Jump to content

Conflicts with automated backups?


Cobra36
 Share

Recommended Posts

I have Malwarebytes Premium 4.2.3.  Windows 10 Pro 10.0.19041 64-bit.

I was running the backup software from WD that came with my My Passport 4 TB external USB drive.  I discovered it wasn't actually running the backups.  After much consultation with WD support, it was suggested I use File History from Microsoft instead.  So this afternoon I've been trying to get File History to work.  And it so far does not.  I tried to back up all of my user files and instead it backed up about 16 of 131 GB.

I'm starting to wonder if the problem is Malwarbytes not living happily with either of these bckup programs? (The WD support person suggested that the WD Backup doesn't work well with all Anti-Virus software.

Any suggestions?  Any backup software that will work?

Link to post
Share on other sites

  • Root Admin

Hello @Cobra36

Please provide some logs so that we can see what is going on that might prevent a successful backup.

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system.
You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.

 

 

 


As for leaving either Malwarebytes or Windows Defender or any other antivirus running during the backup process, I find that "sometimes" it is successful for a full backup but every once in awhile the VSS (Volume Shadow Copy Service) is too busy and you will get a failed backup.
Thus for myself, I personally exit out of Malwarebytes and turn off real-time protection of Windows Defender and run the backup. I also empty my temp folders before the backup and a fresh restart before as well. Taking those steps and precautions results in 100% successful backups for me. Then restart the computer after the backup and all security software will auto restart and the memory usage from backup will clear up better as well.

 

Backup Software
https://forums.malwarebytes.org/index.php?/topic/136226-backup-software

 

Please see the following topic concerning Macrium Reflect

https://forums.malwarebytes.com/topic/264011-backup-files-software-which-one-to-choose-2020/?do=findComment&comment=1408170

 

 

Thank you

 

Edited by AdvancedSetup
updated information
Link to post
Share on other sites

I did download the 64-bit version of Farbar Recovery Scan Tool (just to confirm the executable is called FRST64.exe).

As for my backups right now it's kind of a mess.  The behavior of File History has not been consistent.  I won't get into details until that will help.  But I may just delete everything I've done for backup and start over.  (I did create a system image yesterday, along with a repair disk and I have enough backed up files so I wouldn't be in too much trouble if things crashed.)

FRST.txt Addition.txt

Link to post
Share on other sites

Thus for myself, I personally exit out of Malwarebytes and turn off real-time protection of Windows Defender and run the backup.

On 11/14/2020 at 6:46 PM, AdvancedSetup said:

Thus for myself, I personally exit out of Malwarebytes and turn off real-time protection of Windows Defender and run the backup.

 

If you exit out of Malwarebytes and turn off real-time protection of Windows Defender doesn't that make your computer vulnerable?  Or is there something else you do to stay secure?

Link to post
Share on other sites

1 hour ago, Cobra36 said:

If you exit out of Malwarebytes and turn off real-time protection of Windows Defender doesn't that make your computer vulnerable?  Or is there something else you do to stay secure?

Personally, I have never had to do either. But, I let backups run and walk away.

You also have the option to exclude Macrium from both Defender and Malwarebytes although I have never needed to do so.

Link to post
Share on other sites

  • Root Admin

Every computer is different. It relies heavily on VSS by almost all software these days. Many years ago some vendors wrote their own driver for backups but almost everyone today uses VSS. If VSS gets too busy you will get a backup failure regardless of who's software you're using and how much data. I'm typically backing up 4TB or more at one time in some cases.

Yes, if you have other open applications or are browsing the web while you're running a backup then you're very likely to get infected. The normal operation is as @Porthos says. You leave your security software running and in most cases the backup will complete successfully.

 

The logs do not show signs of an infection, but there have been issues where Backup or processes used have crashed. If wanted we can do some general clean up and see if that helps.

