Ok, I keep a snapshot with everything on it I need, server 2003 and I consider it my flagship. Recently, I decided it would be a good idea to make an xp snapshot just for gaming, so I wouldnt have all those services running like I do on server 2003- so I set to that task. Over the course of about a week now, i've been slowly building up my xp snapshot for the purpose of playing games(though i'm not a big gamer). Eventually I got to thinking "do i really wanna keep this snapshot totally offline?" so I threw a firewall and antivirus on it so I could get online a little from that snapshot. Anyways, today I was about all done setting up my game snapshot, I wouldve been finished today....

I was kicking around looking through program cracks and downloaded one, and for whatever reason, I didnt have nod32's file system monitor enabled. I got a virus- and I turned on nod32s file system monitor, it starting giving warnings every split second, saying all these processes, including itself, was a virus... including isr service. Now I had not yet created an archive of my game snapshot, but I decided to go ahead and cut my losses and delete the snapshot- so I booted back over to server 2003, and everything was ok, till i ran first defense isr to delete the snapshot- apparently, the virus had latched onto isr service, and when I ran it from server 2003, I started getting the same behavior as I had over on xp- avira went nuts, and I couldnt do anything about it, there was just nothing I could do. I couldnt get to my other snapshots because isr wouldnt run.

So, I went and dug out my server 2003 disc, installed it fresh- then I installed first defense, and pointed it to my archived snapshots. I copied back over my main server 2003 snapshot ( which was only about 3 days old ), booted into it, then deleted the fresh install snapshot. I'm now in the process of copying back over my other small snapshots. If i'd not had those archived snapshots, i'd be starting completely from scratch. If i'd archived the game snapshot id still have it too, but I wasnt ready to archive it yet, and I just didnt think anything would happen.

After thinking it over, maybe its not such a great idea for me to keep a snapshot just for gaming- it was beginning to take on a life of its own and I just dont need that complexity, id rather install my games on server 2003 along with the rest of my stuff and maybe close a few services before I play or somethin.

Anyways, that virus sure knocked me on my ass- it took out both my main snapshots- it was the archives that saved me in the end. I sorta wish i'd archived that gaming snapshot, just so i'd have the option of restoring it if I wanted, but thats life- I try to think of every mistake as a chance for me to learn something and come back stronger, and to learn the good points of being wary. I never had been hit by a virus ever, but today I was, and it nearly took my system out and caused me a lot of time, but thanks to first defense I managed to stave it off- I have only my own foolhardiness to thank for the trouble I created, had I thought before I acted it never wouldve happened.

So, 3 lessons from this are:

Keep archived snapshots of everything and auto update them daily, and
Keep your antivirus's file system monitors enabled, and
Be careful fooling around with cracks etc....


I just lost a week's work, but it couldve been far worse

Glad to see you weathered the storm, thanks for sharing, a good reminder to us all.

Hi Chrome

Couple of thoughts. First have you considered something like ReturnIL or Sandboxie for that kind of play. ReturnIL should have dumped it on reboot, and Sandboxie does great at containment.

Your are absolutely right about frequent updates of Archives. To that I'd add imaging like Acronis or Shadowprotect. That would have made recovery even quicker.

I think ErikAlbert should see this thread...

{QUOTE-> Be careful fooling around with cracks etc.... <-QUOTE}

Well, that goes without saying, doesn't it? ;)

{QUOTE-> I was kicking around looking through program cracks and downloaded one <-QUOTE}

NEVER go to crack sites. Porn sites are not bad, warez sites are not bad neither are torrent sites. These (dedicated crack sites) are the real malicious ones. I know a dozen stories identical as yours. I'm sorry that you had to learn your lesson the hard way :-\ Why on earth did you have your NOD's resident protection disabled when surfing crack sites and downloading stuff? This was rather irresponsible >:(
However, this thread is a good feedback on how FDISR should not be used as a security app. Another reminder that every app has it's place... and purpose.

Cheers,

Hi, folks: I am glad that FD-ISR's archives snapshot saved your bacon. I remember that FD-ISR strongly recommends to put archives snapshot on a different partition, I do not know whether this is so in your case, but anyway you have survived. Happy for you.

Let me ask, how the virus was able to infect both snapshots?
I heard of it first time. Until now I thought it to be possible in theory only.

