Source:Support for NTFS alternate data streams (ADS) for Windows: Difference between revisions

From SEPsesam
(Fixed navigation to Beefalo.)
(expert -> advanced UI mode)
(4 intermediate revisions by the same user not shown)
Line 1: Line 1:
<languages />
<translate><!--T:43-->
<div class="noprint"><languages />


 
<!--T:1-->
<translate><!--T:1-->
{{Copyright SEP AG|en}}
{{Copyright SEP AG|en}}


<!--T:2-->
<!--T:2-->
{{Navigation_latest|release=[[Special:MyLanguage/SEP_sesam_Release_Versions|4.4.3/4.4.3 ''Beefalo'']]|link=[[Special:MyLanguage/SEP_sesam_Documentation#previous|Documentation archive]]}}</translate><br />
{{Navigation_latest|release=[[Special:MyLanguage/SEP_sesam_Release_Versions|4.4.3 ''Beefalo''/5.0.0 ''Jaglion'']]|link=[[Special:MyLanguage/SEP_sesam_Documentation#previous|Documentation archive]]}}</div></translate><br />




Line 30: Line 30:
<translate>
<translate>
<!--T:8-->
<!--T:8-->
[[File:SEP Tip.png|45px|link=Special:MyLanguage/FAQ#backup_overview|FAQ]]</translate>
[[File:SEP Tip.png|45px|link=Special:MyLanguage/4_4_3_Beefalo:FAQ#backup_overview|FAQ]]</translate>
| style="padding:0px 40px 0px 10px; color: grey; font-size: 90%; text-align:left;" |
| style="padding:0px 40px 0px 10px; color: grey; font-size: 90%; text-align:left;" |
<translate><!--T:9-->
<translate><!--T:9-->
Check [[Special:MyLanguage/FAQ#backup_overview|FAQ]] to find the answers to most common questions.</translate>
Check [[Special:MyLanguage/4_4_3_Beefalo:FAQ#backup_overview|FAQ]] to find the answers to most common questions.</translate>
|}
|}


Line 40: Line 40:
[[File:SEP Troubleshooting.png|45px|link=Special:MyLanguage/Troubleshooting_Guide|Troubleshooting Guide]]</translate>
[[File:SEP Troubleshooting.png|45px|link=Special:MyLanguage/Troubleshooting_Guide|Troubleshooting Guide]]</translate>
| style="padding:0px 40px 0px 10px; color: grey; font-size: 90%; text-align:left;" | <translate><!--T:11-->
| style="padding:0px 40px 0px 10px; color: grey; font-size: 90%; text-align:left;" | <translate><!--T:11-->
Problems? See the [[Special:MyLanguage/Troubleshooting_Guide#Backup_problems|Troubleshooting Guide]]. </translate>
Problems? See the [[Special:MyLanguage/Troubleshooting_Guide#backup|Troubleshooting Guide]]. </translate>
|}</div>
|}</div>
<translate><!--T:12-->
<translate><!--T:12-->
Line 46: Line 46:


<!--T:13-->
<!--T:13-->
'''Note:''' If you wish to preserve the alternate data streams, you should not move the files with ADS into another file system that does not support ADS nor copy such files to a USB drive, CD-R/RW, or any other non-NTFS drive. If your backup target is not formatted with NTFS, your NTFS metadata (including ADS) will be lost.
'''Note:''' If you wish to preserve the alternate data streams, you should not move the files with ADS into another file system that does not support ADS nor copy such files to a USB drive, CD-R/RW, or any other non-NTFS drive. If your backup target is not formatted with NTFS, your NTFS metadata (including ADS) will be lost.


