Rollback Rx and its MBR

[CSKfan]

How to backup and restore Rollback Rx's MBR if something bad happens?

[The Shadow]

Quote:

Originally Posted by CSKfan

How to backup and restore Rollback Rx's MBR if something bad happens?

If 'something bad happens' you will need more than just a backup of Rollback Rx's MBR! Short of reinstalling Windows, the last line of defense is an image-backup of your system drive. Do you have/use image-backup software?

TS

[bgoodman4]

I agree that imaging the drive is critical but FWIW Graham has "fixed" problems using a backed up MBR. For more on this subject see his post at http://horizondatasys-forum.com/20254-post65.html as well as the rest of the thread of which it is a part.

[The Shadow]

Based on my catastrophic experience with Rollback Rx, its snapshots are its 'achilles heel', not the MBR. The MBR can be protected by known 3rd party apps and, as a last resort, can be reconstructed. On the other hand, finding 3rd party apps that can protect Rx's snapshots from attack by rootkits containing a direct I/O driver (that can overwrite Rx's baseline snapshot) is less certain ...and once Rx's baseline snaphot is infected (or corrupted for any reason) there's no reconstructing it!

TS

[twl845]

Quote:

Originally Posted by The Shadow

Based on my catastrophic experience with Rollback Rx, its snapshots are its 'achilles heel', not the MBR. The MBR can be protected by known 3rd party apps and, as a last resort, can be reconstructed. On the other hand, finding 3rd party apps that can protect Rx's snapshots from attack by rootkits containing a direct I/O driver (that can overwrite Rx's baseline snapshot) is less certain ...and once Rx's baseline snaphot is infected (or corrupted for any reason) there's no reconstructing it!

TS

Good reason to also use an imaging app.

[bgoodman4]

Quote:

Originally Posted by The Shadow

Based on my catastrophic experience with Rollback Rx, its snapshots are its 'achilles heel', not the MBR. The MBR can be protected by known 3rd party apps and, as a last resort, can be reconstructed. On the other hand, finding 3rd party apps that can protect Rx's snapshots from attack by rootkits containing a direct I/O driver (that can overwrite Rx's baseline snapshot) is less certain ...and once Rx's baseline snaphot is infected (or corrupted for any reason) there's no reconstructing it!

TS

I was just saying that in some cases being able to restore the MBR may help, not that it would suffice in all (or even most) circumstances. I also agreed that the best defence is regular imaging of the drive.

PC protection is a matter of layers since no one app will necessarily do the job (not even imaging apps as they have been known to fail as well). At a min, everyone should image regularly IMO. What you add to your protection regime after that is up to each individual. I have recently added BlueRidge AppGuard to my imaging, Rx, & MBR backup, protection routine (not to mention AV & Anti-malyare apps, and an on-line backup of critical files as they are created).

I have never had to use an MBR backup in the past and I do not expect to ever need to, but the app I used was free and the backup takes up very little space. In short, it cannot not hurt to do this.

EDIT: FWIW, if a drive image is corrupted there is no reconstructing it either. Thats why its important not to rely on one means of recovery. When I was using Acronis True Image it was not unusual for me to have to try 2 or 3 images before I found one that allowed me to restore my system. I now image with 2 different programs but I really have no idea if they are better at providing usable images than ATI. This is because I have not had occasion to use any of these images since I began using rollback software (initially Roxio GoBack and now Rx). I keep making the images weekly though since I know Rx can run into problems and if it does I know I will have the images to fall back on. Still no guarantee but each layer of protection adds to the likelihood of my being able to recover should the need arise.

[CSKfan]

Quote:

Originally Posted by bgoodman4

I was just saying that in some cases being able to restore the MBR may help, not that it would suffice in all (or even most) circumstances. I also agreed that the best defence is regular imaging of the drive.

PC protection is a matter of layers since no one app will necessarily do the job (not even imaging apps as they have been known to fail as well). At a min, everyone should image regularly IMO. What you add to your protection regime after that is up to each individual. I have recently added BlueRidge AppGuard to my imaging, Rx, & MBR backup, protection routine (not to mention AV & Anti-malyare apps, and an on-line backup of critical files as they are created).

I have never had to use an MBR backup in the past and I do not expect to ever need to, but the app I used was free and the backup takes up very little space. In short, it cannot not hurt to do this.

EDIT: FWIW, if a drive image is corrupted there is no reconstructing it either. Thats why its important not to rely on one means of recovery. When I was using Acronis True Image it was not unusual for me to have to try 2 or 3 images before I found one that allowed me to restore my system. I now image with 2 different programs but I really have no idea if they are better at providing usable images than ATI. This is because I have not had occasion to use any of these images since I began using rollback software (initially Roxio GoBack and now Rx). I keep making the images weekly though since I know Rx can run into problems and if it does I know I will have the images to fall back on. Still no guarantee but each layer of protection adds to the likelihood of my being able to recover should the need arise.

