Love the concept & idea behind this software, however a chink in it's armor is; you must defeat/disable, 'rootkit scanning', in your security protection software. The install of Rollback Rx should advise and or disable Rootkit scanning, in security apps, thus allowing an informed decision upon install. Hopefully a new version will, allow all defenses to be used.
That is not the only chink in its armor, search this forum for the horror stories AND STAY AWAY from RollBack Rx. You have been warned.
Do you really have to be this negative? I respect your experiences with Rollback RX and with HorizonDataSys, but this is from the time when a lot of technical transitions took place (Win7 / Win8, UEFI, Secure Boot, GPT hard drives, large HDDs > 2 TB). In the meantime Rollback has improved considerably, the last few builds have been very stable. You do have to understand how the software works, if you don't care you will get bitten sooner or later. But your advice to just stay away from Rollback is not justified at all these days. I think you are a little biased. And comparing the current version of Rollback RX with the current incarnations of AX64 I have to say that I would rather recommend to stay away from AX64 at the moment... Cheers manolito
Well, maybe you are correct but once bitten twice shy, and this recent thread has not done anything to deminish my concerns https://www.wilderssecurity.com/threads/ax64-rollback-rx-help-questions.371396/ Mind you the advent of the new Drive Cloner is a good thing (after how many years of missed release dates) so maybe recovery from Rx disasters is now possible. You would need to remember to use it very regularly to have reasonably up to date protection of your data though. Hourly would make its protection comparable to AXTM but that hardly is practical. As for directly comparing Rx to official AXTM releases (and even to betas),,,,,,when TM fails its not a big deal, all you have to do is do a cold restore,,,,,,when Rx fails your system is pretty much toast and from the sound of it (again indicated in the link above) HDS support is still poor.
Rico, in the world of RootKit scanning, Rollback's IS a RootKit... albeit a benign (friendly) one (sometimes known as a BootKit). It's BOOTing structure looks exactly like the way a RootKit would invade a system, which Rollback actually does... it invades your system in a major way. I'm not sure they can redesign this structure easily without limiting its current capability. ...and there are many of us here in the Wilder's Imaging arena primarily due to Rollback destruction of our system along the way. Not just hiccups but major destruction and loss of data. Many users have great success with Rollback, but many others have horrible experiences... my guess to the reason why, unusual system configurations. This appears to be the same situation with the AX64 Time Machine as far as configurations go... although when AX64 fails it usually doesn't destroy your data, it is an imaging engine after all. Careful evaluation of a snapshot product along with reliable system imaging (most likely two different applications) is the only way to approach this problem until someone in the market puts forth the reliable consistent hybrid we're all looking for... and that hasn't happened yet. AX64 Time Machine has an interesting approach to this problem, although there are many kinks to be worked out as of yet... it will take some time to work these issues.
I read a post a few months or more ago, which stated that RX had changed to copy on write, rather than redirect. I can't find any other mention of this, so not sure if it's accurate or not (suspect not). Anyway that might seem to be a 'safer' way of doing things, albeit presumably with a performance hit (maybe not much of an issue with SSDs).
Okay, I guess the only harm is a "rootkit" scan would ID Rollback Rx, as an invader, and want to remove it, thus damaging Rx. So if we knew what the scanner identified, why not exclude in the AV or other scanners? I would rather them tell us what not be allowed for removal, than hobble, all sorts of security software. Note my first introduction to this form of software was "Comodo Time Machine", I have not known anyone who experienced troubles with this one.
1st item - RootKit exclusions are difficult. There's really no easy way to signature a RootKit for library reference (wide ranging sizes and approaches to RootKitting), only heuristically identify it and warn. 2nd item - if you're saying you've never heard of anyone having trouble with Comodo Time Machine, I'd say you've been visiting another planet for an extended period of time Not to be flippant here, but CTM over the years (and it's no longer available for good reasons) has had more incidents of system destruction (documented within the available forums) than any other REDIRECT ON WRITE snapshot solution ever created. The only time I ever tried to use it, it destroyed my system (yes, I had an imaged backup). I then went to lookup various experiences with the product and ran into a tsunami of bad press (along with some good experiences). I gave up very quickly at that point.
Unfortunately, CTM still is available from various download sites including MajorGeeks and Softpedia, but I echo your experience with it. I also had my system trashed by Rx to where it was unrecoverable (via all Windows recovery methods). I finally resorted to restoring my week-old backup image and recreating a week's worth of work. Needless to say, I then said goodbye to Rx (my conclusion, bootkits are bad news). I then tried AX64 and found it to be unreliable (albeit it didn't trash my system). Finally, I moved on to Shadow Defender and haven't looked back (nevertheless, SD is not a substitute for a reliable image backup program)! Cruise
Regarding CTM, I've known 3 - 4 people who have used this, & reported no problems, so I've not done any looking into it's issues. I also knew it was not being developed, but still available. CTM naive Regarding the rootkit thing, wouldn't the AV scan for "rootkit" repeatedly identify the same RX file? & hence knowing this we could not delete it, then perhaps exclude it. TDS Killer & SOPHOS etc, find and alert of suspicious, files, for further investigation. I do make regular backups using Macrium, my thinking was an easy restore, on the road. Also SD best $35.00, I've ever spent
I don't believe RootKit identification has to do with file signatures at all. A good RootKit can use "normal" kinds of files to do its dirty work. RootKits are mostly found by examining process flow, not file signatures, especially where normal, expected BOOTing process flow has been disturbed from what scanners consider the norm. Some known RootKits include known bad files associated with their nefarious deeds and these are readily recognized, but general RootKit scanning does not work like virus signature scanning at all. As far as SD is concerned, any partnered imaging tool you may use along with SD cannot use any sort of file system tracking mechanism (AX Time Machine, Shadow Protect, I believe, etc.) or you will get pretty screwed if you try and save any of that virtualized file action into your real system. Macrium does not use any sort of developed file tracking info other than the normal file system files available for comparison.
