Wednesday, 2 April 2014

Adding the Kaspersky Rescue ISO to Easy2Boot (with persistent updates)

You can easily download and add the kav_rescue_10.iso or krd.iso file to your E2B drive easily. Just copy it to the \_ISO\MAINMENU folder.

Note: The KAV Rescue 2018 ISO does support UEFI-booting so you could convert to .imgPTN file.

When you first run it, you will want to update the virus definitions. When you do so however, it will store the updates on the internal 'target' hard disk of the system that you booted the E2B USB drive from, instead of storing them on the E2B USB drive. This means that when you boot on a different system, you will have to download the updates all over again (if the system has an internet connection).

Previous E2B versions included a Kaspersky_Rescue_10.mnu file in the \_ISO\docs\Sample mnu Files folder. However, the instructions in the .mnu file were not to too clear.

Actually, you don't need a .mnu file at all.

IMPORTANT: The key to the whole procedure is to ensure that Kaspersky linux mounts all the storage devices as volumes.

Allow it to mount the disks...
This will not be done if you do not select a drive to scan when prompted, or if you use the 'Skip' button when prompted if the volume is 'dirty'. Once all the volumes have been mounted, you should see the icons on the Desktop - if not then it won't find the Updates on the USB drive and you will have to reboot!

Make sure you see desktop icons for the USB drive (e.g. sdb1).
The instructions to get persistent updates to stay on the E2B USB drive are:

1. Download a recent ISO file from - it should be under 'Distributive' and called  kav_rescue_10.iso or krd.iso.

2. Copy it to a menu folder, e.g. \_ISO\MainMenu folder (or \_ISO\ANTIVIRUS or any other menu folder where you want it to be listed).

Create an empty folder called "\Kaspersky Rescue Disk 10.0" on the E2B USB drive now.

NOTE: For krd.iso 2018 versions, the folder name has changed to "\KRD2018_Data".

3. Boot from the ISO menu entry. Ensure that your USB drive (sdb1) volume has been mounted and appears as an icon on the Desktop as well as the C: drive icon (don't abort any dialogs!). If they are not there then reboot and try again.

On first boot to Kaspersky from E2B using this menu, download the updates (you will obviously need an internet connection). They will usually be automatically stored on internal Hard Disk C: by Kaspersky but if it finds the "\Kaspersky Rescue Disk 10.0" folder on the E2B drive, it may copy the updates there instead.

4. When the download of the updates have finished, if the USB \Kaspersky Rescue Disk 10.0 folder is empty, copy the whole "\Kaspersky Rescue Disk 10.0" folder which now contains the updates from C: or sda1 (the internal HDD) to sdx1 which is the USB drive partition 1 (if you only have one hard disk, the USB drive will be sdb1).

Now rename the "C:\Kaspersky Rescue Disk 10.0" folder on the hard disk to something else like 'Junk' to get rid of it.

IMPORTANT: Ensure the update folder \Kaspersky Rescue Disk 10.0 does NOT exist on the Target hard disk in any volume. It must only exist on the E2B USB drive.

5. On the next boot, the updates should be found to be already present on USB drive (check you can see the drive icon on the Desktop).


If you find that the Updates are old or not present...

1. Ensure you can see the sdx1 icon on the Desktop to show it has been mounted as a volume by Kaspersky.

2. Ensure any target system you test does not already have the \Kaspersky Rescue Disk 10.0 folder anywhere on any HDD in the system - if so delete it and reboot from USB.

Always shutdown Kaspersky linux nicely or updates may not be saved!

E2B USB Drive contents when it is all running smoothly are:

\Kaspersky Rescue Disk 10.0