 

Application errors:
==================
Error: (11/14/2020 02:56:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_TokenBroker, version: 10.0.19041.546, time stamp: 0x058e175a
Faulting module name: KERNELBASE.dll, version: 10.0.19041.572, time stamp: 0x1183946c
Exception code: 0xc0000602
Fault offset: 0x000000000010b65c
Faulting process id: 0x60c
Faulting application start time: 0x01d6ba01c9e5e7bd
Faulting application path: C:\WINDOWS\system32\svchost.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: 621b3aaf-7a1c-4683-9b11-2079d7a6d467
Faulting package full name:
Faulting package-relative application ID:

Error: (11/13/2020 11:37:54 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on OS (C:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)

Error: (11/13/2020 10:44:20 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on My Passport External Media 1TB (I:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)

Error: (11/13/2020 10:44:20 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on RECOVERY because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)

Error: (11/13/2020 10:21:46 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on My Passport External Media 1TB (I:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)

Error: (11/13/2020 10:21:39 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on RECOVERY because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)

Error: (11/13/2020 03:52:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: WDBackup.exe, version: 1.9.7435.38388, time stamp: 0x5eb8e068
Faulting module name: KERNELBASE.dll, version: 10.0.19041.572, time stamp: 0x979ddb1d
Exception code: 0xe0434352
Fault offset: 0x00129ab2
Faulting process id: 0x1cbc
Faulting application start time: 0x01d6b9fe83c49cfa
Faulting application path: C:\Program Files (x86)\Western Digital\WD App Manager\Plugins\WD Backup\App\WDBackup.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: 0062465c-c725-470f-ba7a-e0859b8a1b6c
Faulting package full name:
Faulting package-relative application ID:

Error: (11/13/2020 03:52:47 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: WDBackup.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.OutOfMemoryException
   at ManifestDedupEngineDotNet.BackupRestoreStatus.remove_MessageEvent(MessageEventHandler)
   at WesternDigital.Backup.Program.UnscubscribeEvents()
   at WesternDigital.Backup.Program.Main(System.String[])


System errors:
=============
Error: (11/14/2020 02:18:10 AM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk6\DR6.

Error: (11/14/2020 12:48:35 AM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk5\DR5.

Error: (11/13/2020 07:03:35 PM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk3\DR3.

Error: (11/13/2020 04:11:10 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Microsoft Defender Antivirus Network Inspection Service service failed to start due to the following error:
The service did not start due to a logon failure.

Error: (11/13/2020 04:11:10 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The WdNisSvc service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error:
The request is not supported.


To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (11/13/2020 11:35:48 AM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013.

Error: (11/13/2020 11:34:51 AM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013.

Error: (11/13/2020 09:42:11 AM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk3\DR3.

 

Let me know if  you'd like to do some generic clean up

Thanks

 

Link to post
Share on other sites

5 hours ago, AdvancedSetup said:

Let me know if  you'd like to do some generic clean up

 

 

Yes please I'd be happy to do some cleanup to get rid of errors.  Let me know what I should do.  This is out of my depth.

Then I can figure out what to do for a sustained backup solution.  Macrium Reflect Free sounds like it's not exactly what I want if it just does complete images.  Perhaps AOMEI Backupper or Acronis True Image will be more in line with what I need.  Assuming I can't get Win10 File History or perhaps even WD Backup to work.

Link to post
Share on other sites

  • Root Admin

Here is a generic clean up script. Please make sure to temporarily disable antivirus and exit out of Malwarebytes while you run this script.

Once done post back the log and we'll go from there @Cobra36

 

Please download the attached fixlist.txt file and save it to the Desktop or location where you ran FRST from.
NOTE. It's important that both files, FRST or FRST64, and fixlist.txt are in the same location or the fix will not work.

Please make sure you disable any real time antivirus or security software before running this script. Once completed make sure you re-enable it.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system that cannot be undone.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt) or wherever you ran FRST from. Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

NOTE-1:  This fix will run a scan to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files. It will also run a disk check on the restart to ensure disk integrity. Depending on the speed of your computer this fix may take 30 minutes or more.

NOTE-2: As part of this fix all temporary files will be removed. If you have any open web pages that have not been bookmarked please make sure you bookmark them now as all open applications will be automatically closed. Also, make sure you know the passwords for all websites as cookies will also be removed. The use of an external password manager is highly recommended instead of using your browser to store passwords.

