Super-Networking Blog

I found out an interesting quirk when backing up DFS (Distributed File System) files using Symantec Backup Exec 11D. I have a full backup setup, basically selected the entire drive to backup, finishes every night with no errors.

You go back into the job in Backup Exec and try to do a restore, what do you find? The folders that contain the DFS files are empty, 0 bytes. My first thought is what the hell is this all about. Was scared for a minute or two thinking I have no backups on tape of any of my DFS files.

I looked into it more and found that starting in Backup Exec 10d SP2 and continuing through 11d you cannot performance a backup of DFS files directly like you would normally do. You need to use the “DFSR Writer” which means using the Shadow Copy Components backup.

If you go into your server selection in Backup Exec, drill down into Shadow Copy Components -> User Data you will see the DFS info. Make sure to select these to backup your DFS files.

Things to keep in mind about backing up DFS in this manner:

-Backup Performance is greatly affected, could double the time needed for backing up those files.

-DFS Backups in this manner cannot be redirected to another location on restored like a lot of people including myself like to do when restoring files.

One workaround for the speed issue I have found but not tested is to run a Net Stop command for the DFS Replication service before the backup starts then a Net Start for that service when done.

I have uninstalled Symantec Endpoint Protection from my laptop. The trial was coming to an end and with the findings of the new management console problems I didn’t see a reason to continue.

See previous posts here:

Part I

Part II

Instead I have moved on to BitDefender Total Security 2008. I have just installed it and it seems to be running ok. Total system scan was faster than I am used to with Symantec and McAfee. Setup was easy for the most part, prompted me for every program to allow it through the firewall instead of knowing most of the common programs that should be allowed like Symantec. We will see how things go, if anyone has any comments on this product please post here.

I am still running Endpoint Protection on my laptop, only one issue so far. Endpoint Protection 11 breaks WPA and WPA2 authentication for your wireless network. From reading in some Symantec forums it is a known issue with this software. The easiest way around it is to disable Network Threat Protection while you are authenticating then enable it was the connection is established.

I looked for more of a permanent solution but even when I disabled the HIPS rules and allowed all traffic to pass on my wireless card it still failed. I guess this is the case when the client is unmanaged, if you have a managed client which I don’t you can work around it by allowing EAPOL. I can’t test this because I don’t have the server and so it isn’t managed. Hopefully they come out with a workaround.

I installed a trial of Symantec’s Endpoint Protection which is the new version of Symantec’s Enterprise Antivirus. I have used Symantec in business all the way back to version 7 and have always liked it. Version 10 switched its servers to client communication from UDP to TCP which improved network stability. They also changed new virus definitions to be deltas instead of full definitions.

Well Symantec has taken it to the next level now with Endpoint Protection. Now the firewall package is built into all of their clients instead of just their SCS clients. They have also added a HIPS or Host Intrusion Protection Software into this client. This is the next step that a lot of companies have been trying to pull off but haven’t done well yet. IPS watches for known and unknown attacks by watching for activity that could be trying to do malicious things.

Firewalls are great because it blocks connections that aren’t specifically allowed but that still allows all traffic on open ports, the IPS piece will analyze the traffic and watch for malicious activity. So far I have been very impressed how well it is designed, I have not had to make any changes to allow things to work on my machine. I am on a domain and typically you have to allow a ton of stuff just for your machine to function and I did not. Only change I made was to turn off the alerts when the firewall blocked something.

One more note that a lot of standards including PCI require you to run HIDS/HIPS on your machines.