Anybody using nProtect MBR Guard with Rollback rx?

[The Shadow]

Quote:

Originally Posted by twl845

Good reason to also use an imaging app.

For sure (and frequently)!

[The Shadow]

Quote:

Originally Posted by bgoodman4

... I now image with 2 different programs but I really have no idea if they are better at providing usable images than ATI. This is because I have not had occasion to use any of these images since I began using rollback software (initially Roxio GoBack and now Rx). I keep making the images weekly though since I know Rx can run into problems and if it does I know I will have the images to fall back on. Still no guarantee but each layer of protection adds to the likelihood of my being able to recover should the need arise.

bg,

Seems to me that you should try recovering the backup images from your 2 imaging apps to prove their reliability and worthiness!

TS

[bgoodman4]

Quote:

Originally Posted by The Shadow

bg,

Seems to me that you should try recovering the backup images from your 2 imaging apps to prove their reliability and worthiness!

TS

Yes, that probably would be a good idea but that would mean a great deal of recovering in order to test the images. I have mentioned in the past that I image weekly with DriveCloner and monthly with Paragon. Thats 5 images a month, which would mean 5 recoveries a month just to see if the images were good. In a worst case scenario I would find the most recent image (I always do a full image, never differential or incremental) that worked and then I would grab my critical files from an on-line storage site. So even if I had to go back weeks or even months the data loss would be non-critical files,,,and I could live with that.

[The Shadow]

Quote:

Originally Posted by bgoodman4

Yes, that probably would be a good idea but that would mean a great deal of recovering in order to test the images. I have mentioned in the past that I image weekly with DriveCloner and monthly with Paragon. Thats 5 images a month, which would mean 5 recoveries a month just to see if the images were good. In a worst case scenario.

I'm just suggesting that you do one recovery (each) with DC and Paragon to see if they recover successfully (I sure would).

TS

[bgoodman4]

Quote:

Originally Posted by The Shadow

I'm just suggesting that you do one recovery (each) with DC and Paragon to see if they recover successfully (I sure would).

TS

Well, when you put it that way,,,,I should,,,and I will. Thanks for the push, I needed it.

[TheRollbackFrog]

Quote:

Originally Posted by CSKfan

Anybody using nProtect MBR Guard with Rollback rx?

It works fine if the MBR changing app uses standard Windows I/O to try and change the MBR (like the Rollback RX install program)... if some sort of direct I/O is used (or the MBR change request is done outside of Windows like the Rollback RX unINSTALL), it will fail.

I do use it, though...

[Jim1cor13]

As far as actually having a utility that backs up the MBR or any "range" of sectors 0 - ? I have used MBRwizard CLI version, which is command line interface and free. It takes some reading and getting used to all the features, but it is powerful and I back up either 0 - 63 and I have a few backups of a range from 0 - 100 sectors. Other flexible utilities for backing up an MBR, etc. is MBRfix which also will backup a range of sectors beyond the typical. Both have great abilities beyond just MBR backup, such as being able to "fix" the MBR such as Vista or Win7, etc., and also perform some partition operations.

[TheRollbackFrog]

BOOTice works just fine for saving/restoring either the MBR (+ 1st track if interested) or the PBR (Partition BOOT Record... used to actually BOOT the OS).

But remember... you won't get Rollback's MBR unless you do the save OUTSIDE of the running Windows OS (inside, Rollback will give you want it wants you to have... the system's MBR PRIOR to Rollback's installation).

[Jim1cor13]

Good info Rollback, thank you I also have heard of BOOTice and it had good reports, but I never tried it.

[ratchet]

bgoodman4, I just read the monumental thread on the R Rx forum you linked (I think it was you). Your back up system sounds similar to what I was doing with an XP desktop and a Vista laptop, both using CTM. I recently built a PC and am now running 64bit W7. I'm considering purchasing Rx, indeed I've already have had to recover 2X, using W7s backup program, making me wish I had "snapshot" software. I did pass during the July 4 sale. I'd used CTM on both of those machines from almost the beginning of their development and they conveniently saved my butt numerous times. Several times from MS patch Tuesday installs. I'd periodically uninstall CTM, defrag the PCs, image, then reinstall CTM. One time on the laptop, I mistakenly used Revo to uninstall CTM and it was a total "black" screen of death. I booted from a Paragon recovery disk and it repaired the MBR. From there I used CTM's uninstaller and everything was back to normal. Long story to get to my question, since a full image includes the MBR, are the MBR recovery apps necessary? I'm not worried about protecting it. Still not sure I'll purchase R Rx but if I do I just want my ducks in a row! Thank you!

