Beware of Acronis "Leftovers" Issues

Discussion in 'backup, imaging & disk mgmt' started by Arvy, Jan 17, 2012.

  1. Arvy
    Offline

    Arvy Registered Member

    Many users of Acronis (and some other) backup software are unaware of the fact that merely installing it, even on a trial basis, completely changes the way in which your system handles ALL storage devices and volumes. In fact, due to Acronis' own current driver inadequacies, it may do so in ways that can sometimes cripple some types of devices completely (e.g., USB, SSD, NAS and some RAID configurations) and has even been reported as having totally trashed a RAID 5 controller setup, among others. Furthermore, and perhaps most frustrating of all, the Acronis application software installer itself provides no way of undoing its OS "takeover" changes. Thus, its adverse effects on system functionality and performance may carry foreward indefinitely to plague those who may subsequently decide to install something else.

    Trial users, first-timers and those attempting conversion to ANY other backup and recovery software take heed and beware. Acronis does not give up its conquered territory easily. Merely uninstalling Acronis software in the normal way DOES NOT completly reverse its system-altering changes. For the current Acronis True Image Home (ATIH) 2012 builds 6131-6154 releases, those changes are as follows:

    =============================

    List of device class UpperFilters and LowerFilters entries added by ATIH:
    (NOTE: + indicates value inserted into REG_MULTI_SZ registry entries.)

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}
    Class = DiskDrive
    UpperFilters + fltsrv
    LowerFilters + vidsflt61 (NOTE: Last 2 digits of filter service name may vary.)

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{71A27CDD-812A-11D0-BEC7-08002BE2092F}
    Class = Volume
    UpperFilters + timounter + fltsrv
    LowerFilters

    __
    List of "required for boot" (start=0x00000000) filter services installed by ATIH:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\fltsrv
    DisplayName = Acronis Storage Filter Management
    ImagePath = system32\drivers\fltsrv.sys

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\timounter
    DisplayName = Acronis Backup Archive Explorer
    ImagePath = system32\drivers\timntr.sys

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vidsflt61
    DisplayName = Acronis Disk Storage Filter
    ImagePath = system32\drivers\vsflt61.sys (NOTE: Last 2 digits of driver name may vary.)

    __
    List of other "required for boot" (start=0x00000000) services installed by ATIH:

    afcdp - Acronis File Level CDP Helper - afcdp.sys
    snapman - Acronis Snapshots Manager - snapman.sys
    tdrpman - Acronis Try&Decide and Restore Points Filter - tdrpman.sys | tdrpm273.sys
    vididr - Acronis Virtual Disk - vididr.sys

    __
    List of other "autostart" (start=0x00000002) services installed by ATIH:

    AcrSch2Svc - Acronis Scheduler Service
    afcdpsrv - Acronis Continuous Backup Service
    syncagentsrv - Acronis Sync Agent Service

    __
    In addition, for Windows 7 only, normal Backup and Recovery control panel functions may be disabled by alterations or deletions of the following registry entries shown as they should be for normal functionality:

    [HKEY_CLASSES_ROOT\CLSID\{B98A2BEA-7D42-4558-8BD1-832F41BAC6FD}\Instance\InitPropertyBag]
    ResourceID = 14 (as hexadecimal value or 20 as decimal value)
    ResourceDLL = %SystemRoot%\System32\sdcpl.dll (as REG_EXPAND_SZ value)

    If Acronis has also hijacked registry key ownership and permissions, see http://www.winhelponline.com/blog/fix-w7-backup-restore-acronis-true-image/ for more help.

    =============================

    All of the above factual information is provided on a USE AT YOUR OWN RISK basis.

    PLEASE NOTE VERY CAREFULLY: To avoid "blue screen" death traps, any cleanup MUST be done in the following order:
    1) Removal of any residual Acronis device class UpperFilters and LowerFilters entries (remove ONLY inserted values);
    2) Removal of any residual Acronis "required for boot" (start=0x00000000) services;
    3) Removal of any other residual Acronis services, drivers files and miscellaneous leftovers.

    One missed removal item, or one item removed out of sequence (whether done manually or by some automated - e.g., Revo uninstaller - cleanup quirk) will cause a "blue screen" death trap problem every time. THE DRIVER FILES THEMSELVES SHOULD ALWAYS BE THE LAST TO GO! That way, you may be able to use F8 - Last Known Good Configuration to recover from any intermediate registry cleanup errors.
    Last edited: Jan 17, 2012
  2. Robin A.
    Offline

    Robin A. Registered Member

    Good reasons for using imaging programs from boot media and not installing them.
  3. Arvy
    Offline

    Arvy Registered Member

    True, but Paragon does not* do this. Besides, few newcomers, if any, have the faintest notion about the potential disasters that lurk in the mere trial installation of a software product that is promoted on the basis of its marvellous "system protection" benefits.

