Have had CH on one of my snapshots for a look+see: all good
Went to copy to another snapshot and got some errors see attached

All of these are Novatix drivers.
Retried:same errors.

Disabled CH: retry: no errors.
Interesting.
Wonder if theses files are protected in some way from VSS?

Anybody else have similar, or do I need to give Raxco a call?

Regards.

{QUOTE-> Have had CH on one of my snapshots for a look+see: all good
Went to copy to another snapshot and got some errors see attached

All of these are Novatix drivers.
Retried:same errors.

Disabled CH: retry: no errors.
Interesting.
Wonder if theses files are protected in some way from VSS?

Anybody else have similar, or do I need to give Raxco a call?

Regards. <-QUOTE}

Hi Longboard,

Thanks for bring this issue to our attention. We were able to reproduce in-house, this appears to be related to the security hardening in Cyberhawk. What I suspect is happening is FDISR is attempting to change the attributes for the CH drivers. I sent a question to Raxco's support inquiring about the error message to see if they can shed some light on what FDISR is attempting to do and what the error means.

Thanks!

Armando
Novatix Corporation

I am sure that's what is going on. I know with ProcessGuard, if you didn't disable it, FDISR couldn't copy the settings files.

If you can disable Cyberhawk, try that. That will tell you.

TO Novatix thankyou
Look forward to what unfolds

Hey Pete I think you are right: see the OP
{QUOTE-> All of these are Novatix drivers.
Retried:same errors.
Disabled CH: retry: no errors.
Interesting.
Wonder if theses files are protected in some way from VSS? <-QUOTE}
Raxco support has sent some new copy engines for me to test
Interesting that FDISR has no issues with other HIPS so far ??
Wonder how SSM, DW, Prosecurity et al might go?

CH has popped up a couple of times so far so something is working

I"ll let you know.

Great response from both companies.
No "it's not our fault it's theirs" crapola.

OK :thumb:
Raxco sent me a new copy engine and I redid the copy/update
No errors

How 'bout dat? :)

I wonder how many custom copy.exe are out there. ??

I'll let Novatix know.

Just one more little prob ???
My Hosts file seems to have been wiped after copy/update and direct boot to back-up snapshot.
Also gone when I direct booted back to Primary. :-\

More e-mails for christmas.

{QUOTE-> TO Novatix thankyou
Interesting that FDISR has no issues with other HIPS so far ??
<-QUOTE}

fyi I know that Comodo Firewall isn't a pure HIPS but the latest beta has access/modification protection of some Comodo files and Firstdefense can not copy those files to a snapshot. But by disabling a rule in Comodo will release the protection and Firstdefense can copy everything belonging to Comodo.

So I guess if Cyberhawk (or other HIPS with this kind of protection) doesn't have a option to "unprotect" itself temporarily, then one has to disable Cyberhawk/other HIPS during creation/updating of the snapshot. As Peter2150 says.

OK
Fixed :)
Couple of e-mails back and forth

FDISR now copies snaps with CH enabled and disabled: No errors.
Nil other software errors currently
Direct boots and boots from PreBoot to any snap without probs.

I was revisiting this thread because I am reviewing CH
Sukarof's post was interesting.

Any issues with other HIPS apps?

PrevX: No issue so far.
SSM?
DWall?
OA

Sandbox issues
GES?
Bufferzone?
Greenborder?
I suppose it must be those apps that try and protect themselves ??
Suspect we would have heard by now

oopps I have just been through some of the other threads and seen exactly that so: trash this thread. LOL

{QUOTE-> I was revisiting this thread because I am reviewing CH
Sukarof's post was interesting.

Any issues with other HIPS apps?

PrevX: No issue so far.
SSM?
DWall?
OA

Sandbox issues
GES?
Bufferzone?
Greenborder?
I suppose it must be those apps that try and protect themselves ??
Suspect we would have heard by now

oopps I have just been through some of the other threads and seen exactly that so: trash this thread. LOL <-QUOTE}

No issues with Prevx1, or OA. I also had no issues with SSM when I was using it. I always disable KAV so I don't know about it's self protection.

I guess this thread and a couple of others serve to remind us that with FDISR (and any other utility That may use VSS) there is a potential problem.

Really Leapfrog or Raxco should probably make a list of more than there is on the web site or make some more specific guidelines.

It's not that almost anything we have found is not fixable with their help or otherwise but it might simplify some problems that have been found. ??

From the website this was all I could find.

ANd this

I discovered another gotcha, wHen using FDISR with VSS. I installed ShadowProtect which uses VSS. First copy/Update I did with FDISR, I sat and watched wided eyed as FDISR, merrily deleted every file in the target snapshot. It was a repeatable error. Solution was to change FDISR back to RSS.

No problems with SSM 2.3.0605, Outpost Firewall 4.0 and Dr. Web in conjunction with FD-ISR.

Frank

{QUOTE-> I discovered another gotcha, wHen using FDISR with VSS. I installed ShadowProtect which uses VSS. First copy/Update I did with FDISR, I sat and watched wided eyed as FDISR, merrily deleted every file in the target snapshot. It was a repeatable error. Solution was to change FDISR back to RSS. <-QUOTE}:o :o :o :o :o
Holy shite.
Could you elaborate a bit

{QUOTE-> :o :o :o :o :o
Holy shite.
Could you elaborate a bit <-QUOTE}

Nothing to elaborate on. I when I started the copy/update FDISR merrily started deleting the files in the target snapshot. First time, my chin almost hit the floor. Reset to RSS and fixed it. Reset back to VSS and it did the same thing. It only happened once I installed Shadowprotect with it's vss service.

Frankly I like FDISR much better with RSS anyway