Using the Rescue Disk feature of Portable Inspector
  • 15 Aug 2024
  • 2 Minutes to read

Using the Rescue Disk feature of Portable Inspector


Article summary

Summary


Use the Rescue Disk to examine your endpoint without launching your operating systems. It finds and removes persistent or difficult-to-clean security threats that can lurk deep within your operating system.

Rescue Disk can scan hidden files, system drivers, and the Master Boot Record (MBR) of your endpoint’s hard drive without disturbing the operating system. Rescue Disk does not load potentially-infected system files into memory before trying to remove them.

Take note that by default, Rescue Disk quarantines any detected threats to the local hard drive. If you wish to scan without writing any information to your local hard drive, change the scan action settings to Scan only.

image.png

Details


Rescue Disk supports the following file systems:

Operating SystemFile System
WindowsNTFS and FAT
LinuxEXT2, EXT3, EXT4 and XFS
Note: Rescue Disk runs on any Linux distribution installed on a supported file system.
Rescue Disk may encounter this error due to the following configurations/settings. Please ensure to disable the following:
  • Encrypted Disks and Partitions
  • SCSI Disks
  • Raid Disks
  • Windows Fast Boot or Windows Fast Startup
  • Secure Boot
  • Hibernation

Follow these steps:

Preparation

  1. Insert the USB device into the endpoint.
  2. Restart the endpoint.
  3. When the endpoint powers up, open the BIOS or UEFI Setup Utility.
  4. Look for Boot, Boot Order, or Boot Options in the menu, and change the First Boot Device to the USB device.
  5. Exit the menu. Rescue Disk will automatically open after restarting.

Using the Rescue Disk

  1. After you have restarted the endpoint, the Rescue Disk console opens automatically.

  2. Press ENTER, or wait for a short while. The Confirm Disk Log window appears.

  3. Select Yes. The Choose Action window appears.

  4. Select [1] Scan for Security Threats, and then select the type of scan:

  • [1] Quick Scan: Scans only the folders most vulnerable to system threats (such as the Windows System folder)
  • [2] Full Scan: Scan all folders.

The Rescue Disk automatically starts scanning, and you must wait for the scan to finish.

The confirmation message only appears if you have configured the Rescue Disk to:
  • Scan and quarantine objects
  • Inform users before the quarantine starts
  1. If any threats are detected, the message "Are you sure you want to resolve these objects?" appears. Select Yes to remove threats.

  2. After scan logs are saved to the Scanning Tool, confirm the removal of the Scanning Tool from the endpoint.

  3. Press ENTER to restart the endpoint.





For support assistance, please contact us at support@txone.com or your Support Provider.


Was this article helpful?