<!--T:14-->
<!--T:14-->
If you want to exclude alternate data streams from NTFS backup or restore, see [[Special:MyLanguage/Support_for_NTFS_alternate_data_streams_(ADS)_for_Windows#Excluding_ADS_from_backup|Excluding ADS from backup]] and [[Special:MyLanguage/Support_for_NTFS_alternate_data_streams_(ADS)_for_Windows#Excluding_ADS_from_restore|Excluding ADS from restore]].  
If you want to exclude alternate data streams from NTFS backup or restore, see [[Special:MyLanguage/Support_for_NTFS_alternate_data_streams_(ADS)_for_Windows#exclude_ADS_bck|Excluding ADS from backup]] and [[Special:MyLanguage/Support_for_NTFS_alternate_data_streams_(ADS)_for_Windows#exclude_ADS_restore|Excluding ADS from restore]].  


==={{anchor|alternate_data_streams}}What are alternate data streams?=== <!--T:15-->
==={{anchor|alternate_data_streams}}What are alternate data streams?=== <!--T:15-->
Line 60: Line 60:


<!--T:18-->
<!--T:18-->
There is also the '''downside''' of ADS: they are used by malicious programs in a variety of ways. Because files with ADS are not detected and therefore not shown in Windows Explorer or in the command prompt (unless you know how to search for them, see [[Special:MyLanguage/Support_for_NTFS_alternate_data_streams_(ADS)_for_Windows#ADS_detection_techniques|ADS detection techniques]]), they can affect your data.</translate>
There is also the '''downside''' of ADS: they are used by malicious programs in a variety of ways. Because files with ADS are not detected and therefore not shown in Windows Explorer or in the command prompt (unless you know how to search for them, see [[Special:MyLanguage/Support_for_NTFS_alternate_data_streams_(ADS)_for_Windows#ADS|ADS detection techniques]]), they can affect your data.</translate>
* <translate><!--T:19-->
* <translate><!--T:19-->
Windows  Explorer and the command line <tt>dir</tt> do not calculate the space used by ADS. This means that when determining the amount of used space, you will get the calculation only for the ''unnamed data stream''. If there are lots of ADS used, you may be backing up a lot more than shown by your system, which may result in slower backups and filling up your storage space.</translate>
Windows  Explorer and the command line <tt>dir</tt> do not calculate the space used by ADS. This means that when determining the amount of used space, you will get the calculation only for the ''unnamed data stream''. If there are lots of ADS used, you may be backing up a lot more than shown by your system, which may result in slower backups and filling up your storage space.</translate>
Line 68: Line 68:


*<translate><!--T:21-->
*<translate><!--T:21-->
Malicious executables and other data can be stored as ADS. The ADS can be executed from the command line by command ''start''. When executed, it still remains hidden because it will appear to run as the original file. If your anti-virus program has not detected a virus stored as ADS, you may be backing up infected data.  
Malicious executable and other data can be stored as ADS. The ADS can be executed from the command line by command <tt>start</tt>. When executed, it still remains hidden because it will appear to run as the original file. If your anti-virus program has not detected a virus stored as ADS, you may be backing up infected data.  


==={{anchor|ADS}}ADS detection techniques=== <!--T:22-->
==={{anchor|ADS}}ADS detection techniques=== <!--T:22-->


<!--T:23-->
<!--T:23-->
Because files with ADS are not detected using native file browsing tools, such as Windows Explorer and the command line <tt>dir</tt>, the following tools and tecniques can be used to recognize the ADS.</translate>
Because files with ADS are not detected using native file browsing tools, such as Windows Explorer and the command line <tt>dir</tt>, the following tools and techniques can be used to recognize the ADS.</translate>
;<translate><!--T:24-->
;<translate><!--T:24-->
Using command prompt:
Using command prompt:
Line 92: Line 92:
  Get-Content -path {path to the file} -stream {stream name} showme</translate>
  Get-Content -path {path to the file} -stream {stream name} showme</translate>
;<translate><!--T:29-->
;<translate><!--T:29-->
Using Microsoft tool ''Streams'':Reveal NTFS alternate streams by [http://technet.microsoft.com/en-us/sysinternals/bb897440.aspx downloading Streams]. The ''Streams'' tool does not display the contents of ADS, but shows all ADS of the files.
Using Microsoft tool ''Streams'':
Reveal NTFS alternate streams by [http://technet.microsoft.com/en-us/sysinternals/bb897440.aspx downloading Streams]. The ''Streams'' tool does not display the contents of ADS, but shows all ADS of the files.