{QUOTE-> Let me ask, how the virus was able to infect both snapshots?
I heard of it first time. Until now I thought it to be possible in theory only. <-QUOTE}

Aigle

FDISR isn't security software. Everything is uses is on the hard drive. It is only protected by Windows XP permissions. If FDISR can elevate permissions to copy across, so can malware.

It becomes more protective if you keep archives off disk.

Pete

Hey chrome: thanks for posting that.
Respect: Very humble of you :)
Echo to all those comments about keeping a schedule of some sort re archives, etc: so easy to forget and then remember what a fecking pain a recovery is.

Did you catch it: send it anywhere, anything able to stop it?

Good "snapshot" of recovery with that little jewel FDISR.

Said it before: FDISR is my cornerstone and BING my spine.

Defence Wall: nudge nudge

lol so easy to be wise after the event.....:shifty:

regards.

{QUOTE-> Aigle

FDISR isn't security software. Everything is uses is on the hard drive. It is only protected by Windows XP permissions. If FDISR can elevate permissions to copy across, so can malware.

It becomes more protective if you keep archives off disk.

Pete <-QUOTE}
I understand this.
I am just surprized as this is the first actual event of this type. So far it was just a theory as we thought of actually exploiting FDISR that will have very very low chances. But now I know that even some malware messing with awindows services can mess with FDISR and there may be other possibilities too, short of actually exploiting FDISR.

BTW i still doubt that it happened so. May be both snapshot infected separately. Not sure.

Thanks guys for the replies and interests. I just dont quite know what happened. Nod32 wouldnt function on the infected snapshot, it kept finding everything including itself to be a virus. I couldnt install anything, I kept getting errors- I couldnt install java so I could do an online trend micro scan. Then once I booted back over to my main server 2003 snapshot, I scanned the isr folders with both trojan remover and avira- but nothing was found. Everything was fine on that main snapshot until I brought up isr for the purpose of deleting the bad snapshot- then the problem migrated to my good snapshot, too. I just didnt see a choice but to nuke all snapshots and restore from archives. If i'd just archived my gaming snapshot earlier in the day, I wouldve lost literally nothing, except a little time. No matter how many fail safes I have in reserve, it seems like something, somewhere, in one form or another, usually eventually gets me, and hampers my progress towards setting up the computer for a good computing experience. This is usually due to my own oversights-
I tend to get too comfortable after awhile with no trouble, and I get over confident. Then a minute's indiscretion is all thats needed, to cause yourself a potentially big problem, and set back progress. Fortunately for me, these setbacks are getting more minor as time goes along.

I will be brushing up even more now on my defenses, and instituting more self discipline as regards archiving my snapshots and updating my acronis disk images.

All in all im contented, because I could've got hit alot harder than I did.

Thanks again for the advices/feedback ;D

{QUOTE-> BTW i still doubt that it happened so. May be both snapshot infected separately. Not sure. <-QUOTE}

It did happen so- I did not infect my good snapshot once the other one was infected. All I did was run first defense for deleting the bad snapshot, and once I did that the infection spread to my good snapshot- i'm 100% positive of this.

{QUOTE-> It did happen so- I did not infect my good snapshot once the other one was infected. All I did was run first defense for deleting the bad snapshot, and once I did that the infection spread to my good snapshot- i'm 100% positive of this.
Reply With Quote <-QUOTE}

That in itself is interesting: if FDISR exe/services can be corrupted then unfortunately whole "on disc" snapshots might be lost and then neccessary to restore OS and .arx file :-\

I hope Todd is looking at this.
While I know FDISR is not "security" app, I have sort of regarded it as a buffer: lose one snap : boot to secondary etc.

WOuld seem this might have implications for ROllBack ??

If the actual processes are corrupted then = cooked goose. as happened: Swedish style ;)

That was why I was wondering what the cockroach was and whether the way your FDISR was wrecked could be commented on.

ADD What's to say Pete that the samething couldn't happen to your Shadowprotect exe or back-up processes? ( in the event of an inadvertent careless hex) although I recognise chrome had little or no protection running.

The virus is in this torrent i downloaded:

[Do not post links to cracks here - Blue]

the file is called
East-Tec.Eraser.2007.v8.5.2.100.Multilingual.Cracked.WinAll-BRD

anyone who downloads it, be careful

whoo-hoo lucky users of that torrent :(

{QUOTE->

ADD What's to say Pete that the samething couldn't happen to your Shadowprotect exe or back-up processes? ( in the event of an inadvertent careless hex) although I recognise chrome had little or no protection running. <-QUOTE}

It could but I don't see it an issue. Both images and FDISR archives are off disk, with copies on external drive that is turned off.

