Is there anything that works like Shadow Defender

And by that I mean this: With Shadow Defender, when my PC is in shadow mode, I can still commit changes to files. I also have a folder on my desktop named Exclusion where I put items that I do not want erased whenever I reboot while in shadow mode. From what I've been able to find, other products like Deep Freeze & Reboot Restore RX, indicate that I must create a space elsewhere (another drive or an allocated space). I am hoping there is software that is available and that works just like Shadow Defender...or is that impossible? Thanks in advance.

 

@RenoKid,
There's nothing! ...and that's why I'll keep using SD (until a future Windows update/upgrade breaks it).

 

RTFM

 

What do you mean?
Did you read the F first post correctly?

 

Thanks--that's pretty much the conclusion I've come to after scouring the web for days now. Like you, I will continue to use SD until it breaks. So freaking sad. Why can't someone else recreate that awesome little program? It works so well, I would have gladly paid him a yearly subscription fee without hesitation.

 

Is perhaps NeuShield an option?

https://www.neushield.com

 

Not even close.

 

If you have a fast CPU, a late generation of SSD, a late generation of USB SSD, an imaging program (in my case Macrium Reflect) can be almost as fast as SD, and very safe as well. Incremental backups can take seconds and restoration of images are usually about a minute if one is restoring only the OS.

I have SD but I have uninstalled it as it is really unnecessary nowadays with fast computers. I agree with you though it is an excellent program, and the best in its class.

 

I completely agree with this. If you have paid version, and do a delta restore (changed only), it will be even faster. I think this is as close as we can get now, in a way that's reliable.

 

Yes that's what I thought. But I do know that NeuShield is basically a sandbox system, so it can revert changes to certain folders, without a reboot if I'm correct. But I know it's not exactly the same as Shadow Defender.

 

You can create a junction/symbolic link to any folder of your choice and it will supposedly work with all types of software without needing to create spaces for it.
The above also works with SD without needing to add the folder to the exclusion list.
Here I did it for the Desktop folder, running Shadow Defender and without add "Desktop" folder to the Exclusion list.

I'm a big fan of SD, but lately I've noticed that it creates its own "diskpt0.sys" file even on the ESP partition without warning and without that ESP partition having a drive letter assigned.
It's annoying enough for me to also look for an alternative to SD which I can confirm doesn't seem to exist.

Anyway, I'm trying Toolwiz Time Freeze, which is 10 years old, but works great here (Windows 10 64-bit).

However, there are (at least) two issues: the first is that if you format a partition, even a pendrive, a warning appears that Windows cannot complete the format, which is instead completed.

If you try to perform a checkdisk, then a warning appears that Windows cannot do it and that you must also do the Repair, which however ends reporting that it found no errors.

If you create a VHD from the OS it still works fine (just as also SD does), apart from sporadic warnings about the file system and the fact that it needs to be repaired.
But then Windows finds no errors again.

There is probably (really, definitely) also a security/privacy issue since Time Freeze writes everything to a cache-file (which it creates during installation with default size of 5122MB) inside a folder in the root of the OS partition.
No cache-encryption at all (opposed to SD that instead does).

Yet I continue to like it because it works in every scenario I have tested it, including VHD and partition imaging.
While DeepFreeze does not work on VHD and Reboot Restore RX does not allow you to perform partition imaging unless after a long and very tedious procedure which also deletes all its baselines.

I'm seriously thinking of keeping Time Freeze as a replacement for SD although I've appreciated so much SD for so many years, but I can't stand the fact that it creates its own system file in the ESP partition.

 

diskpt0.sys is the SD driver. It´s present on every partition that is shadowed. And, of, course, it has been part of SD since the beginning.

 

Thank you for your appreciated reply.
Yes, I know: just for that I called it "its own" file since I've been running SD for decades.

The fact that I find annoying is that SD places "diskpt0.sys" just in the ESP partition which however has no drive letter assigned, as already said.

Of course if you try to delete it you can't do it because it is obviously in use and then you have to do it from a system that doesn't have SD installed, for example WinPE or a specified VHD, and all this is quite annoying

Or, you can assign a letter to ESP partition and exit Shadow Mode from the program GUI, but then when you restart that may no longer be the same letter assigned initially.
You will understand that it soon becomes really an unpleasant loop.

And if you just does some tests with proprietary external Boot Managers that usually place their folders and files in the ESP partition this can bother you "a bit" because then changes are not saved.
Or in any case you are always uncertain whether those settings are saved or not, which is perhaps even worse.

 

The ESP partition is shadowed by default, as it should be. Whether it has, or not, a drive letter is not relevant.

 

@logon Just a thought and probably unhelpful but have you tried to delete the file from 'safe mode'?
If there is such a thing these days. Used to be F8 on booting

Patrick (sdmod)

 

Yes, I know that.

This is just questionable, in my opinion, despite knowing the obvious reasons.
There might be a specific option, but there isn't.
Please note that as said I love SD and I'm not complaining at all, I just said that if you have to do certain things just in that place (ESP) it is quite annoying.

It is, indeed.
Just because if the drive letter had been there you would have disabled the Shadow Mode of the ESP partition without issues and without rebooting (please, try and see) from the GUI of Shadow Defender itself.
But since that letter isn't there then you are forced to go through one of the above described ways.

 

Thank you for your appreciated reply.

