Announcement

Collapse
No announcement yet.

Can the existing snapshots get corrupted by malware?

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Can the existing snapshots get corrupted by malware?

    Hi everyone,

    I am new to the forum and am interested in the software. So my question revolves around a scenario where a snapshot of a clean system already exists; let's name it "clean system snap".

    Let's now assume that the system later gets infected by a certain class of malware.

    So basically what I am trying to say is that the snapshot is that of a clean state but the system later gets infected by the malware.

    I would just like to know if this snapshot called "clean system snap" which is that of the clean state, can get corrupt by any chance by the malware

    I understand that every snapshot resides on the sector-level outside of Windows, but this is where it gets even more interesting!


    There are malware that are known to infect the MBR and so it is possible to infect files outside of the operating system, which can include the snapshots

    I am curios because if the snapshot does get corrupt, there would be no point in restoring the system to that corrupt snapshot.

    I would appreciate if someone can answer this.
    Last edited by Partha; 10-19-2017, 02:42 AM.

  • #2
    Hello Partha,

    Thank you for your response. Based on your question, I assume you're referring to RollBack Rx correct? When you first install our RollBack Rx software, it protects the entire sector of your hard drive including the snapshots it takes to prevent any sort or Malware or Ransomware attacks, or if it's a corrupted MBR that is preventing Windows to boot before the operating system starts-up. Our snapshots are fully encrypted to provide that extra level of protection to your snapshots, however we do frequently update our software to provide the best compatibility, bug-fixes, and support as possible. Outside of the Windows operating system, we do have what's called the subconsole(Mini-Os) that can be accessed by pressing the "HOME" key on your keyboard, and be able to create and restore to previous snapshots before encountering any sort of Malware and Ransomware attacks also.

    We have the installation baseline snapshot that's first created when installing our RollBack Rx software the first time, so if for some reason you've taken a snapshot that captured the state of your PC with malware in it, then the installation baseline snapshot would be able to fix this as an emergency restore point. We do recommend to check the properties of the snapshot points you create in RollBack as it will determine the condition if it's a good or bad snapshot, and will help you better understand what current state of your Windows PC is.

    If you have any further questions, feel free to let us know!

    Shainal R

    Comment


    • #3
      Hello, Shainal

      I was indeed referring to Rollback Rx and thank you for your reply. I see that you recommended to check the properties of the snapshots to determine their condition, and that's exactly my concern.

      If the snapshots are well secured and encrypted, how can they even get corrupt or turn bad in the first place? Isn't that a contradiction?
      Last edited by Partha; 10-19-2017, 10:37 AM.

      Comment


      • #4
        Kindly correct me if I am mistaken. Even though this can be a very useful program, it is not fullproof and it is possible by certain means to corrupt the snapshots. Am I right?

        Comment


        • #5
          Hello Partha,

          Thank you for your response. I see where you're coming from, but I believe there is some misinformation on what I meant to say on the condition of the snapshots. The snapshots themselves in the RollBack software is fully secured and protected as it protects your entire hard drive sector by sector. but it has more to do with the Windows operating system that can cause such issues like malware, ransomware, or even system infections that RollBack warns you off if you decide to do a restore to that snapshot point. This is why we have a default baseline snapshot to rollback too if all else fails that works within windows or through our RollBack subconsole menu screen(HOME Key) before Windows boots. We do have a snapshot defragment tool that does help improve the condition of the snapshot if the snapshot is marked as bad for example. We do provide frequent updates to our software to make sure we prevent something like this from happening in the first place.
          Last edited by ShainalR; 10-19-2017, 11:06 AM.

          Comment


          • #6
            Aha! That makes a lot of sense. Thanks for clarifying that. So if I understand properly, it is practically impossible to corrupt the snapshots, and you referred to the snapshots of infected systems when you earlier specified bad snapshots. Is that correct?

            So in a nutshell, the snapshots cannot turn bad. Is that right?
            Last edited by Partha; 10-19-2017, 11:08 AM.

            Comment


            • #7
              Hello Partha,

              Thank you for your response. Yes that is correct, the snapshots are basically impossible to corrupt in the software, and the bad snapshots that RollBack Rx tells you is to do with the infected operating system.
              Last edited by ShainalR; 10-19-2017, 11:36 AM.

              Comment


              • #8
                Thank you.

                Comment


                • #9
                  I just came across this article at http://horizondatasys.com/fixes-for-...-in-new-build/

                  It says that the snapshots can be classified as questionable in two cases, and one of them is if the snapshot itself gets corrupt


                  Image 2.png
                  Last edited by Partha; 10-19-2017, 06:55 PM.

                  Comment


                  • #10
                    Hello Partha,

                    Thank you for your response. I've had looked into this article further and here is my answer to your previous question to make things clearer regarding the questionable snapshots.

                    When a snapshot is taken, RollBack Rx has to initiate 3 checks first before determining the condition of the snapshot:

                    1. Check the state the Windows MBR is in
                    2. Check Volume Shadow Services
                    3. Check the registry and boot records

                    If any of the 3 checks has issues, then the snapshot will be marked as questionable and would not be safe to restore back to it. This can also cause any previous good snapshots to also go into questionable status as well as it may also have issues with the 3 checks mentioned above. In that case, the best practice to fixing this would be to either check the "Flush system cache before creating the snapshot" and create a new snapshot, and also to check your boot records and registry to make sure there's no problems or compromises there.

                    Have a good day!

                    Comment


                    • #11
                      I see. Thanks!

                      Comment

                      Working...
                      X