    I've done my best to warn people in their forums prior to "washing my hands" and moving here. But Acronis sure isn't going to make the issue and its implications widely known any time soon, let alone actually do anything to fix the root causes.

    __
    * P.S.: In fairness, I suppose I should note that Paragon isn't perfect either, but there's a BIG difference. Any "leftover" Paragon items for their Universal Image Mounter (UIM) are Type=0x1 Start=0x1 (kernel initialization) services which means that, if the driver fails to load or initialize, the startup will proceed anyhow without any "blue screen" death trap. So, while uninstallation really should clean them up too, it's not the same kind of critical fault, and Paragon has indicated (to me via support) some willingness to correct that uninstall oversight. We'll see.
    Last edited: Jan 17, 2012
  4. napoleon1815
    Offline

    napoleon1815 Registered Member

    I second that one...that and true image integrity. :)
  5. Arvy
    Offline

    Arvy Registered Member

    It seems like a strange testimonal for "true image integrity" if you follow your own advice and don't actually install the application. Those who have installed the current 2012 release seem to have some very different opinions and have expressed them quite emphatically in the ATIH forum. But don't take my word for it. If interested, you can read one of many very lengthy threads on the subject at http://forum.acronis.com/forum/27184

    __
    P.S.: My apologies to the moderator here if I opened this thread in the wrong place. I originally posted it in the Paragon forum in response to a help request from a new "convert" there at http://www.wilderssecurity.com/showthread.php?t=316387
    Last edited: Jan 17, 2012
  6. whschul
    Offline

    whschul Registered Member

    Just curious, but I have a machine that I upgraded to 2012, it failed so I
    loaded 2011 again just so I can clone... Are there instructions to get
    rid of that one as well.....
  7. whschul
    Offline

    whschul Registered Member

    OK, so let me see if I understand a little.

    Step 1. Run the uninstall from the add and remove.

    Then look for the UpperFilters and I see this in one of then...

    So Do I just get rid of the fltsrv or delete the entire entry.o_O?

    Sorry for being a difficult, but get ready to take the attempt at this..

    PartMgr
    SiRemFil
    fltsrv
  8. whschul
    Offline

    whschul Registered Member

    Where do I find these entries....
    >>>
    List of other "required for boot" (start=0x00000000) services installed by ATIH:

    afcdp - Acronis File Level CDP Helper - afcdp.sys
    snapman - Acronis Snapshots Manager - snapman.sys
    tdrpman - Acronis Try&Decide and Restore Points Filter - tdrpman.sys | tdrpm273.sys
    vididr - Acronis Virtual Disk - vididr.sys

    and where do I edit them out..??

    Same with these
    List of other "autostart" (start=0x00000002) services installed by ATIH:

    AcrSch2Svc - Acronis Scheduler Service
    afcdpsrv - Acronis Continuous Backup Service
    syncagentsrv - Acronis Sync Agent Service
  9. Arvy
    Offline

    Arvy Registered Member

    What I've posted here regarding ATIH 2012 and what it does to your registry is as clear and precise as I am capable of writing it. Any "leftover" registry entries that remain after a normal ATIH uninstall will be found under the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet branch keys as I've specified them. Services are under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ for example.

    If you are not familiar with using regedit, or if any of the steps are not entirely clear to you, then please don't do it. Note in particular the word "ONLY" in the step that says:
  10. whschul
    Offline

    whschul Registered Member

    Yes, your instructions worked great and I greatly appreciate it...

    So now, I have to get rid of the 2011 Acronis off of the
    XP box...

    Which paragon will give me a complete clone that I can use as a boot
    disk incase theh current boot disk gets infected or corrupted in
    any fashion..

    Thanks, again...
  11. mantra
    Online

    mantra Registered Member

    thanks a lot
    really very precious analysis ! :thumb:

    but what's about the acronis cleanup tool ? does it restore and fix it?

    thanks again
  12. MerleOne
    Offline

    MerleOne Registered Member

    Hi,

    What is the "Acronis Cleanup Tool" you are referring to ? Thanks.
  13. Arvy
    Offline

    Arvy Registered Member

    I know that their Hard Disk Manager 11 Suite does 'cuz I use it myself, but it may be more than you actually need. You can check the complete features lists for each of their current products on their web pages.

    No, not completely, not according to a wide range of end user reports in the Acronis forum. And some users have reported BSOD results.

    The latter seem to occur most often with high-end sytems, perhaps due to the presence of additional filter drivers such as Silicon Image's driver for their SATA controllers. There are just too many permutations and combinations for me to be any more definite about all the possible underlying causes.
  14. napoleon1815
    Offline

    napoleon1815 Registered Member

    "It seems like a strange testimonal for "true image integrity" if you follow your own advice and don't actually install the application."

    My point is not installing the application avoids all these issues...and provided taking your machine offline is not big deal, your image is in a better state than one taken live (think working on a car while it's moving compared to one turned off in a garage).
  15. Arvy
    Offline

    Arvy Registered Member

    I completely understand your point about avoiding lots of potential problems by not installing the application in the first place. It just seemed to me like a very strange basis for your further comment about "true image integrity."