In this case Chrome knew he had a problem, so even if on disk SP processes are corrupted, you don't use them for recovery anyway. I doubt what hit him could corrupt a CD sitting on my desk, which is where the need processes are.

When I restore, I am booting to a CD. Hard drive is out of the picture. First thing I do before starting restore is delete the volume. Don't see anyway anything on the drive could have any effect.

{QUOTE-> The virus is in this torrent i downloaded:

[Do not post links to cracks here - Blue]

the file is called
East-Tec.Eraser.2007.v8.5.2.100.Multilingual.Cracked.WinAll-BRD

anyone who downloads it, be careful <-QUOTE}
Hmmm.... just in time to copy that link.
If I have ever time, I will try it out to test my frozen snapshot and my poor security setup. ;D

@Peter2150
{QUOTE-> It could but I don't see it an issue. Both images and FDISR archives are off disk, with copies on external drive that is turned off.
In this case Chrome knew he had a problem, so even if on disk SP processes are corrupted, you don't use them for recovery anyway. I doubt what hit him could corrupt a CD sitting on my desk, which is where the need processes are. lol
When I restore, I am booting to a CD. Hard drive is out of the picture. First thing I do before starting restore is delete the volume. Don't see anyway anything on the drive could have any effect. <-QUOTE}

Sure
I thought I recalled you saying you were running a high frequency incremental back-up schedule and that was what my question was directed at.

@E-A
{QUOTE-> Hmmm.... just in time to copy that link.
If I have ever time, I will try it out to test my frozen snapshot and my poor security setup. <-QUOTE} lol

{QUOTE-> Keep archived snapshots of everything and auto update them daily <-QUOTE}

Capital idea! Always and everywhere keep ARCHIVES of your most cherished snapshots on alternative media like another hard drive or other of your choice and FD-ISR will save your skin. Imaging of course is the very last line of emergency restore relief, but in most cases FD-ISR, " .arx archives" are the key to putting Humpty-Dumpty back together again, and all in one piece as before.

It's one amazingly piece of work that any user will find as a trusting apparatus they really can turn to in event of such a catastrophe.

How guys do you prevent disaster which the Archive locations [physical,virus,theft,fire,flood etc.] Which measures you take,in general i guess the archives are more important to us than you current int. harddisks which can be replaced easily.So it eased me something to have multiple copies of all archives on multiple locations,maybe very reduntant but you never ever know........better save then sorry.

{QUOTE-> How guys do you prevent disaster which the Archive locations [physical,virus,theft,fire,flood etc.] Which measures you take,in general i guess the archives are more important to us than you current int. harddisks which can be replaced easily.So it eased me something to have multiple copies of all archives on multiple locations,maybe very reduntant but you never ever know........better save then sorry. <-QUOTE}

Yes. Make copies of internal drives and images on external USB drives which are turned off as we ... err.. speak.

{QUOTE-> @Peter2150


Sure
I thought I recalled you saying you were running a high frequency incremental back-up schedule and that was what my question was directed at.

<-QUOTE}

I am, but when that is running, that machine, while online, it is behind a router, OA and Prosecurity. Also should a browser be used it's sandboxed. Only the safest of on line activity, not only during business, but in general on that machine.

Even if I did something that caused a problem, I'd know when I did it.

Besides Longboard, even with my worst surfing, I've never triggered my AV's. Thats why now the only place I even run one is in my VM machine, that I do push to limits at times.

Pete

Good question huupi- I myself just have one archive of each snapshot on a seperate disk from my operating system, in a folder called "images/first defense isr".

I don't think the virus I caught specifically targeted first defense, it just infected many things and it was one of them. I guess it wouldn't be a bad idea to keep more than one copy of the archives, maybe on an external drive, or at least on another location on your system. Now if there were virrii specifically created to target .arx files, I may get worried, but I don't think that's an issue at present, so I tend to feel fairly secure with one archive of each snapshot and an acronis image of the entire drive. Large hard disks are really nice in that they afford the plenty of space needed for one to keep things such as multiple backups, without sacrificing other things.

