I'm locked out of main boot/files & all boot options, stuck in guest image. I have Malwarebytes Premium & Kaspersky to protect against assaults on InstantRescue. I thought Malwarebytes & Kaspersky would protect IR file/process/regkey/services/bootexec. But Microsoft's WD did an end-run, quarantined all that & disabled IR. I thought Raxco's IR had some sort of self protection against disablement &/or image tampering. I thought WD was not supposed to operate/override when other AV was installed; perhaps it was run as once off manual scan. So now I have less than 30 days, to hopefully avert further disaster, before Raxco files are erased from Quarantine, I suppose. Microsoft WD wont allow to restore from Quarantine. WD says InstantRestore is Rayirege, "unwanted program displaying deceptive product messages, potentially unwanted program, recommended action remove this software immediately." Sounds like WD is describing itself. What do I do? This is an inconceivable circumstance.
System restore failed to stick, claiming "probable antivirus" interference. I disabled Kaspersky, but not Malwarebytes. I retried system restore to point prior to WD false positive quarantine. Still restore would not stick. Not sure... Even if I got system restore to succeed, would it affect "windows defender quarantined" items??
Strange. WD should not be running if you have Kaspersky running. Have you tried turning WD off? I would go to WD and turn off every setting you can find. Maybe try to re-install Kasperky in the hope that if shuts off WD. What would happen if you tried to re-install Raxco, would you loose everything? Something is not right, one of these programs is screwing up, a re-install may solve it, other than that could you make an exclusion in WD for Raxio?
What error do you get when you try to restore from WD quarantine? Were any of these steps available? http://www.thewindowsclub.com/manage-quarantined-exclusions-windows-defender-security-center
I think it was a WD manual scan, but still Microsoft should not irrevocably quarantine a PUP, particularly without user final vote. If Major AV are compatible with Raxco & Imaging Software, MS should make an effort too. This FP its ridiculous. I'm gonna try next : http://www.raxco.com/home/faqs "After installing a major Windows update, customers will need to enable the InstantRescue pre-boot again."
Success!! Well it worked. Raxco is more brilliant than I suspected. I feel for software companies' patching, being bullied by ignorant steam rolling monopoly. I found some links for reg hacks to prevent WD auto quarantine. I should get Macrum Reflect or some other imaging solution, to save IR images to external drive. Nothing like a good scare to get a normie to do the "right precautionary thing". I'm surprised at how easy it was to disable IR. If my image was gone/corrupted I would be soul crushed. Anything I should do further, layer wise, to harden against encrypting ransomware & such? Thanks all for the concern & help & ideas. Bless this forum. I'm an occasional lurker for eons.
What version of instant recovery do you have? Personal or business? Business offers "Enhanced snapshot protection" but I do not know what raxco means with that. You do not use archives? (IR archives = file based images of IR snapshots) Panagiotis
If it was periodic scan that caused a problem, you can disable it: https://www.tenforums.com/tutorials/51514-turn-off-limited-periodic-scanning-windows-10-a.html I don't think that it adds much to overall system security if you got Kaspersky running real-time.
In testing and talking to Raxco, if you have Home, Ransomware can gain access to your data in the secondary snapshot, where as the ehanced protection prevents that. I think Raxco made a huge mistake in not providing that protection with home. For me use of Macrium Reflect paid version has negated the value of Instant Recovery. What it takes significant time to accomplish I can do in minutes.
According to my experience, a PUP/PUA is not "irrevocably" quarantined. The operation can be reversed from the WD configuration screen. It has happened several times to me.
Is this the same protection that was introduced with FD-ISR (that prevented access in the other other snapshots folders)? Or did they enhance it more? I actually have both Raxco-IR and macrium lisences stored away. Nowadays, I test software in virtual machines or sandboxie and I rarely perform backup/restores... and when I do, I use IFL or BootIt BM. Panagiotis
From talking with Bob Nolan Raxco CEO, I believe it is enhanced. But I haven't had a chance to play with it. I just know Raxco Home doesn't protect you. Also even if you have the protection if you use the data sharing feature you would be toast.
Thanks Pete. I do not understand why they removed all these features from the personal version. (no freeze option, 5 instead of 10 snapshots, no protection of the snapshots, no password lock). When I bought it they offered only the business version (for home they offered only instantrescue) and if I remember correctly the price was the same as it is the personal version now. @Suphyce If I were you, I would contact Raxco and request to change the personal version with the business one. Panagiotis
The Business version is significantly more expensive. I no longer think it worth the money. Can do more with Macrium Reflect
