Tuesday, 26 April 2016

Add ESET antivirus with persistent updates to E2B with UEFI booting (Take 2!)

The method used in the previous blog uses an ISO with an ext3 file for the updates volume.

Here is a different method using a partition image. The two methods are similar but you can add UEFI 64-bit booting if you use this method.

ESET + PERSISTENCE (.imgPTN method)

 This process is for the linux version of the ESET sysrecuse ISO only (2016-2018+).

1. First make a temporary ESET SysRescue USB flash drive using the utility provided by ESET. Boot it to check it works.

You can make a USB flash drive by first booting from a CD made from the ISO or by booting from the ISO in a Virtual Machine and then create the flash drive using the Desktop icon.

Or click here for the old utility. Allow it to download the (older 2017) ISO file - do NOT tick the box to use the current latest downloaded ISO because it won't accept it.

Note: Do NOT make an ESET flash drive directly from the ISO using dd or Rufus. This makes a GPT partitioned flash disk which does not have MBR partitions and so cannot be copied using RMPrepUSB in Step 2.

The ESET flash drive should now have 3 MBR-type partitions.

2. Run RMPrepUSB and select the ESET flash drive and then press CTRL-O - 2

This will swap over the partitions on the ESET Flash drive so that partition 2 becomes partition 1 and is accessible to Windows. In Explorer, you should now see lots and lots of files on the ESET flash drive.

Note: On the latest versions of Windows 10, this step is not required as both partitions should be accessible in Windows Explorer already. Earlier versions of Windows only showed the first partition.



3. Drag-and-drop the ESET Flash drive letter\icon in Explorer (e.g. G:) onto the  MPI_FAT32 Desktop shortcut and follow the prompts to make an eset.imgPTN file on your PC hard drive somewhere.

Note: If you wish, you can use the latest version of the ISO instead of the files on the flash drive. Just drag-and-drop the eset_sysrescue_live_enu.iso file onto the MPI_FAT32 desktop shortcut. The latest ISO may include a \boot\grub\efi.img file for UEFI-booting.

Remember to add 200MB to the suggested size when prompted by MakePartImage if you also want UEFI-booting.

4. Select the ESET flash drive and run RMPrepUSB - Drive-File - Filename= C:\eset - Start=P3 - Length=P3 - File position = 0

This makes an image of the entire 200MB-300MB P3 partition which contains the ext filesystem and the update files.

Note: Your ESET flash drive will still work, but you may like to restore the original partition order by repeating the instructions in this step (i.e. CTRL-O - enter 2 as before).

The ESET flash drive is now no longer required.

5. Copy the eset.imgPTN file and the eset file to your E2B USB drive \_ISO\ANTIVIRUS folder.

\_ISO\ANTIVIRUS\eset
\_ISO\ANTIVIRUS\eset.imgPTN

You can use a different name, but you must use a matching name for the other file too, e.g.

\_ISO\ANTIVIRUS\ESET SysRescue
\_ISO\ANTIVIRUS\ESET SysRescue.imgPTN

Tip: You can use a file extension of .imgPTNAUTO if you want to avoid the user prompt when using the E2B menu system.

6. Switch to the eset.imgPTN partition (e.g. using \_ISO\SWITCH_E2B.exe or using the E2B menu system)...


Make sure that both images are detected and switched in. If prompted by SWITCH_E2B.exe, use 0x83 for the partition type.

7. Add the following lines to the very bottom of the large CSM \menu.lst file that is now on the E2B USB drive (the second menu is for latest version of .ISO file):

iftitle [if exist /vmlinuz] ESET SysRescue\nStart ESET System Rescue
kernel  /vmlinuz boot=casper live-media=/dev/disk/by-uuid/%UUID% quiet splash --
initrd  /initrd.lz
boot

iftitle [if exist /casper/vmlinuz] ESET SysRescue\nStart ESET System Rescue
kernel  /casper/vmlinuz boot=casper live-media=/dev/disk/by-uuid/%UUID% quiet splash --
initrd  /casper/initrd.lz
boot

If you wish you can tidy up the CSM menu and remove the unwanted entries that won't work. You can delete all the entries below the two comment lines:

# --- GENERIC BOOT MENU ---
(delete lines here)# --- ALTERNATE BOOT MENUS ---

Make sure you do not delete the first menu entry which restores the E2B partitions!

timeout 3 and default 8 used here (the gaps count as menu entries!)

Now you should find that you can MBR-boot and the updates are persistent.

Tips:
  • You can use the file extension  .imgPTNAUTO to remove the warning messages when you select the eset.imgPTN file.
  • Use the latest version of the MPI Tool Kit so you can use the menu entry to set a default timeout and boot entry.
  • Note: If you change the name of the eset.imgPTN file, you must also change the name of the eset file to match or you can use a .txt file to change the E2B menu entry text.

Add UEFI64-booting

If the \boot\grub\efi.img file exists, use 7Zip to extract the \EFI folder and copy it to the root of the E2B drive (i.e. the .imgPTN partition, NOT the Easy2boot partition).


Add UEFI32-booting

Download the grub2 UEFI support files from here and extract them to the root of the USB drive (i.e. the .imgPTN partition, NOT the Easy2Boot partition).

This should add grub.cfg and bootia32.efi to the \EFI\boot folder plus a \boot\grub\i386-efi folder (most of the files in the i386-efi folder are probably not required).