Windows 10: Windows 10 Recovery Tools - Bootable Rescue Disk

Kyhi said:

Is it scanning C; (host) or scanning X; (PE) ???

As I found the trial version - but not an option to scan an Off-line Windows image
or re-direct the scan to another version of windows


I will make a development note to include those files for time being

It scanned C: host. the free version is not a trial version, it's free. you can choose to trial the pro version, but for just scanning and removing the free version is enough.

Another thing, have you thought about creating a persistent live disk version or can it be done with WinPE?

However, LiveCd sessions become even more useful when a persistent image can retain data and settings (even installed programs and packages) when the machine gets switched off. All the data can be easily pocketed and kept safe, perhaps to be physically carried to another machine.

Source: https://help.ubuntu.com/community/LiveCD/Persistence

Yes - it can be done..
We create PE to boot from X (Memory) and use Y (usb) as the program data folder or source..

Some User issues arise that way - and is best left alone in a general public forum -
as it would require more advanced user knowledge of PE

So as to prevent issues - it is all in Memory - thus an un-damageable PE by end user..

I will have Newer versions of all 4 ISO's - problem is I have not taken the time yet to upload them, Upload is slow and takes time..

There as been a lot of development work since and more is in the works for 10...
Right now we testing on the newest version of windows 10 as the OS has changed a little for us..
So we waiting on the New RTM release, to verify any needed changes to PE

OK here are a couple of screenshots, it took quite a while because I also scanned for rootkits(best done off line, just not necessary).

Nice work guys... interesting that MBAM uses sfc.

Superfly said:

Nice work guys... interesting that MBAM uses sfc.

Maybe to repair the PC's effected files after cleaning it of malware, or quarantining???

Cliff S said:

Maybe to repair the PC's effected files after cleaning it of malware, or quarantining???

I guess..
Also to check whether system files protection have been tampered with - here's an eg. how it can be exploited...A simple way to hack Windows File Protection (WFP) using the SetSfcFileException undocumented function - CodeProject

Superfly said:

I guess..
Also to check whether system files protection have been tampered with - here's an eg. how it can be exploited...A simple way to hack Windows File Protection (WFP) using the SetSfcFileException undocumented function - CodeProject

I just read it through quick, isn't this one of the libraries(sfc_os.dll) that 3rd party AV's need to use or modify(not sure which). in order to function properly in Windows?

Cliff S said:

I just read it through quick, isn't this one of the libraries(sfc_os.dll) that 3rd party AV's need to use or modify(not sure which). in order to function properly in Windows?

I'm not sure how AV's check files, but I would think if signatures are sought at byte level, there is no need for them to change file protection. I'll need to consult with the security devs about that though.