It seems like a good idea, however, even if I don't like Safe mode.
I haven't tried it, so I don't know what would happen on reboot (i.e. if SD automatically re-creates the file).

I noticed the following behavior of SD: let's say you only have the OS partition in Shadow Mode.
As said, Shadow Defender set related ESP partition in Shadow mode too (without your knowledge).
Let's say you managed to delete that file in any way.
Then let's say you want, for any reason, to quit your OS partition from Shadow Mode, then a reboot is mandatory.
At system startup you are in Normal Mode your OS partition, of course.
Then, for any reason, you want your OS partition in Shadow Mode again.
Now also your ESP partition is in Shadow Mode again and its system file is re-created inside it.

That's why I talked about the fact "that it soon becomes really an unpleasant loop".

 

@logon Maybe look on this page

 

This night as I was about to fall asleep (it's long past midnight here) an idea came to me that I can't wait to try immediately.
I got up, tried it and it worked.
I'm very satisfied with this, but I don't have the time to describe it now since I've to go to sleep.

I can only anticipate that your two replies above, which I appreciated anyway, miss the point because perhaps you have never had the need or desire not to have shadowed the ESP partition for some of your plans.
However, thank you for your replies.
Maybe we'll talk about it again tomorrow.

 

@logon
Yes, you are right, I have never had the need to Shadow ESP partition
(as far as I know or can remember) and I'm not familiar with it, I was just trying to help by having a look at that area. I often get 'the wrong end of the stick'
Input of members, sometimes, even when 'barking up the wrong tree', keeps the thread alive for a person who has an ongoing, unresolved, problem
I'm curious to see what your idea is and solution to your problem.
I might learn something and get to understand.

 

@sdmod
Thank you for your reply.

Also you are right, because I know that "usually" a new member signs up to ask for help, not to "give" it.

I too am no exception because I signed up on this great forum to learn something more about BootIt UEFI and I was not disappointed because thanks to @Brian K knowledge I had a pleasant and instructive exchange of ideas (at least from my side) with him.

https://www.wilderssecurity.com/threads/bootit-uefi.405427/page-10#post-3194302

However, since I'm a great fan of SD I couldn't resist sharing my modest experience with this beautiful (and unique) program.

 

If you are playing with a program like BootIt UEFI that writes its files in the EFI folder of the ESP partition then the fact that partition is automatically put in Shadow Mode is not welcome (at least for my way of thinking about IT).

Obviously, if you are experimenting and learning something new about a program installed just in the ESP partition (EFI folder) you need to make sure that your settings are taken into effect and not deleted upon reboot.
This seems so obvious to me that I don't need to add anything else.

Of course you can quit that ESP partition from Shadow mode, but then you also have to exit the OS partition otherwise you enter a fatal loop.
Anyway, exit ESP partition from Shadow Mode can be done very well, but it is not exactly a straightforward, procedure (although you can use some functions of some partitioning programs that make things faster).

To demonstrate the fact that hopefully we don't all think the same way, I point out that some programs have provided for the exclusion of the ESP partition from their protected mode.
Please look at the screenshot in attachment where you can see that version 11.3 of Rollback RX Pro allows you to do just this (and in fact during my tests it was the version I preferred), although in the next version they removed the option.



However, since I like some "difficult" things, I went myself into "let's see who wins" mode.

 

Another thing to take into account is that the UEFI "standard" does not seem at all like the panacea that solves everything, and there are plenty of articles out there about it.

As often happens it's just Microsoft itself which puts its own spin on it.

Just as an example, in the above article posted by @sdmod there is a remarkable ambiguity in the answer of an expert because the ESP partition is defined as "hidden", but really it is not.
It is only prevented from being assigned a drive letter, so more precisely it is invisible (from Explorer), not "hidden" (which means something else).
As far as I know the author of Boot-US also offers an option for even "True Hidden" partition (which means yet another thing).
To further complicate things you also add diskpart which when asked on infos it answers that the state is "hidden" (which is simply not true).

Much more truthful (and correct) is the description given by a program like AOMEI Partition Assistant (of which I have an old version 7.5.1 that already does this) which defines the state of ESP partition as "System".

Please note that the first partition of the 1st disk is correctly described as Hidden (because it really is a hidden partition) and the ESP partition of the 3rd disk as "System".

The ESP partition flag should be "boot", which corresponds to "esp" in GPT.

https://wiki.archlinux.org/title/EFI_system_partition

Given the above, my "overnight" idea was to remove the "esp" flag from the ESP partition to see how Shadow Defender would behave in this case, and it worked!
Without the "esp" flag SD no longer automatically puts the ESP partition in Shadow Mode, and furthermore the OS partition does boot flawlessly both normally or in Shadow Mode.

Please note that still not being able to run GParted, I also had to find an alternative way to do it.
And I found that if you set the ESP partition as "hidden" (that's with "H" attribute) and then return it to "unhidden" then it loses the "esp" flag and so the trick works the same way as removing the "esp" (or "boot") flag running GParted.

 

For the sake of completeness and for those interested, I just found that even the free version of DiskGenius is able under Windows (opposed to GParted mentioned above) to change partition type IDs and therefore to change the status of an ESP partition (from "System" to "Data") as above described.

 

A lot of nonsense. The ESP partition is critical for boot, and should be left alone, except in special cases, for example when creating a muiltiboot system. SD makes the right thing, to protect the partition automatically.