The following directories are emptied:

  • Windows Temp
  • Users Temp folders
  • Edge, IE, FF, Chrome and Opera caches, HTML5 storages, Cookies and History
  • Recently opened files cache
  • Flash Player cache
  • Java cache
  • Steam HTML cache
  • Explorer thumbnail and icon cache
  • BITS transfer queue (qmgr*.dat files)
  • Recycle Bin

Important: items are permanently deleted. They are not moved to quarantine. If you have any questions or concerns please ask before running this fix.

The system will be rebooted after the fix has run.

fixlist.txt

Thanks

 

Link to post
Share on other sites

AdvancedSetup

I am happy to try and get to the bottom of my backup issues.  But I hope you understand when I say I'm a little nervous about running this script.  Partially due to your warning about running it on another machine:

33 minutes ago, AdvancedSetup said:

Running this on another machine may cause damage to your operating system that cannot be undone.

Also this warning:

34 minutes ago, AdvancedSetup said:

This fix will run a scan to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files

Also I'm putting myself in your hands and it feels like a leap of faith.  How sure are you that this fixlist.txt script won't accidentally cause damage to my OS?  Running both FRST64.exe and letting that program do some sort of fix also to me is another leap of faith.

Any guidance for how I should know to do this?  And that I won't spend the next 3 days trying to rebuild my computer from the System Image I created yesterday?

Thanks.  I really do want to believe but past history makes me a little skeptical, or at least wanting to do my due diligence.

Link to post
Share on other sites

I have done the scan / fix with FRST64.  The system was rebooted but I couldn't tell if FRST64 did anything after the restart.  Part of the restart did include messages that something or other was being fixed (I didn't write them down).

Enclosed is the Fixlog.txt file.

I don't know if this matters but I noticed after reboot:

  • When I restarted Firefox all the tabs had been preserved.  I had to login to a couple of places and on one tab I did not have to login.
  • C:\TEMP is empty
  • C|WINDOWS\TEMP is empty except for 2 log files (I didn't look at the contents of these files).
  • Recycle Bin was not emptied
  • I'm not sure where to find Users TEMP folders so I don't know if they were emptied or not.

Let me know what to do next.  Thanks.

Fixlog.txt

Link to post
Share on other sites

  • Root Admin

The Recycle Bin shows that it was cleaned.

The logs show that the process did find corrupt files and repaired them, so that's good.

Windows Resource Protection found corrupt files and successfully repaired them.

RecycleBin => 5190044369 B

Overall there was over 7GB of temporary files that don't need to be part of your backups was removed.
EmptyTemp: => 7.2 GB temporary data Removed.

 

 

I have to run some errands so will be back later tonight.

Please run FRST again and scan and attach back both new logs files and I will review them tonight.

Thanks

 

Link to post
Share on other sites

  • Root Admin

Okay, the good thing is that the other errors in the Event Logs do not appear to be coming back today. However there was a VSS error, which may have been due to cleaning or rebooting, etc. and may not be a real issue.

 

Application errors:
==================
Error: (11/16/2020 02:51:53 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]

Error: (11/16/2020 02:16:00 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW.  hr = 0x8007001f, A device attached to the system is not functioning.
.


Operation:
   Executing Asynchronous Operation

Context:
   Current State: DoSnapshotSet

Error: (11/16/2020 02:14:56 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {348781c0-3718-4409-b2b6-2440b04c1dd4}

 

Please turn the computer off and leave it off for about 5 minutes. Then turn it back on and run FRST again with a SCAN and post back new logs and we'll see if the error comes back again or not.

 

Link to post
Share on other sites

  • Root Admin

The VSS (used by almost all backups, error did not return) looks to be okay at this time.

There was only one new error but that too is probably just a fluke and not an ongoing issue.

System errors:
=============
Error: (11/16/2020 09:12:23 PM) (Source: BTHUSB) (EventID: 5) (User: )
Description: The Bluetooth driver expected an HCI event with a certain size but did not receive it.

 

SecurityCheck by glax24              

I would like you to run a tool named SecurityCheck to inquire about the current-security-update status of some applications.

