How would Shadow Defender deal with this situation?

[Tempnexus]

Assume I have 2 drives C and D.
Assume that my drive D is my backup drive and data drive. On drive D I have my folder called Backups and in that folder I have my Acronis Backups of C.

Now assume that I have shadow defender made to shadow C and D. I presume that all of the real-time backups that Acronis makes of C and places it into D will be deleted once I reboot the computer due to it being shadowed?

So in order to save the real-time backups I will have to exclude the Backups folder on drive D from being shadowed?

Now assume while shadowed and with Backups folder excluded assume that I get hit by a crypto malware. The malware is known to encrypt everything that's connected to the PC. So now the malware will also encrypt the Backups folder.

Now I reboot the PC and it all goes back to normal (because it was shadowed) except for the Backups folder which is now encrypted by the malware. Is that correct?

SO how do I use Shadow Defender and still keep my constant backups?

 

[illumination]

Assume I have 2 drives C and D.
Assume that my drive D is my backup drive and data drive. On drive D I have my folder called Backups and in that folder I have my Acronis Backups of C.

Now assume that I have shadow defender made to shadow C and D. I presume that all of the real-time backups that Acronis makes of C and places it into D will be deleted once I reboot the computer due to it being shadowed?

So in order to save the real-time backups I will have to exclude the Backups folder on drive D from being shadowed?

Now assume while shadowed and with Backups folder excluded assume that I get hit by a crypto malware. The malware is known to encrypt everything that's connected to the PC. So now the malware will also encrypt the Backups folder.

Now I reboot the PC and it all goes back to normal (because it was shadowed) except for the Backups folder which is now encrypted by the malware. Is that correct?

SO how do I use Shadow Defender and still keep my constant backups?

Simple solution. Run Shadow Defender as a on demand instead of having it start with boot. This way you can run all updates and backups when you first fire up the machine then place it in shadow mode and go about your day.

 

[hjlbx]

Assume I have 2 drives C and D.
Assume that my drive D is my backup drive and data drive. On drive D I have my folder called Backups and in that folder I have my Acronis Backups of C.

Now assume that I have shadow defender made to shadow C and D. I presume that all of the real-time backups that Acronis makes of C and places it into D will be deleted once I reboot the computer due to it being shadowed?

So in order to save the real-time backups I will have to exclude the Backups folder on drive D from being shadowed?

Now assume while shadowed and with Backups folder excluded assume that I get hit by a crypto malware. The malware is known to encrypt everything that's connected to the PC. So now the malware will also encrypt the Backups folder.

Now I reboot the PC and it all goes back to normal (because it was shadowed) except for the Backups folder which is now encrypted by the malware. Is that correct?

SO how do I use Shadow Defender and still keep my constant backups?

You cannot prevent it.

If you exclude backups - and any objects in that excluded path that are targeted by ransomware - then they will be encrypted.

Any excluded file paths are subject to malicious actions.

This is one of the inconveniences of booting into and staying in Shadow Mode all the time and trying to use local external backup drive.

* * * * *

One workaround is to use cloud backup - but you have to make sure that it keeps prior versions.

Another is to use Secure Folders or similar folder-restriction software and allow only Acronis to access\write to Disk D - but I am not completely sure if this would work.

I would ask @Umbra about this one.

 

[Deleted member 178]

Assume I have 2 drives C and D.
Assume that my drive D is my backup drive and data drive. On drive D I have my folder called Backups and in that folder I have my Acronis Backups of C.

Now assume that I have shadow defender made to shadow C and D. I presume that all of the real-time backups that Acronis makes of C and places it into D will be deleted once I reboot the computer due to it being shadowed?

So in order to save the real-time backups I will have to exclude the Backups folder on drive D from being shadowed?

Yes

Now assume while shadowed and with Backups folder excluded assume that I get hit by a crypto malware. The malware is known to encrypt everything that's connected to the PC. So now the malware will also encrypt the Backups folder.

Now I reboot the PC and it all goes back to normal (because it was shadowed) except for the Backups folder which is now encrypted by the malware. Is that correct?

Yes

SO how do I use Shadow Defender and still keep my constant backups?

You can't

Your only way , and the way i chose , for backuping daily stuff is using a cloud/external drive backup before ending SD session.

or you can use a folder-locking software that prevent writing to the backup folder. (like SecureFolder, etc...)

 

[cruelsister]

Originally ransomware didn't seek out files created by imaging software, but that changed with BandarChor about 2 years ago which added tib files to the encryption list (actually it only encrypted the first part of the file, as doing the whole thing would have taken too long, but that was enough to leave the file corrupted). The bad thing about Acronis is that it is so widely used that it is tops on the Blackhats list, unlike others- personally I haven't seen anything try to mess with mrimg files (Macrium).

But Umbra gave the best advice with the external backup method. Aside from protection against malware, it will also protect against a drive dying of natural causes.

 

[Tempnexus]

Originally ransomware didn't seek out files created by imaging software, but that changed with BandarChor about 2 years ago which added tib files to the encryption list (actually it only encrypted the first part of the file, as doing the whole thing would have taken too long, but that was enough to leave the file corrupted). The bad thing about Acronis is that it is so widely used that it is tops on the Blackhats list, unlike others- personally I haven't seen anything try to mess with mrimg files (Macrium).

But Umbra gave the best advice with the external backup method. Aside from protection against malware, it will also protect against a drive dying of natural causes.

I do have an external backup method but I don't backup to it as often as I do to my internal hard drive...mainly due to ease of use and transfer speed.
By internal HD creates a weekly image where the external might be every 6 months+ I also do a yearly cloud.

So I added the TrueImage backup folder to WinAntiRansom Safezone folder zone...I hope it works.

 

[cutting_edgetech]

I think the best thing for you to do is only backup your C:\ drive on demand instead of allowing Acronis to do scheduled backups for you. Just run backups yourself as often as you need, that way you can disable Shadow Mode only when needed. You want need to make any exclusions that way. This is the way I have been doing it for many years now. It has worked great for me, and I do all my C:\ image backups to an external drive. The only difference is I use Shadow Protect to do my image backups, well mostly, I do have Acronis on a few machines. I think this simple solution will work great for you if you only have to make backups for a few machines, and you have physical access to the machines.

 

[Deleted member 2913]

I am running Todo Backup...C partition backed to D partition.
I am think of installing Shadow Defender And I will use it on-demand.

So -
1. I can disable backup schedule & use Shadow Defender, right?
2. I can shadowed only C partition And Todo backup will be saved on D partition if backup runs when Shadow Defender is running, right?

 

[Neily135]

Shadow Defender has command line options which can automate putting the backup drive (d in your case) In/Out of shadow mode. Acronis has options to pre and post process commands. This way you can add the the command " CmdTool.exe /exit ". before as the command before the backup and " CmdTool.exe /enter " as the post command. (That smiley is actually colonD : D no space between)
If you are concerned that the virus might strike during the backup operation you could take the extra precaution to have your backup files copied to a shadowed drive before running the backup (with the commands above) and then overwrite them back again after the job completes.
For more on Shadow Defenders command line options see : Shadow Defender Manual
Even easier that put this one command as the post command CmdTool.exe /commit:"D:\YourBackupFolder"