J
Ju Hwak Jeong
windows 보안 항목의 모든 보안설정을 활성화 시킨뒤에 검사를 하면 검사 파일을 건너뛰어서(??) 실제 파일보다 더 적게 검사하거나 블루스크린을 내 뿜는데
이것이 백업이 운영체제에 있는 드라이브가 아니라 또다른 내장 드라이브에 해두고 시스템 이미지는 운영체제와 또 다른 내장 드라이브에 따로 저장할경우 생기는 문제인가 궁금합니다.
※ 참고할만한 dism 자료
2020-09-01 18:38:05, Info CSI 000001d5 Warning: Overlap: Directory \??\C:\Program Files (x86)\ is owned twice or has its security set twice
Original owner: Microsoft-Windows-shell32, version 10.0.19041.423, arch Host= amd64 Guest= x86, nonSxS, pkt {l:8 b:31bf3856ad364e35}
New owner: Microsoft-Windows-shell32, version 10.0.19041.423, arch Host= amd64 Guest= x86, nonSxS, pkt {l:8 b:31bf3856ad364e35}
2020-09-01 18:38:05, Info CSI 000001d6 Warning: Overlap: Directory \??\C:\ProgramData\Microsoft\Windows\Start Menu\ is owned twice or has its security set twice
Original owner: Microsoft-Windows-shell32, version 10.0.19041.423, arch Host= amd64 Guest= x86, nonSxS, pkt {l:8 b:31bf3856ad364e35}
New owner: Microsoft-Windows-shell32, version 10.0.19041.423, arch Host= amd64 Guest= x86, nonSxS, pkt {l:8 b:31bf3856ad364e35}
2020-09-01 18:38:05, Info CSI 000001d7 Warning: Overlap: Directory \??\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ is owned twice or has its security set twice
Original owner: Microsoft-Windows-shell32, version 10.0.19041.423, arch Host= amd64 Guest= x86, nonSxS, pkt {l:8 b:31bf3856ad364e35}
New owner: Microsoft-Windows-shell32, version 10.0.19041.423, arch Host= amd64 Guest= x86, nonSxS, pkt {l:8 b:31bf3856ad364e35}
2020-09-01 18:38:05, Info CSI 000001d8 Warning: Overlap: Directory \??\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ is owned twice or has its security set twice
Original owner: Microsoft-Windows-shell32, version 10.0.19041.423, arch Host= amd64 Guest= x86, nonSxS, pkt {l:8 b:31bf3856ad364e35}
New owner: Microsoft-Windows-shell32, version 10.0.19041.423, arch Host= amd64 Guest= x86, nonSxS, pkt {l:8 b:31bf3856ad364e35} 이외에 백업되어 중첩된 파일 일부들
그리고 블루스크린이 뜨기 시작한 시점은 set-mppreference로 아래 사항을 설정한 이후입니다.