=={{anchor|exclude_ADS_bck}}Excluding ADS from backup== <!--T:30-->
=={{anchor|exclude_ADS_bck}}Excluding ADS from backup== <!--T:30-->


<!--T:31-->
<!--T:31-->
ADS are backed up by default, but can be excluded from backup by using a special option in the backup task properties. You should only exclude ADS from backup if you are aware of [[Special:MyLanguage/Support_for_NTFS_alternate_data_streams_(ADS)_for_Windows#What_are_alternate_data_streams.3F|their usage]] and the consequences of their exclusion.</translate>
ADS are backed up by default, but can be excluded from backup by using a special option in the backup task properties. You should only exclude ADS from backup if you are aware of [[Special:MyLanguage/Support_for_NTFS_alternate_data_streams_(ADS)_for_Windows#alternate_data_streams|their usage]] and the consequences of their exclusion.</translate>
<ol><li><translate><!--T:32-->
<ol><li><translate><!--T:32-->
To exclude ADS from backup, select your client from the '''Main Selection -> Tasks -> By clients''', and then select the backup task for which you want to exclude alternate data streams. The ''task properties'' window is displayed. If you have not yet created a backup task, proceed as described in the [[Special:MyLanguage/Standard_Backup_Procedure#Step_1:_Creating_a_backup_task|Standard Backup Procedure]].</translate>  
To exclude ADS from backup, select your client from the '''Main Selection''' -> '''Tasks''' -> '''By Clients''', and then double-click the backup task for which you want to exclude alternate data streams. The ''backup task properties'' window is displayed. If you have not yet created a backup task, see [[Special:MyLanguage/Creating_a_Backup_Task|Creating a Backup Task]].</translate>  
<li><translate><!--T:33-->
<li><translate><!--T:33-->
Click the '''Options''' tab and under the '''Additional call arguments''' (Expert options) in the '''Save options''' field, enter the following: ''-o skip_adat''. Click '''OK''' to save the task with excluded ADS.</translate></li>
Click the '''Options''' tab and under the ''Additional call arguments'' in the '''Backup options''' (previously ''Save options'') field, enter the following: ''-o skip_adat''.<br />
Click '''OK''' to save the task with excluded ADS.</translate></li>
<translate><!--T:34-->
<translate><!--T:34-->
[[image:Backup_skip_ADS.png|600px|link=]]</translate>
[[image:Backup_skip_ADS_Beefalo_V2.jpg|650px|link=]]</translate>
<br clear=all></ol>
<br clear=all></ol>