All very true, but my image backup of choice is Drive Snapshot, which is extremely reliable and has no conflict with Shadow Defender. I know that IFW also 'fits that bill'. As far as AS64 goes, I guess it has some promise (eventually), but at this point it is still in the beta-testing stage (at best). So I'm very satisfied with SD - which works perfectly in the presence of DS, IFW (as well as with many other 'traditional imagers') and vice-versa. Cruise
Rico, As one who has been burned badly by CTF and Rx, I would leave you with this advice... Use them if you wish, but make backups (with Macrium in your case) a very frequent practice because sooner or later you will have to recover your system by restoring one of those backups! Good luck, Cruise
I am using Rollback XP for testing malware and security software. So far so good. Interestingly no problem on a dual boot set up( XP and Ubuntu).
Rollback Rx free ....promo here..... -https://www.facebook.com/HorizonDataSys/photos/a.477314724867.261192.50478479867/10152948117169868/
Manolito your reply reminds me of bgoodman4, 1-2 years ago... Unfortunately RollbackRX has this effect. One is becomes great fan of it until it bites him in the ass... a painful experience that one never forgets... Panagiotis
Let me make it clear that I use it and I know what I am doing and I have full disaster recovery in place, if needed. I will not recommend it for any one.
Question for The Rolling Frog I've tried before, but it didn't seem to work, and that is to include Rollback and all snapshots into a System backup image. However when I restored to this image the whole system would not boot So the question is Do image the partition? or the whole disk for this to work? Also on another note about whole disk imaging Acronis True Image 2015 says the size of the whole disk is 512GB but the entire size of My SSD is only 120GB how come this shows at such a large size?
DVD, I haven't done much of this in a while but others have and it works under most circumstances... only when an ALL SECTOR (Raw) image was taken. If this is done under LIVE, Rollback-protected Windows, it will never work due to the fact that RBrx will never let you have the specialized constructed MBR that it needs to operate, it only gives you the original MBR it replaced when installed... only under external non-LIVE imaging will you get the real RBrx constructed MBR (the BootKit, as they say). The other thing needed is a "real" imager... one that reconstructs the storage volume EXACTLY as it was when imaged. IFW did this very successfully until v2.77 or v2.78, then things went haywire following a restoration. This led me to believe that IFW no longer did a block-for-block reconstruction from that version on. Drive Snapshot in the old days worked just fine, even Acronis was successful at this at one time (I know not now). If RBrx is protecting only one volume, only that volume was needed in a RAW (all sector) format to restore snaps. If it was protecting multiple volumes, then the whole disk was needed. These days, almost all the imagers have changed somewhat and I haven't done any additional testing since IFW v2.78.
@Cruise, Thanks! I practiced, restoring an old XP machine using Macrium 5.3, seems you make so many backups, & so few restores. Forgot how easy it is. Next much skeptical regarding Rx
Since Horizon keeps (ridiculously) advertising Rollback RX as an bomb proof "I can do it all" holy than thou piece of software that will save your day in all cases, I'm actually glad people on here and other sites are so quick to warn others about Rollback.
I really can't think of a better way to describe a Rollback RX experience. I, during the days of v9,1, was one of those RBrx champions, extolling the virtue of this great application... even going so far as to discover ways to backup the current system image and all its snapshots. Then the butt BITE, as Panagiotis so eloquently describes... not just in 1-system but many others I held responsibility for. Mine was fine due to decent system management policies but others were basically unrecoverable. I can't even describe how much pain was involved under those circumstances. If you want a typical example, see the RickFromPhila thread right HERE in this forum. Nowadays I occasionally test with RBrx but not very often, and when I do, the system is fully protected... there's really no other way when using any REDIRECT ON WRITE snapshot tool.
Hi Guys, I've now uninstalled Rollback Rx, on two machines. Thanks for the heads up regarding the potential disasters, with this software. Big THANKS to Froggie, your RickFromPhila, was the tie-breaker for uninstall. Thanks ALL & 'Happy New Year'
I said it before, and I will say it again: Anyone who uses Rollback RX without an additional image based backup software is just plain stupid. Wilders forum members should really know this, and I feel no compassion for anyone who has been bitten by snapshot software like Rollback without having a secondary layer of security. But the same is also true for AX64. Neither is it a reliable imager, nor is it a fast snapshot software. Running it as your only backup solution is also just plain stupid. So the alternatives are 1. Use an imager (like Macrium or IfW) plus AX64 2. Use an imager plus Rollback RX I prefer #2 because as a snapshot software Rollback is just so much faster compared to AX64. Some folks mentioned how important it is for them that an imager should be able to backup the Rollback snapshots. Frankly I don't see this necessity at all. By default Rollback deletes all snapshots which are older than 7 days, and it is not a good idea to increase this number. Make at least an incremental image backup every two or three days, and you are pretty much protected. A Happy New Year to everybody... Cheers manolito