One thing to consider- is that first defense doesnt come with a rescue cd, with which you could boot from dos and recover with a backup of your choosing, you only can recover from archives in one specific location. The aforementioned ability is usually the realm of traditional imaging applications, which first defense is not (though obviously it holds it's own niche).
Meaning you'd have to do as I did- install windows fresh, install first defense, then copy over your archive and then boot to it.
Whereas with most imaing applications, you can put it's rescue media in the drive, and use the software to specify an image you want to restore, and it's all done from dos- a couple steps less. The best method I think, is using a combination of both methods in addition to file/folder mirroring applications. These 3 ways seem to harmonize very well for me.


-
By the way as an update, i've already caught up and then passed the point I was at when the virus hit me, in the progress of setting up my system to my liking- thanks to first defense-

Thanks you guys, for all the help and comraderie ;-)

I think it is a good idea to keep images and archives, that are based on a fresh installation, because they are as clean as possible.
When I install my computer from scratch, I avoid any internet connection as much as possible.
Unfortunately, more and more software companies make a 100% off-line installation impossible.
So sometimes I have to go on-line, but I keep these internet connections as short as possible.

During this re-installation and configuration, I can create clean images and archives at crucial moments, put them aside and use them only for restoration, not for daily backup or archive.
After awhile these images and archives will get out-of-date, but they are at least clean and a good start to get my computer back in a healthy state.

That is the main reason, why I will re-install my computer in September.
To get these clean images and archives to avoid a total manual re-install and configuration from scratch in the future.

Where you store all your images and archives is a separate problem.

Which ever dropping prices on harddisks ,it should't be problem to create more locations on different disks. My primary[worksnapshot] be continually updated/refreshed with a primary archived snapshot(vice versa)along i keep a archived snapshot(primary copy) which is updated once a week.Why ? If my working primary collapse at some time, and just very recently before i did an update to mine archive,then i can't recover by refreshing my primary with the archive because both are almost identical !So i use my "once in a week snapshot"to recover easily. Beyond all this everything is covered by Shadow Protect so there are several strategies to use to recover !

Please excuse my ignorance but I've never heard of "cracks". Can anyone explain what they are? Thanks. :)

{QUOTE-> Please excuse my ignorance but I've never heard of "cracks". Can anyone explain what they are? Thanks. :) <-QUOTE}
Somehow I don't think that Wilders is the right place to explain what cracks are and encourage readers this way to use them. Cracks are illegal and most probably the main reason, why more and more software companies create softwares with activation to protect their software against piracy. I hate activations.

Erik, while I agree that this isnt the place to discuss cracks as they are beyond the scope of the forum's functional area- he just asked what they were, and since this is foremost a place of learning, we may as well tell him- if he wants to learn more thereafter, theres google etc.

tw- cracks are small programs that break the registration protection of applications- making them registered and function as though they'd been paid for, although they were not. Crackers have their own sub cultures actually, with different groups competing to see who can produce a working crack for such and such an application first, etc. Go hit gigablast and do a search on it, it makes for some interesting reading.

Chrome

{QUOTE-> Somehow I don't think that Wilders is the right place to explain what cracks are and encourage readers to use them. Cracks are illegal and most probably the reason, why more and more software companies create softwares with activation to protect their software against piracy. <-QUOTE}

If software becomes more prominent and more to be known by many then crackers will be focus their attention on and will sucseed in cracking any code,for almost every paid software there cracks around the web.

{QUOTE-> Erik, while I agree that this isnt the place to discuss cracks as they are beyond the scope of the forum's functional area- he just asked what they were, and since this is foremost a place of learning, we may as well tell him- if he wants to learn more thereafter, theres google etc.

tw- cracks are small programs that break the registration protection of applications- making them registered and function as though they'd been paid for, although they were not. Crackers have their own sub cultures actually, with different groups competing to see who can produce a working crack for such and such an application first, etc. Go hit gigablast and do a search on it, it makes for some interesting reading.

Chrome <-QUOTE}
Thanks for the heads up. They make it tough for the rest of us. As Erik says, he hates registrations, as do I. If these crackers didn't do their thing we might have an easier time registering.

