Use Microsoft EWF to protect the system

I. Preparations
1. Installation
Download the EWF package and decompress it to a non-system partition, such as E: \ EWF. Double-click setup. BAT to install it, or enter the following command at the command prompt:

Quote:
E:

CD EWF

Setup. bat

After the installation is complete, the system restarts automatically. (Figure 1)

2. Run

After the system is restarted, click Start> Run and enter E: \ EWF \ trunon. BAT (you can also double-click the file) to enable EWF protection, and then the system will immediately restart. After restarting, you can access the system to use EWF protection. By default, the first partition is protected. Of course, you can also set protection for other partitions. (Figure 2)

3. View

EWF provides protection for the original version of the system. If your system is lite, it may be unprotected. To check whether EWF is enabled, enter "ewfmgr C:" in the command prompt. You can see that EWF uses Ram and the protection status is enable. If it is displayed as disable, It is disabled, check whether the preceding operations are correct.) The partition is protected by drive C, and all write operations of EWF are redirected to memory (Figure 3 ).

Tip: If you want to disable protection, enter "ewfmgr C:-commitanddisable" in the run dialog box and press the Enter key. Then, restart the instance to disable EWF protection. Ewfmgr also has many parameters. You can enter "ewfmgr /?" View.

Ii. Practical drills

1. Completely protect the system disk and completely reject virus attacks

Make sure that your system is installed on drive C, and the browser is also installed in the drive C directory. After you enable EWF protection as described above, you can access the Internet with ease. If you accidentally access a malicious webpage and get it done in the system, don't worry. After the system is restarted, the system will be restored to its original state, and this will no longer exist. At this time, your system is infiltrated by malicious web pages, but it is an illusion in the memory and will not be written into the hard disk.

This is safe and convenient for testing viruses and Trojans without any worries. Especially in some public computers, or family member computers with a low level of application EWF protection, the system security can be well guaranteed. For example, we can perform a test. After starting EWF protection, we can create a new file on drive C. After restarting, we can check whether the new file is missing. (Figure 4)

2. selectively save and write data, taking into account special requirements

Because EWF protects the entire c drive every time it enters the system by default, but sometimes we need to save some data to the C drive. For example, for anti-virus software, we need to save the new virus database data after the upgrade. How can we write data into a partition protected by EWF without canceling protection? Follow these steps:

Step 1: immediately upgrade the virus database to the Internet after entering the system. We recommend that you do not perform other unrelated operations to ensure that only the data written to the virus database is updated.

Step 2: After the virus database is upgraded, click Start> Run and enter E: \ EWF \ save. BAT to restart the system. In this way, before the next entry into the system, EWF will write the upgraded virus database data to the C drive. Because no other operations are performed, only the virus database file is saved.

Step 3: after re-entering the system, the first partition continues to be protected. If you want to save multiple data writes, you can finish the operation and then execute save. bat. This method is also applicable to applications that need to be restarted after installation.ProgramIn this way, you can still use the installed program after the restart. (Figure 5)

3. enable the system to start quickly after a sleep operation

First, enter the command "ewfmgr C:" in the command line to confirm that EWF is open, and then enter the command

"Ewfmgr C:-activatehorm" performs sleep on the system. In this way, the system can be restarted quickly. In this case, no matter whether it is power failure, reset, forced shutdown, or other operations are ineffective, you can only start from sleep state quickly.

To cancel the Quick Start, enter the following commands in the command line:

Quote:
Ewfmgr C:-Disable

Ewfmgr-deactivatehorm

Shutdown-r-t 1

(Figure 6)

Conclusion: In fact, EWF is only a component embedded in the operating system by Microsoft fp2007. It has many features that need to be explored in actual operations.