Clever use of Microsoft EWF to protect the system _ virus killing

First, preliminary preparation
1, installation
Download the EWF compression Pack and unzip it to a non-system partition, such as E:\EWF. Then double-click Setup.bat to install it, or enter the following command at the command prompt:

Quote:
E:

CD EWF

Setup.bat


The installation completion system will automatically reboot. (Figure 1)

2, Operation

After the system restarts, click "Start → run", enter "E:\ewf\TRUNON.bat" (also can double-click the file directly) to open EWF protection, and then the system will restart immediately, restart after the system can be used EWF protection. By default, the first partition is protected and, of course, it can be set to protect other partitions. (Figure 2)

3, view

EWF provides protection for the original system, and if your system is a compact version it may appear unprotected. To see if EWF is enabled, enter "Ewfmgr C:" At the command prompt, and you can see EWF using RAM, protection status to enable (turned on, if shown as disable is disabled, check for errors), protected partition is C disk, EWF all write operations are redirected to memory (Figure 3).

Tip: If you want to unprotect, enter "Ewfmgr C:-commitanddisable" In the Run dialog box to press ENTER to perform, and then reboot to turn off EWF protection. Ewfmgr also has a lot of parameters, you can enter "ewfmgr/?" View.

Second, the actual combat exercise

1, comprehensive protection system disk, completely reject virus attack

Ensure that your system is installed in C disk, and the browser is also installed in the C disk directory, then the above method to open EWF protection, we can rest assured that the Internet. If you accidentally visit a malicious Web page, and it is in the system, do not worry, restart the system after the system will return to the original, all of this is no longer exist. Because at this time the malicious Web page intrusion of your system, but is an illusion in memory, and will not be written to the hard disk.

This is very safe and convenient for the virus Trojan test, there will be no worries. Especially in some public computers, or family members of the computer level relatively low application of EWF protection, can be very good to ensure the security of the system. For example, we can carry out a test, start EWF protection, in C disk to create any new file, restart and then look, the new file is not gone. (Figure 4)

2, selectively save the write, taking into account special needs

Because the EWF default every access system protects the entire C disk, but sometimes we have to save some data to C disk. For example, for antivirus software, we will save the new virus database data after the upgrade. How can you write data to a EWF protected partition without canceling the protection? You can do this by doing the following:

First step: After entering the system, immediately network upgrade virus library. It is best not to perform other unrelated operations in order to ensure that the data being written is only updated virus library data.

Step two: After the virus library upgrade completes, click "Start → run", enter "E:\ewf\save.bat", the system restarts. The EWF will then write the upgraded virus library data to the C disk before the next entry into the system. Because no other action is performed, this saves only the virus library file.

Step three: After re-enter the system, the first partition continues to be protected. If you want to save more than one write data, you can perform the operation sequentially and then the Save.bat. This method also applies to applications that need to be restarted after installation, so that the installed program can still be used after the reboot. (Figure 5)

3, after a sleep operation, let the system quickly start

First at the command line, enter the command "Ewfmgr C:" To confirm that EWF is open, and then enter the command

"Ewfmgr C:-activatehorm" Hibernate the system. This system can be restarted after the rapid start, when you either power off, reset, forced shutdown and other operations are invalid, only from the sleep state to start quickly.

If you want to cancel the Quick Start, enter the following command at the command line:

　　
Quote:
Ewfmgr C:-disable

Ewfmgr-deactivatehorm

Shutdown-r-T 1


(Figure 6)

Summary: In fact, EWF is only Microsoft FP2007 embedded in the operating system of a component, it still has a lot of functions, we need to practice in the actual operation to dig.