Hey Pete:
{QUOTE-> I am, but when that is running, that machine, while online, it is behind a router, OA and Prosecurity. Also should a browser be used it's sandboxed. Only the safest of on line activity, not only during business, but in general on that machine.
Even if I did something that caused a problem, I'd know when I did it.
Besides Longboard, even with my worst surfing, I've never triggered my AV's. Thats why now the only place I even run one is in my VM machine, that I do push to limits at times.
Pete <-QUOTE}
Got it
I keep forgetting about your "separation" rules and set-ups.
I also have a box that has NEVER been on the net. Never had XPProSp2 patched, runs my biz apps and db: no one but me EVER goes near it with any writeable media, never even twitches
( except for HD burnout, that is another story and why back-ups RULE :D )
..and that is also backed up..with FDISR and BING..reminds me.. hits shortcut to IFW...;D

Regards

"no one but me EVER goes near it with any writeable media".. hmm in retrospect that may give some people the shivers;D ;D

{QUOTE-> If software becomes more prominent and more to be known by many then crackers will be focus their attention on and will sucseed in cracking any code,for almost every paid software there cracks around the web. <-QUOTE}
I know. Long ago, I saw a video created by a cracker group to celebrate their 10,000th crack. ::)

Hi, folks: Cracked programs are very common among applications other than security apps (AV, AT and AS). Some cracked ones come with keygen, as long as outbound connection can be stopped, any code generated by KG may work. Be honest here, I do have few top-notched apps are cracked and safely been used for quite some time, I am not proud of this, but, if prog developer can not protect their own, anyone who happens to be smarter can freely use it. Cyber products are very hard to protect on both ways--consumers and vendors. Often users are cheated out their hard-earned money by vendors, by the same token, vendors may lose thousands thousands income due to crackers' work. This is a real world, everything is for real. No kidding.

I'm really disappointed,

I saw this thread with Erik's name at the side, and assumed he was the author of the original post.

I was like, what, a virus managed to kick the sh*t out of Erik's set-up? How the hell did that happen?

Not wishing disaster on you, Erik, but it would have definitely made for an interesting thread.

While I appreciate all the input, i'd really rather not turn this thread into a discussion of cracks (as per erik's statement). My mention of cracks was only peripheral to the main topic, and only elaborated on in order to allow someone who didn't know what they were, to follow along with the discussion.

The topic is first and foremost about how I got infected with a virus, and how first defense saved my ass....

{QUOTE-> While I appreciate all the input, i'd really rather not turn this thread into a discussion of cracks (as per erik's statement). My mention of cracks was only peripheral to the main topic, and only elaborated on in order to allow someone who didn't know what they were, to follow along with the discussion.

The topic is first and foremost about how I got infected with a virus, and how first defense saved my ass.... <-QUOTE}


Sorry i initiated this stray,not Erik.

{QUOTE-> While I appreciate all the input, i'd really rather not turn this thread into a discussion of cracks <-QUOTE}

I agree. This is always a touchy subject, which should be dealt with via PMs. So I strongly encourage everyone to use them instead.

Cheers.

I played with it a little bit. Seems very nasty. On VT it was detected by only Antivir, AVG, Dr.Web, NOD32 and few other, not detected by KAV, Norton, Ewido etc..
It destroyed my Antivir as I was not able to update and run it for a scan.. Here are some popups from GesWall, CH and EQSecure.
I may try it later in detail.
I am currently in Shadow mode, I hope ShadowSurfer will take care of it.
192795
192796
192797
192798

GesWall log when executed inside it.

I was a bit afraid but SS took care of it on reboot( even though I had allowed it to modify/ modify the memory of SS files itself.

Interestingly I got nag pop up from Antivir after reboot while updating and I saw this new pop up first time. On first glance I became afraid that may be it,s a irus or something like that. lol

Seems to me that Anti-Executable would have stopped this one : no installation and no execution.

Sure.

I was just thinking back about when this happened to me. I guess it can be deduced then, that an isr snapshot is not sufficient for testing malware/virii, right? Your thoughts please.

{QUOTE-> I was just thinking back about when this happened to me. I guess it cant be deduced then, that an isr snapshot is not sufficient for testing malware/virii, right? Your thoughts please. <-QUOTE}

Certainly not for something like Killdisk. What I do if I am going to test malware is this:

1. Update FDISR archive.
2. Image system and test restore the image.
3. Fire up Shadowdefender/Returnil/PowerShadow
4 Go into Virtual Machine, and update the VM machine snapshot
5. Repeat step 3 in the VM machine.
6. Test nasties in the vm machine.