    And as I also said, few trial users and newcomers, if any, are likely to anticipate any such system "integrity" issues simply as a result of following the product manufacturer's own installation instructions. Sadly, they're not all as smart and well-experienced in such matters as you are. I can agree that their innocence may be very unfortunate, but many of them really do need this kind of help and a lot more besides. They're certainly not getting much from the Acronis developers and their support team who actually seem as bewildered as the users themselves during the past several months.
  16. napoleon1815
    Offline

    napoleon1815 Registered Member

    I gave up on Acronis years back, but loved it from v8.x to Echo...after that they tied too much into it, it got bloated, and you know the sad tale. I admit, though, every image I ever took with it worked fine.
  17. Arvy
    Offline

    Arvy Registered Member

    Completely agree. They were "pack leaders" for quite a while and I feel sorry for the developers who worked so hard to put them in that position and who seem recently to have been outmaneuvered by a bunch of markeetering promoters of semi-functional annual "upgrade" gimmicks. I feel even sorrier, however, for their innocent victims. It's a sad situation all round. :(
  18. cruelsister
    Offline

    cruelsister Registered Member

    Last edited: Jan 18, 2012
  19. Arvy
    Offline

    Arvy Registered Member

    The later version of the Acronis cleanup tool will allegedly remove all prior ATIH versions as well as the current 2012 release. But, even assuming no BSOD problem, don't count on it doing the job completely. Check your registry's CurrentControlSet anyhow. The vidsflt61 device class filter and its variants seems to be the "stickiest" pollutant and also the one that seems most likely to cause problems with device recognition and performance, especially for USB-connected devices.
  20. mantra
    Online

    mantra Registered Member

    really thanks
    reading this topic , changed my mind about install the new version of acronis ti

    when i ask some opinions about a program , many users answer " try it ..." but o_O

    nowadays is better make an image before with a *trusty* software or install inside sandboxie or virtual machine
  21. Arvy
    Offline

    Arvy Registered Member

    DEFINITELY, a pre-install full-system backup is the safest insurance policy and escape hatch.

    Under those circumstances, you'd be okay to try it and it might even work just fine for you. The problem is that results are highly unpredictable, especially for anyone using any system other than a very ordinary "plain vanilla" setup and/or "upgrading" with expectations of actually using the software's "new and improved" gimmicks and gewgaws.

    The current device class filter services and drivers that bypass your operating system's normal HAL just can't seem to handle a wide range of system hardware configurations. And any operations other than very straightforward imaging seem to be a hit-or-miss gamble. They don't even seem able to manage their own application's backup tracking and versioning data very well with all kinds of weird results for their allegedly "automated" processes.

    The less said about their new install "validation" and "phone home" routines the better, I guess. It can be a real PITA.
  22. napoleon1815
    Offline

    napoleon1815 Registered Member

    Any app that installs numerous services onto your system compared to similar products with similar functionality is suspect. When I installed Acronis 10 Workstation it installed ~5 services that caused issues. No sense in going through the risk when there are tools like DS that image live using a simple .exe you launch and don't install.
  23. Arvy
    Offline

    Arvy Registered Member

    Some distinctions are necessary when talking about services. They're certainly not all bad and some are essential. Lots of autostart (start=0x2) and kernel initialization (type=0x1) services can be perfectly okay and useful for many purposes. It's those "required for boot" (start=0x0) services that really need careful handling to avoid BSOD traps, especially when entire device classes are made dependent on the loading and initialization of their drivers.

    I often hear excuses that "other software leaves stuff behind too", but not all leftover junk is equally dangerous in its effects and potential for disastrous consequences.
  24. Defcon
    Offline

    Defcon Registered Member

    Thanks for these details - it just reinforces what a shabby product Acronis makes. There is NO excuse for not uninstalling your product completely.
  25. Arvy
    Offline

    Arvy Registered Member

    As Napoleon1815 points out, it wasn't always so shabby, but they've become trapped in an obsolete development pattern of their own making and one that is increasingly difficult to accomplish successfully. Bypassing the hardware abstraction layer in current versions of the Windows operating system with their own drivers is anything but a trivial undertaking. And it's certainly not getting easier as that OS HAL is further developed to handle a rapidly expanding variety of types of storage devices and controllers. It's small wonder that they don't always manage to keep up, but it's really discouraging when (as with support for USB-connected devices, for example) they seem to be going backward rather than forward.

    Of course, the persistence of the marketeers in piling an ever-growing accumulation of semi-functional "upgrade" gimmicks on top of that very shaky developmental foundation just adds to the problem. Some of their "software provisioning" offshoots and past involvements with some parts of the hardware OEM market probably don't help much either as it all tends to keep them focussed in the wrong direction.
    Last edited: Jan 24, 2012