Line 111: Line 113:
If alternate data streams were backed up, they will be restored by default. ADS can also be excluded from restore by using a special option in the restore wizard.</translate>
If alternate data streams were backed up, they will be restored by default. ADS can also be excluded from restore by using a special option in the restore wizard.</translate>
<ol><li><translate><!--T:37-->
<ol><li><translate><!--T:37-->
To exclude ADS from restore, select '''Activities -> Restore''' from the SEP sesam GUI menu bar. The ''New restore task'' window opens.</translate></li>
To exclude ADS from restore, select '''Activities''' -> '''Restore''' from the SEP sesam GUI menu bar. The ''New Restore Task'' window opens.</translate></li>
<li><translate><!--T:38-->
<li><translate><!--T:38-->
Select the save set you want to restore and proceed as described in the [[Special:MyLanguage/Standard_Restore_Procedure#Steps|Standard Restore Procedure]] until you get to the last step of the wizard.</translate></li>
Select the saveset you want to restore and proceed as described in the [[Special:MyLanguage/Standard_Restore_Procedure#Steps|Standard Restore Procedure]] until you get to the ''Target Settings'' window.</translate></li>
<li><translate><!--T:39-->
<li><translate><!--T:39-->
Click the '''Expert options''' button. The ''Expert options'' window is displayed (with opened tab ''Options''). Enter the following in the '''Restore options''' field: ''-o skip_adat''. Then click '''OK''' to save the ADS exclusion option.</translate></li>
Click the '''Expert Options''' button. The ''Expert Options'' window is displayed (with opened tab ''Options''). Enter the following in the '''Restore options''' field: ''-o skip_adat''. Then click '''OK''' to save the ADS exclusion option.</translate></li>
{{<translate><!--T:44--> note</translate>|<translate><!--T:45--> The ''Expert Options'' button for specifying advanced restore options is available only in [[Special:MyLanguage/SEP_sesam_Glossary#UI_mode|''advanced'' UI mode]] (formerly ''expert'' GUI mode). To use ''Expert Options'', make sure your UI mode is set to ''advanced''. For details, see [[Special:MyLanguage/4_4_3_Beefalo:SEP_sesam_GUI#UI_mode|Selecting UI mode]].</translate>}}
<translate><!--T:40-->
<translate><!--T:40-->
[[image:Restore_skip_ADS.png|600px|link=]]</translate>
[[image:Restore_skip_ADS_Beefalo_V2.jpg|650px|link=]]</translate>
<br clear=all>
<br clear=all>
<li><translate><!--T:41-->
<li><translate><!--T:41-->
To start your restore immediately, click '''Start'''. To save the restore task, click '''Save'''.</translate></li></ol>
To start your restore immediately, click '''Start'''. To save the restore task, click '''Save'''.</translate></li>
{{<translate><!--T:46--> note</translate>|<translate><!--T:47--> A restore task can be scheduled like any other task. If you want to add a restore task to the schedule, see [[Special:MyLanguage/Scheduling_Restore|Scheduling Restore]].</translate>}}
</ol>


<translate>==See also== <!--T:42-->
<translate><div class="noprint">
[[Special:MyLanguage/Backup|Backup]] – [[Special:MyLanguage/Standard_Backup_Procedure|Standard Backup Procedure]]</translate>
==See also== <!--T:42-->
[[Special:MyLanguage/Backup|Backup]] – [[Special:MyLanguage/Standard_Backup_Procedure|Standard Backup Procedure]]</div></translate>

Revision as of 13:53, 27 May 2022

Other languages:

Copyright © SEP AG 1999-2024. All rights reserved.

Any form of reproduction of the contents or parts of this manual is allowed only with the express written permission from SEP AG. When compiling and designing user documentation SEP AG uses great diligence and attempts to deliver accurate and correct information. However, SEP AG cannot issue a guarantee for the contents of this manual.

Docs latest icon.png Welcome to the latest SEP sesam documentation version 4.4.3 Beefalo/5.0.0 Jaglion. For previous documentation version(s), check Documentation archive.



Overview

SEP sesam provides backup and restore of alternate data streams (ADS) on NTFS volumes and ReFs (ReFs reacquired support for alternate data streams in Windows 8.1 64-bit and Server 2012 R2, stream size limited to 128k). From SEP sesam version 4.4.3, ADS are backed up by default when backing up a NTFS file system. They are automatically restored to any ADS-aware system. If you are restoring a backup with ADS to the system that does not support ADS, a warning about loss of data is issued during restore. This way you are ensured that your NTFS file system data is completely backed up and properly restored.

Note: If you wish to preserve the alternate data streams, you should not move the files with ADS into another file system that does not support ADS nor copy such files to a USB drive, CD-R/RW, or any other non-NTFS drive. If your backup target is not formatted with NTFS, your NTFS metadata (including ADS) will be lost.

If you want to exclude alternate data streams from NTFS backup or restore, see Excluding ADS from backup and Excluding ADS from restore.

What are alternate data streams?

Alternate data streams (ADS) are a unique data-hiding feature of NTFS file systems. A file in NTFS consists of the primary or unnamed data stream where the data is actually contained ($Data), and of alternate data streams that can store additional metadata.

