[Update] Returnil System Safe 2011 v3.2.12918.5857-REL14

Discussion in 'Returnil releases' started by Coldmoon, Jul 6, 2011.

  1. Coldmoon
    Online

    Coldmoon Returnil Moderator

  2. Robin A.
    Offline

    Robin A. Registered Member

    It did not work for me -- REL 14 Free, Windows 7 x64.

    1. I unistalled previous version, kept the settings, rebooted, install new one, rebooted.
    2. When I clicked on "Start Virtual Mode", the operation didn´t complete after several minutes. Stuck on "Initializing Virtual Mode...", with the green bar moving. No error message.
    3. I tried to restart -- Windows didn´t shut down, I turned off the power.
    4. I booted and try to "Start Virtual Mode" again -- an error window appeared. Tried again -- a different error appeared ("RPC server not found" or something like that -- I did not save the error windows).
    5. Uninstalled and reinstalled the previous version, which is working well.
  3. Coldmoon
    Online

    Coldmoon Returnil Moderator

    Hi Robin,
    Try again, but give it a little extra time as the new build is working to flush the disk cache that the previous version did not do. This is why this happened:

    So what you are seeing is the extra time to perform the flush.

    Mike
  4. Konata Izumi
    Offline

    Konata Izumi Registered Member

    Thanks for the update.


    Question 1: Flushing/wiping disk cache is enabled by default now?
    Question 2: If I purposely disabled anti-executable. Am I protected against TDL4 Malware with Virtual Mode ON?
  5. Firebytes
    Offline

    Firebytes Registered Member

    @ Coldmoon

    Is uninstalling the last version before installing this new one the recommended plan of action to update or can I just install over the top?
  6. Coldmoon
    Online

    Coldmoon Returnil Moderator

    Not the way you are thinking here. It is a flush, rather than a wipe as in the cache wipe option. This is to improve stability and reliability for the Virtual Mode feature as opposed to privacy with the wipe option.

    The A_E is there to keep unknown services and/or executables from activating. As you are aware of, there are a small number of malware families that are designed specifically to circumvent any type of software based virtualization and some of the TDL variants have this capability so the A_E is essential in this specific scenario.

    It is better to be safe than sorry and this is a part of the design behind RSS/RVS where one or more features in the software work to back up the other features for better overall security so you should keep the A_E active and perhaps even at full paranoid setting to ensure that you are not taken by surprise when testing/analyzing a particular malware with unknown capabilities.

    Mike
  7. Coldmoon
    Online

    Coldmoon Returnil Moderator

    You can upgrade in place

    Mike
  8. Woody777
    Offline

    Woody777 Registered Member

    Apparently your latest version has fixed all the problems I had with enabling VMWare workstation & it appears to run well With Private Firewall as well NOD32. I finally am able to ditch Shadow Defender which I realize has some strong advocates in these forums but which has not been updated in ages. Am I correct that the antivirus engine in the product should really eliminate the necessity for NOD32 which is now really redundant. I have to thank you for your instructions on how to install the product which in the past has not always gone very well for me.
  9. Konata Izumi
    Offline

    Konata Izumi Registered Member

    One last problem to fix before I definitely use Returnil.
    • Multiple Antivirus bug
  10. Firebytes
    Offline

    Firebytes Registered Member

    @ Coldmoon

    I updated over the top and after rebooting, my Z drive and all its contents were gone. I restored the system with an image I had so i am good to go again; but what went wrong?
  11. Firebytes
    Offline

    Firebytes Registered Member

    Tried updating again "over the top". This time I copied the contents of the virtual drive to a flash drive then removed the virtual drive via Returnil's GUI. I then installed the new version over the top of the old version. Upon attempted reboot the system locked up at the shutdown screen. After waiting several minutes I did a hard shutdown. After rebooting and having Windows advise that the system did not shut down properly I was able to start normally. I then made a new Z drive and placed the backed up contents into it. So now everything seems to be working again despite the two glitches during the update process.

    (Unless I get nervous about the hard shutdown causing future issues and I reinstall an image again.) ;)
  12. Robin A.
    Offline

    Robin A. Registered Member

    Strange. After I uninstalled and rebooted, there was still a cache to flush?