[twl845]

Quote:

Originally Posted by ratchet

bgoodman4, I just read the monumental thread on the R Rx forum you linked (I think it was you). Your back up system sounds similar to what I was doing with an XP desktop and a Vista laptop, both using CTM. I recently built a PC and am now running 64bit W7. I'm considering purchasing Rx, indeed I've already have had to recover 2X, using W7s backup program, making me wish I had "snapshot" software. I did pass during the July 4 sale. I'd used CTM on both of those machines from almost the beginning of their development and they conveniently saved my butt numerous times. Several times from MS patch Tuesday installs. I'd periodically uninstall CTM, defrag the PCs, image, then reinstall CTM. One time on the laptop, I mistakenly used Revo to uninstall CTM and it was a total "black" screen of death. I booted from a Paragon recovery disk and it repaired the MBR. From there I used CTM's uninstaller and everything was back to normal. Long story to get to my question, since a full image includes the MBR, are the MBR recovery apps necessary? I'm not worried about protecting it. Still not sure I'll purchase R Rx but if I do I just want my ducks in a row! Thank you!

If you decide to get RBrx wait for the upgrade in October (if it comes then).

[bgoodman4]

Quote:

Originally Posted by ratchet

bgoodman4, I just read the monumental thread on the R Rx forum you linked (I think it was you). Your back up system sounds similar to what I was doing with an XP desktop and a Vista laptop, both using CTM. I recently built a PC and am now running 64bit W7. I'm considering purchasing Rx, indeed I've already have had to recover 2X, using W7s backup program, making me wish I had "snapshot" software. I did pass during the July 4 sale. I'd used CTM on both of those machines from almost the beginning of their development and they conveniently saved my butt numerous times. Several times from MS patch Tuesday installs. I'd periodically uninstall CTM, defrag the PCs, image, then reinstall CTM. One time on the laptop, I mistakenly used Revo to uninstall CTM and it was a total "black" screen of death. I booted from a Paragon recovery disk and it repaired the MBR. From there I used CTM's uninstaller and everything was back to normal. Long story to get to my question, since a full image includes the MBR, are the MBR recovery apps necessary? I'm not worried about protecting it. Still not sure I'll purchase R Rx but if I do I just want my ducks in a row! Thank you!

I use the MBR backup programs "just in case",,, Froggie has indicated that there have been times he has been able to solve a problem by restoring the MBR (I do not recall what problem he was referring to specifically) rather than having to go through restoring the entire disk. The backup files are small and many of the programs are free,,,so I figure I may as well do it. Never had to use one of these though,,,,, but then again its been a long time since I had to restore using an image. I have done a ton of rollbacks since the last image restore though (last restore was 6 or 7 years ago I think, maybe longer).

I would suggest that you trial the program and decide if you like it. Also, in ref to twl845s comment above, you might want to contact Horizion Data Systems and ask them if you bought Rx now would you be entitled to a free upgrade to 10 when it comes out (seems to me there is a 3 month window here but I could be wrong,,,,it has been a long time since I first bought Rx and had to worry about such things).

[ratchet]

Quote:

Originally Posted by bgoodman4

I use the MBR backup programs "just in case",,, Froggie has indicated that there have been times he has been able to solve a problem by restoring the MBR (I do not recall what problem he was referring to specifically) rather than having to go through restoring the entire disk. The backup files are small and many of the programs are free,,,so I figure I may as well do it. Never had to use one of these though,,,,, but then again its been a long time since I had to restore using an image. I have done a ton of rollbacks since the last image restore though (last restore was 6 or 7 years ago I think, maybe longer).

I would suggest that you trial the program and decide if you like it. Also, in ref to twl845s comment above, you might want to contact Horizion Data Systems and ask them if you bought Rx now would you be entitled to a free upgrade to 10 when it comes out (seems to me there is a 3 month window here but I could be wrong,,,,it has been a long time since I first bought Rx and had to worry about such things).

Thank you for the reply!

[TheRollbackFrog]

Quote:

Originally Posted by bgoodman4

I use the MBR backup programs "just in case",,, Froggie has indicated that there have been times he has been able to solve a problem by restoring the MBR (I do not recall what problem he was referring to specifically) rather than having to go through restoring the entire disk.

In all three cases that I've done this, I was chasing a rootklit that rewrote the MBR vector. I restored the Rollback MBR, then immediately used RB's sub-Console to Rollback to a snapshot that was free of Malware (usually the one right before the infection reared its ugly head.

It has proved very useful to me...

[bgoodman4]

Thanks Froggie