Share via

Write Protect your Run-Time Image with EWF

  • Article

5/10/2007

You can prevent accidental writes, attacks, or other harmful access to your run-time image by implementing the Enhanced Write Filter. Enhanced Write Filter intercepts all writes made to a run-time image and stores them in an alternate storage area. This storage area is called an overlay, and can be a separate partition on a disk, or in RAM.

For more information, see Enhanced Write Filter.

Note

Enhanced Write Filter should not be used as an anti-virus solution. Worms and viruses can spread quickly throughout a network, and even if a run-time image is protected with EWF, a virus can still infect it. Because the virus is stored in the EWF overlay, the virus will continue to propagate to other systems. Even if the overlay is discarded when the system reboots, other systems on the network can continue to infect your run-time image. If an EWF overlay is committed to the protected volume, the system will become infected.

See Also

Other Resources

Best Practices for Security
Network Security Considerations
Local Security Considerations