Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Permissions for The System Volume Information subfolders?


  • Please log in to reply
6 replies to this topic

#1 tariintod

tariintod

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:03:05 PM

Posted 26 April 2011 - 09:15 AM

I have windows 7 installed as OS.I checked the System Volume Information folders for all the partitions for a possible virus infection.I have C: D: (my first harddisk)and G: (my second harddisk) partitions.
I've seen that regarding the D: and G: partitions ,for System Volume Information subfolders (SPP etc..), only SYSTEM has the permission (full control) as shown below(SPP folder as an example):
Posted Image
On the other hand , regarding the C: ,for the subfolders(SPP ,System Restore,Windows Backup etc..) SYSTEM and administrators both have the permissions (full control) and for the subfolders of SPP ,such as SppGroupCache and SppCBSHiveStore ; USERS (limited control),SYSTEM (full control)and administrators(full control) have permissions.
Posted ImagePosted Image

Is this normal?If it is not , can a virus cause this?
Should I remove the permissions of USERS and administrators and leave only the permission of SYSTEM?

Edited by tariintod, 26 April 2011 - 09:20 AM.


BC AdBot (Login to Remove)

 


#2 tariintod

tariintod
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:03:05 PM

Posted 29 April 2011 - 09:49 AM

To make it clear:
Which users or groups have permissions to access System Volume Information subfolders as default?
Only SYSTEM(full control)has the permission? or Do USERS(limited control) and administrators(full control) have permissions for System Volume Information subfolders as well?
If it is not , should I remove the permissions of USERS and administrators and leave only the permission of SYSTEM?

Edited by tariintod, 29 April 2011 - 09:50 AM.


#3 hamluis

hamluis

    Moderator


  • Moderator
  • 55,404 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:03:05 PM

Posted 29 April 2011 - 12:51 PM

If you click on the different groups...you will see that they do not all have the same permissions.

System and Admins are generally the only entities with all permissions and system is the only entity with full perms on SVI on my XP system.

Louis

Edited by hamluis, 29 April 2011 - 12:52 PM.


#4 tariintod

tariintod
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:03:05 PM

Posted 30 April 2011 - 04:32 AM

If you click on the different groups...you will see that they do not all have the same permissions.

System and Admins are generally the only entities with all permissions and system is the only entity with full perms on SVI on my XP system.

Louis


So you are saying that only SYSTEM has permissions on SVI ,am I right?
Therefore I should remove admin and users from accessing the SVI subfolders (by removing admin and users from the security tab), is this correct?

Edited by tariintod, 30 April 2011 - 04:33 AM.


#5 Barthez

Barthez

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:10:05 PM

Posted 30 April 2011 - 05:35 AM

As a side note i could say that i feel that access permissions to SVI folders are taken from users mainly to forbid them from messing up restore points, viruses love to hide themselves in this folder and they are good at it ;)

I didn't touch SVI folder permissions and it looks like this in my system:

Posted Image




As a result, users (admin and limited) are unable to access any files and sub-folders of System Volume Information directory.


HTH

Edited by Barthez, 30 April 2011 - 05:39 AM.

Barthez

Posted Image

#6 tariintod

tariintod
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:03:05 PM

Posted 30 April 2011 - 06:02 AM

So this means that , for example , although administrators and users have permissions on the SPP's sub-folder(SVI>>SPP>>SppGroupCache) as shown below , they are unable to access it because for the main root folder (SVI) , they do not have any permissions.(Only SYSTEM has)
Posted ImagePosted Image
Therefore , I don't have to remove users and administrators permissions for that SVI sub-folders ,I guess.
Thanks for your help.

Edited by tariintod, 30 April 2011 - 06:04 AM.


#7 Barthez

Barthez

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:10:05 PM

Posted 30 April 2011 - 06:23 AM

Well, I could access SVI sub-folders only by giving myself a access to whole directory and sub-folders. IMO only System should have access to this folder. All restore point creation and erasing procedures are most likely made by application running within SYSTEM account.

Since you have access to admin in this PC, try making SVI and all it's sub-folders a SYSTEM only directory and then see if you can create restore point w/o any problems. If you want see any errors it should mean that everything is OK.


Barthez

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users