How would Shadow Defender deal with this situation?

Discussion in 'Shadow Defender' started by Tempnexus, Apr 14, 2016.

  1. Tempnexus

    Tempnexus Level 3

    Nov 25, 2015
    Assume I have 2 drives C and D.
    Assume that my drive D is my backup drive and data drive. On drive D I have my folder called Backups and in that folder I have my Acronis Backups of C.

    Now assume that I have shadow defender made to shadow C and D. I presume that all of the real-time backups that Acronis makes of C and places it into D will be deleted once I reboot the computer due to it being shadowed?

    So in order to save the real-time backups I will have to exclude the Backups folder on drive D from being shadowed?

    Now assume while shadowed and with Backups folder excluded assume that I get hit by a crypto malware. The malware is known to encrypt everything that's connected to the PC. So now the malware will also encrypt the Backups folder.

    Now I reboot the PC and it all goes back to normal (because it was shadowed) except for the Backups folder which is now encrypted by the malware. Is that correct?

    SO how do I use Shadow Defender and still keep my constant backups?
    Der.Reisende and Yash Khan like this.
  2. illumination

    illumination Guest

    Simple solution. Run Shadow Defender as a on demand instead of having it start with boot. This way you can run all updates and backups when you first fire up the machine then place it in shadow mode and go about your day.
  3. hjlbx

    hjlbx Guest

    You cannot prevent it.

    If you exclude backups - and any objects in that excluded path that are targeted by ransomware - then they will be encrypted.

    Any excluded file paths are subject to malicious actions.

    This is one of the inconveniences of booting into and staying in Shadow Mode all the time and trying to use local external backup drive.

    * * * * *

    One workaround is to use cloud backup - but you have to make sure that it keeps prior versions.

    Another is to use Secure Folders or similar folder-restriction software and allow only Acronis to access\write to Disk D - but I am not completely sure if this would work.

    I would ask @Umbra about this one.
  4. Umbra

    Umbra From Emsisoft

    May 16, 2011
    Community manager
    Vietnam & France
    Windows 10
    #4 Umbra, Apr 14, 2016
    Last edited: Apr 15, 2016


    You can't

    Your only way , and the way i chose , for backuping daily stuff is using a cloud/external drive backup before ending SD session.

    or you can use a folder-locking software that prevent writing to the backup folder. (like SecureFolder, etc...)
  5. cruelsister

    cruelsister Level 32

    Apr 13, 2013
    Originally ransomware didn't seek out files created by imaging software, but that changed with BandarChor about 2 years ago which added tib files to the encryption list (actually it only encrypted the first part of the file, as doing the whole thing would have taken too long, but that was enough to leave the file corrupted). The bad thing about Acronis is that it is so widely used that it is tops on the Blackhats list, unlike others- personally I haven't seen anything try to mess with mrimg files (Macrium).

    But Umbra gave the best advice with the external backup method. Aside from protection against malware, it will also protect against a drive dying of natural causes.
    Dirk41, Der.Reisende and Umbra like this.
  6. Tempnexus

    Tempnexus Level 3

    Nov 25, 2015
    I do have an external backup method but I don't backup to it as often as I do to my internal hard drive...mainly due to ease of use and transfer speed.
    By internal HD creates a weekly image where the external might be every 6 months+ I also do a yearly cloud.

    So I added the TrueImage backup folder to WinAntiRansom Safezone folder zone...I hope it works.
    Der.Reisende likes this.
  7. cutting_edgetech

    Feb 14, 2013
    IT Security
    I think the best thing for you to do is only backup your C:\ drive on demand instead of allowing Acronis to do scheduled backups for you. Just run backups yourself as often as you need, that way you can disable Shadow Mode only when needed. You want need to make any exclusions that way. This is the way I have been doing it for many years now. It has worked great for me, and I do all my C:\ image backups to an external drive. The only difference is I use Shadow Protect to do my image backups, well mostly, I do have Acronis on a few machines. I think this simple solution will work great for you if you only have to make backups for a few machines, and you have physical access to the machines.
    Davidov likes this.
  8. Yash Khan

    Yash Khan Level 51

    Oct 22, 2012
    I am running Todo Backup...C partition backed to D partition.
    I am think of installing Shadow Defender And I will use it on-demand.

    So -
    1. I can disable backup schedule & use Shadow Defender, right?
    2. I can shadowed only C partition And Todo backup will be saved on D partition if backup runs when Shadow Defender is running, right?
Similar Threads Forum Date
Shadow Defender stopped working Shadow Defender Dec 29, 2017
On Sale! 35% OFF Shadow Defender Discounts & Deals Dec 17, 2017
Expired Shadow Defender Giveaway Giveaways Archive Oct 29, 2017