it was a normal application that you can just install, configure, and then uninstall.

 

[exchange keys]

No, sorry. DeepFreeze Standard Edition only gives me a setup client which allows me to install/uninstall. The "wizard" it gives me only detects logical partitions in the existing hard drive, and gives me the option to freeze the partition(s). Oh, and it gives me a EULA. That's about it.

Sucks.

 

[Dan_D]

No, sorry. DeepFreeze Standard Edition only gives me a setup client which allows me to install/uninstall. The "wizard" it gives me only detects logical partitions in the existing hard drive, and gives me the option to freeze the partition(s). Oh, and it gives me a EULA. That's about it.

Sucks.

You don't conifgure the client options and create a deployment?

 

[exchange keys]

You don't conifgure the client options and create a deployment?

Sorry, man. I guess I'm not following you. I only have 3 licenses for DeepFreeze Standard. I just saved the setup.exe file on my FTP server, then run it from the computer I want to freeze. I physically sit at the machine I want to freeze, so I'm not pushing out any silent install over network (GPO push and what not).

I just have a workgroup, so it isn't on a domain.

 

[MrGuvernment]

i dont think standard has the maintance option for it is what exchange is saying.

nothing under the deep freeze options once it is already installed?

 

[exchange keys]

i dont think standard has the maintance option for it is what exchange is saying.

nothing under the deep freeze options once it is already installed?

No, unfortunately. I e-mailed Faronics (the DeepFreeze vendor) for information, but no response yet. I guess I'll wait for more information on this.

In the meantime, I am going to see if there is an on-access, real-time protection, "portable," anti-virus scanner.

 

[Dan_D]

i dont think standard has the maintance option for it is what exchange is saying.

nothing under the deep freeze options once it is already installed?

Once it is installed there won't be. Not in the standard version. I just remember having to setup and create a Deep Freeze Client Installation in order to set most of the options. You can just throw on the unconfigured client installation that comes with the software, but there should be a Deep Freeze admin or something that allows you to create a custom deployment which gives you more options. They are also options that can't be changed without creating a new deployment and removing the old one.

 

[CableDude]

Deep Freeze standard does not have "schedule thaw maintenance periods"

I spent an hour today redoing my deep freeze (enterprise) configurations today.

Since you only have three computers to worry about, have you looked into Windows steady state?

 

[Dan_D]

Deep Freeze standard does not have "schedule thaw maintenance periods"

I spent an hour today redoing my deep freeze (enterprise) configurations today.

Since you only have three computers to worry about, have you looked into Windows steady state?

Ok, I couldn't remember if the standard version could do that or not. I spent more time working with the enterprise version of it than anything.

 

[REDYOUCH]

I don't understand why you need to have antivirus on it. Just reboot it everyday and you should be fine...

 

[Lightworker]

Does the standard version allow you to have "Thawspace" partitions? I've successfully used those with AV software before on the Enterprise version and just locked down access to the volume.

 

[exchange keys]

I don't understand why you need to have antivirus on it. Just reboot it everyday and you should be fine...

It's nice to have an on-access anti-virus scanner that tells you if you have an infected file so it can automatically quarantine it. Since we're in a work group (peer to peer network), propagating a virus in here would suck ass. The cool thing is that, yes, if there is a virus that SAV can't clean out, I can just reboot it. As long as it isn't like a 4th generation type of rootkit, I think it will do.

Does the standard version allow you to have "Thawspace" partitions? I've successfully used those with AV software before on the Enterprise version and just locked down access to the volume.

I don't believe the standard edition does. I remember my school used to have a thawspace, but that was on the enterprise edition. I think, however, you can create separate logical partition, and the setup.exe client lets you "check" which partitions to freeze.

 

[Lightworker]

That could work as well, as long as you have a way to prevent users from "seeing" the AV partition. If you aren't running GP, I think there's some registry hacks that can take care of this, alongside NTFS permissions.