AllowNetworkProtectionOnWinServer : False
AttackSurfaceReductionOnlyExclusions :
AttackSurfaceReductionRules_Actions :
AttackSurfaceReductionRules_Ids :
CheckForSignaturesBeforeRunningScan : True
CloudBlockLevel : 1
CloudExtendedTimeout : 1
ComputerID : 85A6E2EF-9EBF-452B-B2B1-2795EEE0593E
ControlledFolderAccessAllowedApplications :
ControlledFolderAccessProtectedFolders : {D:\DESKTOP-ECA6KI3, D:\WindowsImageBackup}
DisableArchiveScanning : False
DisableAutoExclusions : False
DisableBehaviorMonitoring : False
DisableBlockAtFirstSeen : False
DisableCatchupFullScan : True
DisableCatchupQuickScan : True
DisableCpuThrottleOnIdleScans :
DisableDatagramProcessing : False
DisableEmailScanning : False
DisableIntrusionPreventionSystem :
DisableIOAVProtection : False
DisablePrivacyMode : False
DisableRealtimeMonitoring : False
DisableRemovableDriveScanning : False
DisableRestorePoint : False
DisableScanningMappedNetworkDrivesForFullScan : False
DisableScanningNetworkFiles : False
DisableScriptScanning : False
EnableControlledFolderAccess : 1
EnableFileHashComputation : False
EnableLowCpuPriority : False
EnableNetworkProtection : 0
ExclusionExtension :
ExclusionIpAddress :
ExclusionPath :
ExclusionProcess :
HighThreatDefaultAction : 2
LowThreatDefaultAction : 2
MAPSReporting : 2
MeteredConnectionUpdates : False
ModerateThreatDefaultAction : 2
PUAProtection : 1
QuarantinePurgeItemsAfterDelay : 30
RandomizeScheduleTaskTimes : True
RealTimeScanDirection : 0
RemediationScheduleDay : 0
RemediationScheduleTime : 02:00:00
ReportingAdditionalActionTimeOut : 10080
ReportingCriticalFailureTimeOut : 10080
ReportingNonCriticalTimeOut : 1440
ScanAvgCPULoadFactor : 75
ScanOnlyIfIdleEnabled : False
ScanParameters : 2
ScanPurgeItemsAfterDelay : 15
ScanScheduleDay : 0
ScanScheduleQuickScanTime : 00:00:00
ScanScheduleTime : 02:00:00
SevereThreatDefaultAction : 2
SharedSignaturesPath :
SignatureAuGracePeriod : 0
SignatureBlobFileSharesSources :
SignatureBlobUpdateInterval : 60
SignatureDefinitionUpdateFileSharesSources :
SignatureDisableUpdateOnStartupWithoutEngine : False
SignatureFallbackOrder : MicrosoftUpdateServer|MMPC
SignatureFirstAuGracePeriod : 35
SignatureScheduleDay : 0
SignatureScheduleTime : 01:45:00
SignatureUpdateCatchupInterval : 1
SignatureUpdateInterval : 0
SubmitSamplesConsent : 1
ThreatIDDefaultAction_Actions :
ThreatIDDefaultAction_Ids :
UILockdown : False
UnknownThreatDefaultAction : 2
PSComputerName :
이 문제로 인해 상당히 많은 시간을 소비하여 피곤합니다 도움이 필요합니다.
Continue reading...
이것이 백업이 운영체제에 있는 드라이브가 아니라 또다른 내장 드라이브에 해두고 시스템 이미지는 운영체제와 또 다른 내장 드라이브에 따로 저장할경우 생기는 문제인가 궁금합니다.
※ 참고할만한 dism 자료
2020-09-01 18:38:05, Info CSI 000001d5 Warning: Overlap: Directory \??\C:\Program Files (x86)\ is owned twice or has its security set twice
Original owner: Microsoft-Windows-shell32, version 10.0.19041.423, arch Host= amd64 Guest= x86, nonSxS, pkt {l:8 b:31bf3856ad364e35}
New owner: Microsoft-Windows-shell32, version 10.0.19041.423, arch Host= amd64 Guest= x86, nonSxS, pkt {l:8 b:31bf3856ad364e35}
2020-09-01 18:38:05, Info CSI 000001d6 Warning: Overlap: Directory \??\C:\ProgramData\Microsoft\Windows\Start Menu\ is owned twice or has its security set twice
Original owner: Microsoft-Windows-shell32, version 10.0.19041.423, arch Host= amd64 Guest= x86, nonSxS, pkt {l:8 b:31bf3856ad364e35}
New owner: Microsoft-Windows-shell32, version 10.0.19041.423, arch Host= amd64 Guest= x86, nonSxS, pkt {l:8 b:31bf3856ad364e35}
2020-09-01 18:38:05, Info CSI 000001d7 Warning: Overlap: Directory \??\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ is owned twice or has its security set twice
Original owner: Microsoft-Windows-shell32, version 10.0.19041.423, arch Host= amd64 Guest= x86, nonSxS, pkt {l:8 b:31bf3856ad364e35}
New owner: Microsoft-Windows-shell32, version 10.0.19041.423, arch Host= amd64 Guest= x86, nonSxS, pkt {l:8 b:31bf3856ad364e35}
2020-09-01 18:38:05, Info CSI 000001d8 Warning: Overlap: Directory \??\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ is owned twice or has its security set twice
Original owner: Microsoft-Windows-shell32, version 10.0.19041.423, arch Host= amd64 Guest= x86, nonSxS, pkt {l:8 b:31bf3856ad364e35}
New owner: Microsoft-Windows-shell32, version 10.0.19041.423, arch Host= amd64 Guest= x86, nonSxS, pkt {l:8 b:31bf3856ad364e35} 이외에 백업되어 중첩된 파일 일부들
그리고 블루스크린이 뜨기 시작한 시점은 set-mppreference로 아래 사항을 설정한 이후입니다.