  • Download SecurityCheck by glax24 from here  https://tools.safezone.cc/glax24/SecurityCheck/SecurityCheck.exe
  • and save the tool on the desktop.
  • If Windows's  SmartScreen block that with a message-window, then
  • Click on the MORE INFO spot and over-ride that and allow it to proceed.
  • This tool is safe.   Smartscreen is overly sensitive.
  • Right-click  with your mouse on the Securitycheck.exe  and select "Run as administrator"   and reply YES to allow to run & go forward
  • Wait for the scan to finish. It will open in a text file named SecurityType.txt. Close the file.  Attach it with your next reply.
  • You can find this file in a folder called SecurityCheck, C:\SecurityCheck\SecurityCheck.txt

 

Link to post
Share on other sites

  • Root Admin

Yes, you can move it.

Please update as appropriate


--------------------------- [ OtherUtilities ] ----------------------------
Microsoft OneDrive v.20.169.0823.0008 Warning! Download Update

OpenOffice 4.1.7 v.4.17.9800 Warning! Download Update

 


-------------------------- [ IMAndColloborate ] ---------------------------
Zoom v.5.3.1 (52879.0927) Warning! Download Update

 

 

Link to post
Share on other sites

  • Root Admin

Please see the following articles on setting up Windows History and let me know how that works out.

How to Enable File History in Windows 10
https://winaero.com/enable-file-history-windows-10/

How to Enable or Disable File History in Windows 10
https://www.tenforums.com/tutorials/64728-enable-disable-file-history-windows-10-a.html

 

The paid version of Macrium Reflect does support File and Folder backup without creating an entire drive or partition image.
https://www.macrium.com/product-comparison

Again, I recommend you review this post

 

Backup Software
https://forums.malwarebytes.org/index.php?/topic/136226-backup-software

 

AOMEI Backupper, is a great little backup utility. Just for reference though, it is a Chinese company and it does a bit of advertising.

 

 

Link to post
Share on other sites

I updated Zoom, Open Office and MS One Drive (even though OneDrive is disabled on my computer - I figured it couldn't hurt to update).  Then I downloaded and ran Patch My PC Home Updater.  It found 3 more to update (Firefox, Audacity & WinMerge) so I updated them as well.  Then I rebooted the computer.

Next I'll look into those articles you've shown on setting up backups and see what I can figure out about getting File History to work properly or using something else.  This may take a couple of days to sort out - I'd like to schedule incremental backups daily so (for example) I won't know if the incremental backups are being done until tomorrow or the next day.  In my current configuration I don't see incremental backups being done for File History and I have looked in Task Scheduler and don't see anything going on there.  So I still have some research to do.

Thanks very much for your help so far.  I'll be back as soon as I have something to report.

Link to post
Share on other sites

  • Root Admin

I've not delved deep into Windows File History as I used it for maybe a couple of days and just didn't personally like how it worked for me. Not that it was bad, just a personal preference that I don't always want every file updated for backup like that. I want a bit more choice than it seemed to offer.

It does seem to keep all versions of changes so that is an incremental of sorts.

No rush or pressure on my end, simply providing information that is hopefully of some value for you. Please take your time and if you need further assistance let us know.

Cheers @Cobra36

 

Link to post
Share on other sites

Well I can't get File History to work correctly.  It's not the problem I was having when I originally posted to this forum, but in doing a spot-check I noticed in one folder not all files were backed up.  I then checked a number of other folders and found all the files there, but it one folder isn't backed up (and there's one file missing that is very important to me) then I can't trust File History.  I did a quick Google search and this just appears to be a File History problem that's been true forever.  For some people at least.

Also I didn't restore any files to see if the files are backed up properly - but seeing as not all files are backed up I wonder whether this may also be an issue.

So may I ask what you use?  I would have tried AOMEI Backupper next, but (thanks for the head's up) I don't trust the Chinese government to stay away from software from Chinese companies.  (You really have to dig to figure out that they're in Hong Kong.)

I'm also debating, now that you've helped me get rid of all of the errors on my computer, to try WD Backup again.  Although that may not be worth the hassle.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.