Select the product you need help with
- Internet Explorer
- Windows Phone
- More products
How antivirus software and System Restore work together
Article ID: 831829 - View products that this article applies to.
This step-by-step article describes how System Restore in Microsoft Windows XP interacts with your virus scanning software. This article also describes how to remove infected files that you cannot clean from the System Restore data archive. As a result, you can continue to restore your computer to uncompromised restore points. This article also describes how you can revert to a previous infected restore point. This procedure is useful if you must restore an infected file.
To help protect critical computer and program files, System Restore monitors, records, and in some cases copies these files before they are modified. For example, when a procedure or a program (such as an upgrade, an inadvertent user change, a driver installation, or a virus) modifies a critical computer file or program file, System Restore records and saves a copy of the file before the change occurs. If a problem occurs, a restore operation can replace files with previously saved versions of those files. Antivirus programs use auto-detection or scanning mechanisms to monitor critical and personal files on the computer for signs of infection. The antivirus program then takes action to clean, remove, or quarantine (isolate) files that known viruses have infected. System Restore also tracks an antivirus program when it modifies (cleans), moves, or deletes a monitored, critical, computer or program file.
During a restoration, an active antivirus program scans for infected files. If the antivirus program detects any infected files, the antivirus program tries to modify, move, or delete the infected files. If the antivirus program successfully cleans the infected files, System Restore restores the cleaned files. However, if the antivirus software cannot clean a file, the antivirus software deletes or quarantines the file. As a result, the restoration does not work because these actions to the file cause an inconsistent restoration state. As a result, System Restore reverts to the state immediately before the restoration.
Signature files for antivirus programs are updated as viruses become known. As a result, a restoration that did not work several days ago might succeed after the antivirus program is updated. However, if you undo and retry a restoration to a point that succeeded before, the restoration may not work if a new signature or definition detects a virus that the antivirus program cannot clean on a backed-up file.
For more information about how to create and name your own restore points, see the System Restore document on the following TechNet Web page:
http://technet.microsoft.com/en-us/library/bb490854.aspxFor additional information about how your antivirus software interacts with System Restore in Microsoft Windows Millennium Edition, click the following article number to view the article in the Microsoft Knowledge Base:
(http://support.microsoft.com/kb/263455/ )Antivirus Tools Cannot Clean Infected Files in the _Restore Folder