May be extreme, but compared to the grief otherwise it's worth it.

Pete

Thanks for the input pete, I actually just installed server 2008 in a vm. The only thing is, it seems you would want to try the malware against your defenses, right? So you'd need to set up the vm, with the same exact malware defense lines you use on your host machine, right? I guess malware cant jump out of a vm, i've never heard of it happening.

Edit - as far as I know, if you want to share files between the vm and host machine, you have to set up a network between the vm and host, right? Couldnt then a virus spread through to the host just as virii spread through networks? I didnt think my thought through well enough before saying the above.

Edit 2 - when this virus hit me, if i'd had a second operating system on another partition/disk (instead of trying to boot over to another isr snapshot), couldnt i have booted to that auxiliary operating system on the other partition/disk, and from there scanned the infected partition and cleaned it safely?

I am sorry to hear your misfortune.

One option to prevent nasties from infiltrating your fd-isr services might be to protect them by a HIPS. SSM for example allows to do that. Of course this does not replace common sense.:P

Frank

{QUOTE-> Thanks for the input pete, I actually just installed server 2008 in a vm. The only thing is, it seems you would want to try the malware against your defenses, right? So you'd need to set up the vm, with the same exact malware defense lines you use on your host machine, right? I guess malware cant jump out of a vm, i've never heard of it happening. <-QUOTE}

Actually my vm machine is set up identically to the host, so you are absolutely right. Vmware just released an update to the workstation where they strenghened it against stuff leaving the machine. One big big advantage of the vm machine, is once I take a snapshot, I can even format the disk, and then go back to the snapshot, like nothing happened. That is a plus the desktops don't have.

{QUOTE->
Edit - as far as I know, if you want to share files between the vm and host machine, you have to set up a network between the vm and host, right? Couldnt then a virus spread through to the host just as virii spread through networks? I didnt think my thought through well enough before saying the above. <-QUOTE}

Well there are two mechanisms. There is a network connection, not to the host but thru it to get on the internet. But for file shaing stuff it is even easier. With the VMware tools installed you can either drag a file from the host desktop to the vm machine desktop or do it with cut and paste. Slick

{QUOTE->
Edit 2 - when this virus hit me, if i'd had a second operating system on another partition/disk (instead of trying to boot over to another isr snapshot), couldnt i have booted to that auxiliary operating system on the other partition/disk, and from there scanned the infected partition and cleaned it safely? <-QUOTE}

Not sure. But that's one reason I only use a 2nd snapshot for boot purposes, and keep everything else in an archive. If some how my machine got totally messed up, I'd just restore an earlier image, and then use the archive to come current.

Pete

{QUOTE-> Not sure. But that's one reason I only use a 2nd snapshot for boot purposes, and keep everything else in an archive. If some how my machine got totally messed up, I'd just restore an earlier image, and then use the archive to come current.

Pete <-QUOTE}

I notice on a regular basis Pete your constant references to IMAGE restores. Being a malware researcher over the years i always run malware thru a test machine to monitor behavior & changes to better assist users who got in trouble. I spent enormous time, sometimes 48 hours without sleep to address and assist users in a HijackThis forum i worked at online. With that i not only fell out of the loop of bringing my own system into line with the times but never really gave serious thought to imaging.

All that is changed since then, with the onset of great rollback apps like FD-ISR which i took for granted as a reliable substitute for imaging, but when something does go amiss and theres no other alternative to turn, imaging is the very final line of recovery that saves from loss of time, effort & work.

Recently i let loose a file-infector virus myself, and not a rootkit or other malware that mimicked something very similiar that happened to me back in the 98 days where i lost a whole drive of data without possibility of recovery, only in this case no outright delete but corruption of every single exe file on a system WITH first-defense. It rendered ALL my snapshots, including the $ISR directory adversely affected even though FD-ISR was able to salvage some of them, the others were beyond recovery, and even the ones working had some programs affected leaving no choice but to wipe that partition afresh and start over.

Thankfully, ALL my FD-ISR reserved ARCHIVES made for successful recovery of the individual snapshots by re-creating them again being they were storaged away from the machine on alternative drives/partitions.

So everytime now when i read all the heavy discussion over IMAGING it becomes very clear & wise that IMAGING alone is extremely vital to maintaining a reliable productive environment without too much loss of time and certainly makes up for loss of critical effort and work.