FDISR and Shadowsurfer

[Peter2150]

Hi all

Anyone else tried using Shadowsurfer with FDISR. I did and just noticed I have a FDISR problem. Can copy and boot to my standard FDISR secondary snapshot, but just noticed I can't add a snapshot and boot to it. Don't know for sure if it is Shadowsurfer related. I've removed shadowsurfer and problem persists. Suspect I will have to uninstall and reinstall FDISR. Just wonder if anyone else has tried this.

Pete

[Acadia]

Good grief, Peter, now I'm glad that I never tried ShadowSurfer, please, keep us informed and GOOD LUCK!

Acadia

[Peter2150]

Fixing FDISR isn't that big a deal. Just an uninstall and reinstall. Only thing is that while it will fix FDISR, it wouldn't conclusively prove it was Shadowsurfer was the culprit without taking another shot.

Pete

Peter just curious to know if you lose your FD-ISR snapshot when you uninstall? or does it give you an option to delete them?

[Acadia]

Betauser2, whenever you uninstall FirstDefense, it will always ask you if you want to keep the Snapshots. That way the program itself is uninstalled but you CAN keep the Snapshots for a future installation of FirstDefense. That way, even a couple of years from now, you can return to your old system as if it were yesterday. BTW, I have only had to uninstall FD once and that was only because Raxco came out with a new version of FD and you had to uninstall it to install the new version, and yes, it kept all of my old Snapshots even though changing to a new version.

Acadia

[Peter2150]

Hi Betauser2

Acadia is absolutely right, that you can uninstall and leave the snapshot in place, and I have done so.

Having said whn if I uninstall and reinstall and reinstall to fix the problem I've created, I will probably remove the snapshot first. One time way back in my early FDISR experience I had a bad uninstall, and couldn't reinstall, so I ended up having to remove the snapshot manually. That was a 3 hour experience I care not to repeat, so in this case I will remove snapshot first.

But normally if all was working right, and I wanted to uninstall and reinstall I wouldn't bother.

Pete

[starfish_001]

Quote:

Originally Posted by Peter2150

Hi all

Anyone else tried using Shadowsurfer with FDISR. I did and just noticed I have a FDISR problem. Can copy and boot to my standard FDISR secondary snapshot, but just noticed I can't add a snapshot and boot to it. Don't know for sure if it is Shadowsurfer related. I've removed shadowsurfer and problem persists. Suspect I will have to uninstall and reinstall FDISR. Just wonder if anyone else has tried this.

Pete

Any updates?

[Peter2150]

Hi Starfish

Raxco is working with the developer on this one. The error message I am getting is "one that shouldn't be happening." They sent me a boot simulator, which checked my MFT and the tried a simulated boot. Generated a huge log file. No results yet. Worse part is I don't know how long the situation existed so I don't know exactly what caused it.

Also the problem doesn't interfere with anything else.

Pete

[starfish_001]

Thanks for the update - like to know how this turns out

[Peter2150]

Quote:

Originally Posted by starfish_001

Thanks for the update - like to know how this turns out

I'll keep you posted.

Edit: Update. I got a second boot simuation to run, and return the logs. So the Raxco folks are on the case. I'll keep you posted.


Pete

[Peter2150]

Hi all

The final update. First in terms of the role of ShadowSurfer, it might have had a roll, but if so it was a fluke rather than flaw. A fluke in terms of the fact it puts a file in the root directory, which in and of itself shouldn't have been an issue.

In terms of the time passed, remember this was going back and forth from me to Raxco to the developer and back. Then I had to find the time to reinstall FDISR and build a snapshot and test. Inherently there was time lag, but Raxco and Leapfrog were excellent.

After running the couple of simulations and tests and having the logs reviewed, Greg was able to describe the problem. I am quoting him here, as I'd be hard pressed to paraphrase.

"You have a relatively large number of files in the root directory. The
number and names of the files combine to produce a MFT record which is
very close to full. You also have an extra attribute in the root record
($OBJECT_ID). Because the record is so close to full and because of the
extra attribute the swapover runs out of room in the MFT record and
fails."

He also confirmed they were indeed treating it as a bug as it was a condition FDISR didn't detect and couldn't handle.

