UEFI AV Boot Disk

[Erick]

Manufacturers just seems to want to make it harder and harder to get into the BIOS these days.

I'm embarrassed by the amount of time I've had to spent fighting with various laptops just to be able to get into the BIOS so I can turn on Legacy and use the tools I've been using for years and have worked great for me.

Does ANYONE make a UEFI Boot Disk for AntiVirus? I'm tired of fighting this battle to make things work for the tools I have and are still effective. I just want something that works without having to go through a new learning experience every time.

 

[Encrypted Existence]

google it. Seriously, 15 seconds googling gave me the answer to your question.

 

[glricht]

If you have a bootable ISO, just use RUFUS (https://rufus.akeo.ie/) to create a bootable USB flash drive. I've been doing that for a long time and no longer have to go into BIOS in the first place.

 

[Larry Sabo]

I'm embarrassed by the amount of time I've had to spent fighting with various laptops just to be able to get into the BIOS so I can turn on Legacy and use the tools I've been using for years and have worked great for me.

This gets really troublesome with some Acer laptops because once you switch to legacy to boot from the ODD/USB, none of the keys that used to get you back into the BIOS (F2, Del.) work any more. The only solution I've seen is to flash the BIOS using a DOS disc that contains a recent BIOS update. Luckily, my customer was looking for a reset anyway, so doing a N&P from the ODD solved my problem. However, I did have to remove and slave the HDD to my system to back up the user data first.

 

[GTP]

Great advice Larry! I thought I had broken something!
I ended up pulling the battery and CMOS battery for an hour. Got me back in.

 

[Krynn72]

google it. Seriously, 15 seconds googling gave me the answer to your question.

Do you actually understand what he's asking for?

I haven't had a need for one in a long time, but I don't think there's many, if any UEFI rescue disks

 

[NviGate Systems]

I made my own.

There are a few projects around. Now this is what I use myself, legality is probably fine for personal use but for Commercial, well not so much.

Back in the day Norton used to make bootable discs. Don't know if they still do. Microsoft makes MSDaRT, but that's not free.

You can make a standalone Security Essentials boot disc, that should support UEFI.

 

[Larry Sabo]

I gather (from these instructions) than all you need to do is ensure your bootable media is formatted FAT32 instead of NTFS?

 

[NviGate Systems]

It has to be FAT32 and have a firmware boot file ia32boot.efi or x64boot.efi , the names could be wrong.

The image or software also has to support EFI, so any DOS based tools are out, and any PE based on Windows Vista or earlier won't work in x64 EFI, and any PE based on Windows 7 or earlier won't work in EFI 32 Bit.

Note some CPU's may support X64 but are firmware locked to only support 32 Bit. That's not much of an issues today but first gen devices it was quite common. Also most 64 Bit EFI will not take 32 Bit EFI images.

 

[Larry Sabo]

Thanks, @NviGate, I figured it had to be more complicated than just having the boot device formatted FAT32.

 

[Diggs]

This article discusses all the different AV bootables but it's probably second-hand info. In the case of Avast, I have never seen it successfully create a bootable "Rescue Disk" and I don't know anybody that has.

http://www.digitalcitizen.life/top-free-bootable-antivirus-rescue-discs-windows-pcs

 

[Larry Sabo]

But are they bootable from UEFI without changing to Legacy? They don't say.

 

[GTP]

But are they bootable from UEFI without changing to Legacy? They don't say.

From the "Norton Bootable Recovery Tool" website..."
Select the DVD or the USB drive on which you created Norton Bootable Recovery Tool, and then press Enter.
If you use a UEFI-enabled computer, (italics mine) select the recovery media under the Legacy Boot option instead of the UEFI Boot option. The recovery media is the Norton Bootable Recovery Tool DVD or USB drive...."

Other sites say the same or similar. I suspect that because they are running on non UEFI versions of Linux (most of these run on Slitaz, TinyCore or Puppy) that it requires a trip into the BIOS to change it manually.

Edit : It would be great if these tools could be "slipstreamed" into a UEFI version of a full Linux distro like Mint or OpenSuse!
Where is Klaus Knopper when you need him!

 

[Larry Sabo]

If you use a UEFI-enabled computer, (italics mine) select the recovery media under the Legacy Boot option instead of the UEFI Boot option.

Aye, and there lies the problem with Acer laptops, where you can't change it back to UEFI because the keys to enter the BIOS don't work once you've changed to Legacy. It would be nice if purveyors of bootable tools indicated whether they are UEFI-bootable or not. My impression is, some are, many aren't.

 

[Altster]

This "might be" a bit of overkill, but it has more than just what you are looking for (to be able to boot using uefi)...

http://www.easy2boot.com/add-payload-files/adding-uefi-images

Up until recently I was using Y.U.M.I. for my multiple boot setup, but have since switched to Easy2Boot because once you understand how to set it up, it is mighty easy to do.

 

[HFultzjr]

All this "hoop jumping" is why I pull the drive and slave it.

 

[Diggs]

All this "hoop jumping" is why I pull the drive and slave it.

Most AVs won't make the changes you need them to when the drive is slaved rather than running under the drive's OS.

 

[JoeTech]

All this "hoop jumping" is why I pull the drive and slave it.

With some laptops it is not worth the hoop jumping of completely tearing it apart just to remove the hard drive though.

 

[Diggs]

With some laptops it is not worth the hoop jumping of completely tearing it apart just to remove the hard drive though.

I hate "clamshell" laptops. I need to charge more when I go into those.........

 

[NviGate Systems]

If the AV scan won't work when slaved, you could be running into an issue with Hybrid Power. If a system Hibernates as part of Hybrid Power, any changes made to the disk are lost unless you delete hiberfile.sys at the root of the drive, but that's a system file.

You can press shift while shutting down Windows 8+ and that disables Hybrid Power once for shutdown.

Another option is to Virtualize the system then run scans then move back to the physical. But that's just insane.

A cooler approach would be a bootable EFI disk which would make the internal drive an iSCSI drive which then you could scan remotely from another workstation.