Applications may use ADS for storing file attributes. For example, Windows uses ADS for a number of functions, such as storing the summary information for the updated file or creating the Zone.Identifier (the original security zone) stream for every downloaded file by Internet Explorer. Windows Encrypting File System is using ADS to securely store files. File Classification Infrastructure (FCI) is using ADS for tagging files. Some anti-virus programs are using them to improve scanning performance. Alternate data streams are also used to store non-critical information, such as thumbnails for graphical files, parsing information for program sources, etc.

There is also the downside of ADS: they are used by malicious programs in a variety of ways. Because files with ADS are not detected and therefore not shown in Windows Explorer or in the command prompt (unless you know how to search for them, see ADS detection techniques), they can affect your data.

  • Windows Explorer and the command line dir do not calculate the space used by ADS. This means that when determining the amount of used space, you will get the calculation only for the unnamed data stream. If there are lots of ADS used, you may be backing up a lot more than shown by your system, which may result in slower backups and filling up your storage space.
  • There is no official limit to the size of the content that can be stored in the streams or to the number of streams, therefore the files with ADS can get quite big.
  • Malicious executable and other data can be stored as ADS. The ADS can be executed from the command line by command start. When executed, it still remains hidden because it will appear to run as the original file. If your anti-virus program has not detected a virus stored as ADS, you may be backing up infected data.

ADS detection techniques

Because files with ADS are not detected using native file browsing tools, such as Windows Explorer and the command line dir, the following tools and techniques can be used to recognize the ADS.

Using command prompt

To display alternate data streams of all the files and directories, use the command

dir /R

To search in all sub-directories and display only files with alternate data streams, use

dir   /s /r | find ":$DATA"

To search in current folder and display only files with alternate data streams, use

dir   /r | find ":$DATA"
Using PowerShell commands (Windows 8 or newer)

Start the PowerShell and use the first command to get the name of the ADS

Get-Item -path {path to the file} -stream *

Then use the Get-Content cmdlet to query its contents

Get-Content -path {path to the file} -stream {stream name} showme
Using Microsoft tool Streams

Reveal NTFS alternate streams by downloading Streams. The Streams tool does not display the contents of ADS, but shows all ADS of the files.

Excluding ADS from backup

ADS are backed up by default, but can be excluded from backup by using a special option in the backup task properties. You should only exclude ADS from backup if you are aware of their usage and the consequences of their exclusion.

  1. To exclude ADS from backup, select your client from the Main Selection -> Tasks -> By Clients, and then double-click the backup task for which you want to exclude alternate data streams. The backup task properties window is displayed. If you have not yet created a backup task, see Creating a Backup Task.
  2. Click the Options tab and under the Additional call arguments in the Backup options (previously Save options) field, enter the following: -o skip_adat.
    Click OK to save the task with excluded ADS.
  3. Backup skip ADS Beefalo V2.jpg

Excluding ADS from restore

If alternate data streams were backed up, they will be restored by default. ADS can also be excluded from restore by using a special option in the restore wizard.

  1. To exclude ADS from restore, select Activities -> Restore from the SEP sesam GUI menu bar. The New Restore Task window opens.
  2. Select the saveset you want to restore and proceed as described in the Standard Restore Procedure until you get to the Target Settings window.
  3. Click the Expert Options button. The Expert Options window is displayed (with opened tab Options). Enter the following in the Restore options field: -o skip_adat. Then click OK to save the ADS exclusion option.
  4. Information sign.png Note
    The Expert Options button for specifying advanced restore options is available only in advanced UI mode (formerly expert GUI mode). To use Expert Options, make sure your UI mode is set to advanced. For details, see Selecting UI mode.

    Restore skip ADS Beefalo V2.jpg

  5. To start your restore immediately, click Start. To save the restore task, click Save.
  6. Information sign.png Note
    A restore task can be scheduled like any other task. If you want to add a restore task to the schedule, see Scheduling Restore.