locked
SteadyState and Security Essentials RRS feed

  • Question

  • Hi,
    I just downloaded the latest version to install on a pc next week that will be going in a a break room at my work. I am planning on installing Security Essentials as well and was just wondering if they played well together.
    There is probably no reason to install any av on it with steadystate, but just want to make sure it doesnt leak anything to our domain controller.
    Monday, December 7, 2009 3:57 AM

Answers

  • Hi bullchicken, first of all, I'd like to inform you that Windows SteadyState or Windows Disk Protection still cannot replace antivirus program. We still suggest our users install antivirus program on the shared computers. Though Windows Disk Protection can help protecting system partition, WDP will not discard changes made to other volumes (other partitions on the same disk or separate disks).  A virus could also hide in the boot sector or MBR of the hard disk as those areas are not part of the boot volume.  The virus would have to have admistrator access in order to write to the boot sector or MBR, however.

    We can install Microsoft Security Essentials with Windows SteadyState, however, for its definition update, we still need to manually create a script for it as Windows SteadyState is a prior product. As we do not support custom script development in this forum, you will need to write your own custom update script. When you write a custom script, please pay attention to the following:
     
    1. Custom scripts must be written so that they return only after actions in the custom script have been completed.
     
    2. If a custom script update on a Windows SteadyState computer requires any resources during a scheduled update, such as a valid network connection, the resource must be available at the time of the update.
     
    3. If MSE shows any blocking UI (for example, a dialog that requires user interaction), then the updates will fail.
     
    Also, you can refer to the following thread regarding script:
     
    Script with schedule update at certain time and disk protection on and set to remove changes
    http://forums.microsoft.com/TechNet/ShowPost.aspx?PostID=1951048&SiteID=17
     
    Thank you for your understanding.
    Sean Zhu - MSFT
    • Marked as answer by Sean Zhu - Monday, December 14, 2009 4:33 AM
    Tuesday, December 8, 2009 8:56 AM

All replies

  • Hi bullchicken, first of all, I'd like to inform you that Windows SteadyState or Windows Disk Protection still cannot replace antivirus program. We still suggest our users install antivirus program on the shared computers. Though Windows Disk Protection can help protecting system partition, WDP will not discard changes made to other volumes (other partitions on the same disk or separate disks).  A virus could also hide in the boot sector or MBR of the hard disk as those areas are not part of the boot volume.  The virus would have to have admistrator access in order to write to the boot sector or MBR, however.

    We can install Microsoft Security Essentials with Windows SteadyState, however, for its definition update, we still need to manually create a script for it as Windows SteadyState is a prior product. As we do not support custom script development in this forum, you will need to write your own custom update script. When you write a custom script, please pay attention to the following:
     
    1. Custom scripts must be written so that they return only after actions in the custom script have been completed.
     
    2. If a custom script update on a Windows SteadyState computer requires any resources during a scheduled update, such as a valid network connection, the resource must be available at the time of the update.
     
    3. If MSE shows any blocking UI (for example, a dialog that requires user interaction), then the updates will fail.
     
    Also, you can refer to the following thread regarding script:
     
    Script with schedule update at certain time and disk protection on and set to remove changes
    http://forums.microsoft.com/TechNet/ShowPost.aspx?PostID=1951048&SiteID=17
     
    Thank you for your understanding.
    Sean Zhu - MSFT
    • Marked as answer by Sean Zhu - Monday, December 14, 2009 4:33 AM
    Tuesday, December 8, 2009 8:56 AM
  • Another question, do these scripts run when the Steadystate program starts or when the service starts?
    Because i don't use the program, only the service for WDP, is it still possible to run these scripts then?
    Tuesday, December 8, 2009 9:19 AM
  • Yes, you can simply enable WDP in Windows SteadyState (with or without using the restrictions in it) and the scripts should work fine with them.
    Sean Zhu - MSFT
    Thursday, December 10, 2009 3:32 AM