They then sent me a fix to run, and then return the logs, before trying anything. Then I caused a mild panic by moving a bunch of the unnecessary files out of the root directory. They wanted the files there to test the fix, sooo I put them back. Then I installed and built a snapshot and ran the fix. Tried swapping to the new snapshot and it failed. Then I cleaned out the root directory and tried another reboot to the secondary snapshot. It failed again. So I uninstalled FDISR, and emailed Raxco.

Got a response saying it might take two shots of the fix, please try again. So I reinstalled FDISR and built a new snapshot. Decided to test before reruning the fix. BINGO, it worked fine and has continued to work. Needless to say I am keeping my root C:\ directory clean.

It is my understanding they are working on a permenant fix for FDISR.

One heck of a detective job if you ask me. I thank Greg,Raxco and the Leapfrog developers for hanging in there to resolve this issue.

Pete

[dallen]

Pete,
Could you PM me with a description of what you did to clean your root directory. Is this something that shoud be done as a part of regular maintenance?

[Peter2150]

Quote:

Originally Posted by dallen

Pete,
Could you PM me with a description of what you did to clean your root directory. Is this something that shoud be done as a part of regular maintenance?

Hi Dallen

Nothing special. The root directory is just c:\ I had a bunch of junk like the KLStreamremover.exe and other stuff like that. To be safe besure system files and hidden files ARE HIDDEN. This will ensure you don't do something grim. Then just besure you know what you are deleting. I checked my laptop and it only had 2 files. My Desktop had about 15 including some batch files I'd made and put there. Watchword is if in doubt don't delete.

Pete

[AJohn]

It seems that ShadowUser shouldn't be needed as FirstDefense-ISR allows for...

Quote:

Originally Posted by http://leapfrogsoftware.com/product_info/first_defense/

Freeze the system at each boot - Capability to freeze the system to the same state every time the system boots. Great for kiosks, point-of-sale, school or library systems.

... and also has data anchoring simular to the exeptions in ShadowUser.

[Peter2150]

Quote:

Originally Posted by AJohn

It seems that ShadowUser shouldn't be needed as FirstDefense-ISR allows for...



... and also has data anchoring simular to the exeptions in ShadowUser.

Your right. I was experimenting, and shadowsurfer probably had nothing to do with the problem I had.

Pete

[Leapfrog Software]

Greetings All,

Although we have a similar feature built-in to our ISR technology called "Freeze", I know some folks have the ShadowStor products they would like to use. I downloaded demos of both and tested FirstDefense-ISR, PEER-ISR, BootBack with ShadowSurfer and ShadowUser.

The \$ISR folder is the ISR working folder, and thus needs to be excluded from the ShadowStor products. If not, you will not be able to update snapshots, archives, use Data Anchoring, or boot to other snapshots. The ShadowSurfer product does not have the feature to exclude folders, only drives. The ShadowUser product has this capability. It is in their configuration section under “2. Exclusion List”. You must add “@\$ISR\” to this list. I would also suggest that you also add your ISR Data Anchored folders as well; otherwise it defeats the purpose of our Data Anchoring feature.

I did notice that the ShadowUser low-level redirection driver conflicts with our open file technology driver. You will get a Windows “Blue Screen of Death” during an active OS snapshot copy. This means is you will not be able to use our copy snapshot command when the source snapshot is the active OS. You can copy any static snapshot or archive, just not the active OS snapshot. I got around this by booting another snapshot, and then copying the previously booted OS to another snapshot or archive. We’ll look into future compatibility with their technology to see if we can alleviate this issue.

Anyway, I hope this helps. Now back to the grindstone for me.

[ErikAlbert]

If you are a FDISR-user, you don't need ShadowSurfer/User IMO, because both clean your computer and FD-ISR allows more than one snapshot, while ShadowSurfer/User have only ONE snapshot.
So the choice is easy. FD-ISR offers more possibilities.

FD-ISR and ShadowSurfer/User don't protect you against malwares doing their evil job, they only remove malwares completely during the next reboot and that is of course a very big advantage compared with AV/AS/AK/AT scanners, that don't always remove everything and it takes hours to run scanners.

[AJohn]

Yep, FD-ISR with good firewall and outbound protection is a very secure combination.