    Anyway, I tried again, installed over the previous version, no problem.
  13. Robin A.
    Offline

    Robin A. Registered Member

    Update. I uninstalled R 14 again, went back to R 13.

    I was having problems when "ejecting" securely external USB disks. No Windows error messages, the confirmation message to disconnect the disk did not appear, sometimes the enclosure lights indicated permanent disk activity.

    Apparently, the process got blocked or hanged. This happened several times, with two different external disks connected either to USB 2.0 or 3.0 ports, and even when no data had been written to the disks.

    The problem seems to have disappeared after I uninstalled R14 and either did not install Returnil, or installed R 13. Because of this, and also because it began after I installed R 14, I suspect it was related to Returnil.
  14. Coldmoon
    Online

    Coldmoon Returnil Moderator

    Hi Robin,
    The lead needs your feedback on the following questions:

    Please send the MSINFO32 report to us via the usual support address and thanks in advance for your replies.

    Mike
  15. Firebytes
    Offline

    Firebytes Registered Member

    I am having the same problems with ejecting USB drives on my wife's Windows 7 64bit system. I hadn't associated it with the new Returnil update until you posted this. I wouldn't have imagined Returnil could affect such a thing.

    If I attempt to eject the USB drive I get no message about whether the drive is safe to remove or not. If I then attempt to shut down the computer to eject the drive, the system freezes up at the shutdown screen and I have to do a hard shutdown.

    @ Coldmoon - This was using a Seagate FreeAgent Go USB drive. I believe the capacity of the drive is 250GB. It doesn't seem to matter what I do on the drive before trying to eject it. Just connecting it in seems to do it. It doesn't do it every single time though. As far as the MSINFO32 report, I guess I am unfamiliar with that.
  16. Coldmoon
    Online

    Coldmoon Returnil Moderator

    Hi,
    MSINFO32 report: Click START > Type MSINFO32 in the RUN or Search box as appropriate to your version of Windows. On the System Information screen click FILE > Export and then save the file where you can find it to attach to an e-mail to the support address (support[dash] tech [at] returnil [dot] com)

    Same questions as asked from Robin

    Mike
  17. Robin A.
    Offline

    Robin A. Registered Member

    The same happened to me.

    The problems occurred with two external disks, 500 GB WD and 1 TB ST. Both disks are installed in Vantec enclosures, USB 2.0 and USB 3.0. Both have several partitions and contain backups,and both have operated flawlessly with previous versions of Returnil.

    I checked the disks (even installed one of them inside the computer) and found that they are "in good health".

    I have e-mailed the MSINFO32 report.
  18. Coldmoon
    Online

    Coldmoon Returnil Moderator

    The WD and ST disks are both USB SSDs - yes? And you mean "SATA" by "ST"?

    Mike
  19. Firebytes
    Offline

    Firebytes Registered Member

    Ahh, OK, I just tried it on my XP system and see that it is just the System Information tool. I had previously only accessed it through the start menu. Unfortunately my wife has her computer with her out of town right now but when she returns this weekend, if you haven't figured out the problem by then, I will send the info.
  20. Robin A.
    Offline

    Robin A. Registered Member

    No. They are both normal SATA 3.5 inch disks. WD=Western Digital, ST=Seagate.
  21. Coldmoon
    Online

    Coldmoon Returnil Moderator

    Ok - noted. BTW, did you send in your MSINFO32 report?

    Mike
  22. Robin A.
    Offline

    Robin A. Registered Member

    I did, as mentioned in previous #17 post.
  23. Coldmoon
    Online

    Coldmoon Returnil Moderator

    Ok - thanks. We got one so wanted to make sure it was yours and not FB's report contrary to his note above.

    The lead is investigating a potential root cause which has been reproduced in the lab using your information provided here and in the MS report. I will update you as soon as possible on the results.

    @Firebytes: please send your MSINFO32 report when you can as it should add information that can help here as your setup is different than Robin's.

    Mike
  24. Firebytes
    Offline

    Firebytes Registered Member

    I plan on getting it to you on Monday. Thanks for getting the problem worked on.

    Also, any ideas what caused the problems I noted in posts ten and eleven?
  25. Coldmoon
    Online

    Coldmoon Returnil Moderator

    Was the VD mounted or dismounted when you did the upgrade?