AllowNetworkProtectionOnWinServer : False
AttackSurfaceReductionOnlyExclusions :
AttackSurfaceReductionRules_Actions :
AttackSurfaceReductionRules_Ids :
CheckForSignaturesBeforeRunningScan : True
CloudBlockLevel : 1
CloudExtendedTimeout : 1
ComputerID : 85A6E2EF-9EBF-452B-B2B1-2795EEE0593E
ControlledFolderAccessAllowedApplications :
ControlledFolderAccessProtectedFolders : {D:\DESKTOP-ECA6KI3, D:\WindowsImageBackup}
DisableArchiveScanning : False
DisableAutoExclusions : False
DisableBehaviorMonitoring : False
DisableBlockAtFirstSeen : False
DisableCatchupFullScan : True
DisableCatchupQuickScan : True
DisableCpuThrottleOnIdleScans :
DisableDatagramProcessing : False
DisableEmailScanning : False
DisableIntrusionPreventionSystem :
DisableIOAVProtection : False
DisablePrivacyMode : False
DisableRealtimeMonitoring : False
DisableRemovableDriveScanning : False
DisableRestorePoint : False
DisableScanningMappedNetworkDrivesForFullScan : False
DisableScanningNetworkFiles : False
DisableScriptScanning : False
EnableControlledFolderAccess : 1
EnableFileHashComputation : False
EnableLowCpuPriority : False
EnableNetworkProtection : 0
ExclusionExtension :
ExclusionIpAddress :
ExclusionPath :
ExclusionProcess :
HighThreatDefaultAction : 2
LowThreatDefaultAction : 2
MAPSReporting : 2
MeteredConnectionUpdates : False
ModerateThreatDefaultAction : 2
PUAProtection : 1
QuarantinePurgeItemsAfterDelay : 30
RandomizeScheduleTaskTimes : True
RealTimeScanDirection : 0
RemediationScheduleDay : 0
RemediationScheduleTime : 02:00:00
ReportingAdditionalActionTimeOut : 10080
ReportingCriticalFailureTimeOut : 10080
ReportingNonCriticalTimeOut : 1440
ScanAvgCPULoadFactor : 75
ScanOnlyIfIdleEnabled : False
ScanParameters : 2
ScanPurgeItemsAfterDelay : 15
ScanScheduleDay : 0
ScanScheduleQuickScanTime : 00:00:00
ScanScheduleTime : 02:00:00
SevereThreatDefaultAction : 2
SharedSignaturesPath :
SignatureAuGracePeriod : 0
SignatureBlobFileSharesSources :
SignatureBlobUpdateInterval : 60
SignatureDefinitionUpdateFileSharesSources :
SignatureDisableUpdateOnStartupWithoutEngine : False
SignatureFallbackOrder : MicrosoftUpdateServer|MMPC
SignatureFirstAuGracePeriod : 35
SignatureScheduleDay : 0
SignatureScheduleTime : 01:45:00
SignatureUpdateCatchupInterval : 1
SignatureUpdateInterval : 0
SubmitSamplesConsent : 1
ThreatIDDefaultAction_Actions :
ThreatIDDefaultAction_Ids :
UILockdown : False
UnknownThreatDefaultAction : 2
PSComputerName :
이 문제로 인해 상당히 많은 시간을 소비하여 피곤합니다 도움이 필요합니다.
Continue reading...