Automatic Archive in Archiware P5

Automatic Archive in Archiware P5

Let’s say you work in the media and entertainment industry, perhaps in Post production, and maybe, just maybe, you shoot a lot of digital film (R3D, Arri RAW, XDCAM, etc), and just maybe you have a SAN. And maybe you’re lucky and you set up a nice backup system using Archiware P5, for example. What about archive? What about finished projects, what do you do about that? Even more importantly, what do you do about the camera archives? That’s the digital film footage that comes in and gets copied to the SAN before creative work begins… it seems like important stuff. Very important to backup, and even better, to archive! How can we set up an automatic archive in Archiware P5?

DEFINITION: What is the difference between backup and archive? In the media and entertainment industry I would define backup as a continuous data protection of live data on a production volume, while archive is a copy of a finished project or original media that will be removed from the production volume and must kept safe for future retrieval. Backups will roll over (a new full backup every week, or month) and if that is all we had, then footage or projects that are done and gone off the SAN would be then lost. Archive separates out the finished projects or source material as needing an independent safekeeping. P5 Archive also has the option of creating a mini-MAM type database of proxy files that can be easily viewed in a web browser for quick identification of files to be restored.

So, how do we set up an automatic archive in Archiware P5? We want it to be automatic so we don’t have to think about it, since manually archiving like backups can be forgotten. If we set up a watch folder on the SAN then we just have to instruct everyone to drop their camera masters and other source files into the folder when they copy to the SAN and P5 will automatically archive them to an incremental tape archive. Wow. That’s awesome.

Tips and Tricks: If you edit with Final Cut Pro X then I recommend using it to make Camera Archives (a verified copy of the footage from the original card or drive) then placing this in the watch folder. If you’re using Adobe’s Premiere workflow, then Prelude can make a verified copy as well, but not in the same way exactly. This will be the subject of another post. Stay tuned.

Read more

Using Gmail Drafts to… Command and Control your Computer?

Using Gmail Drafts to… Command and Control your Computer?

– See more at:

For those who (over) think before they email, the Drafts folder can be both blessing and a curse. Anyone who has ever accidentally sent an unfinished draft to a coworker, new contact, or friend will probably even go one further: unfinished drafts that reveal what you’re thinking before the thought is polished and ready to be sent can be embarrassing and unprofessional. Thanks to the unending nefariousness of malware writers, the email drafts folder can now also be considered dangerous.

Researchers have uncovered a variant of the Icoscript RAT that uses Gmail draft folders to issue commands to and collect data from infected computers. Many types of malware do this latter part – that is, connect to a “command and control” server,  to provide updates and steal information – but the use of draft emails to make this happen adds a new layer of stealth to the process.

According to reports, attackers are able to pull this off because they can use the remote access trojan to open an invisible instance of Internet Explorer on the infected computer. Windows is built to allow programs to do this, to perform behind the scenes information gathering. With Icoscript, attackers are leveraging this capability to log into an anonymous Gmail account and issue C&C commands through an unsent draft. Conversely, the malware is also designed to place stolen data in drafts for cybercriminals to collect. In effect, attackers have created a malware communication channel, with a trusted program, where nothing is ever actually sent. This makes the malware much harder to detect than programs that perform C&C communication through other protocols, on many of which strange activity will be detected by anti-malware.

Those who have discovered this clever little draft trick – that’s also sometimes used by people who have affairs to exchange messages on a shared email –  stress that “there’s no easy way to detect its surreptitious data theft without blocking Gmail altogether.” For end users, this means that protection hinges on prevention. Icoscript may be good at hiding itself, but it still has to work its way onto your machine. If you’re using an anti-malware that processes roughly 225,000 new malware samples every single day, and you’re well-versed in all the ways cybercriminals use to trick people into installing their creations, it is very unlikely that this will occur.

You will still need to be careful about spilling your heart out in an email draft, though 😉

Have a nice (malware-free) day!

– See more at:

Live Backup Changes in Hyper-V Server 2012 R2

Live Backup Changes in Hyper-V Server 2012 R2

by Eric Siron

Quite some time ago, we wrote a post about taking live backups in Hyper-V. Hyper-V Server 2012 R2 really changed the mechanics of backup. This post examines how those changes have affected live, or hot, backups. Until 2012 R2, backup was strictly based on VSS (Volume Shadow Copy Service) operations. Backup applications trigger VSS in…

Original post link: Live Backup Changes in Hyper-V Server 2012 R2

Widespread Windows Zero Day affecting Microsoft Office Files

In Alerts & Outbreaks by steve on October 22, 2014 | English

– See more at:

Last week, Emsisoft published details on The Sandworm Team, and how this group of hackers has been using vulnerability CVE-2014-4114 to remotely execute malicious code through shared Microsoft Office files. Microsoft has since issued a patch for this vulnerability; however, it has been discovered that there is still a way to exploit Microsoft Office files to serve malware. This new zero day vulnerability has been designated CVE-2014-6352, and it allows attackers to remotely execute malicious code on all supported versions of Windows, excluding Windows Server 2003. This unpatched zero day has been used by The Sandworm Team, and it is currently also being used by cybercriminals across the Internet. Observed attacks have involved targeted emails containing malicious Powerpoint attachments. In theory, this vulnerability could also be leveraged in any scenario where Microsoft Office documents are shared.

How can I stay protected?

The most concerning aspect of CVE-2014-6352 is that it affects the most recently patched versions of Windows. Microsoft is currently investigating the issue, but it could be nearly 3 weeks before the vulnerability is formally patched. In the meantime, cybercriminals will be sure to exploit the vulnerability to serve malware to as many users as they can.

To stay protected, Emsisoft recommends:

  • Avoiding unsolicited Microsoft Office documents whenever possible
  • Implementing Microsoft’s Suggested Actions
  • Using a proactive antimalware that can automatically prevent infection from unregistered threats

Due to the facts that 1) sharing Microsoft Office files is for many people an everyday task and 2) that Microsoft’s Suggested Actions are somewhat technical, it is likely that CVE-2014-6352 will allow cybercriminals to infect a lot of users with malware. Furthermore, because a vulnerability is essentially a doorway into your PC, the malware served in such attacks will widely vary.

User running Emsisoft should know that, as was the case with CVE-2014-4114  and The Sandworm Team, your security solution does offer automatic protection from this latest zero day. If you are running one of our products, no further action is required: simply allow your computer to update whenever Microsoft issues a formal patch.

For those not using protection, we recommend giving Emsisoft Anti-Malware a try. You can actually test it for 30 days, at no cost – meaning that even if you hate it (which we’re pretty sure you won’t 🙂 it will guarantee protection from this latest zero day until Microsoft fixes the problem. After the vulnerability is patched, you can then simply uninstall your trial – or you can keep it, to ensure that you’re protected the next time an application vulnerability (inevitably) pops up.

– See more at:

Paragon Software Group releases Protect & Restore 3.5

Paragon Software Group releases Protect & Restore 3.5 for business organizations of all sizes to meet data protection and restore objectives in virtual and physical environments

October 2014

Unified, scalable protection solution for heterogeneous IT infrastructures now with enhanced performance, a new powerful deduplication mechanism, the most efficient Exchange database backup and recovery, protection of virtual machines hosted by Microsoft Hyper-V, Paragon’s proprietary patent-pending data processing techniques and more!


 FREIBURG, Germany , October 15, 2014 —  Paragon Software Group, a leader in data protection and backup and disaster recovery since 1994, announces the release of  Paragon Protect & Restore 3.5 – an advanced backup and disaster recovery solution with centralized IT management for organizations employing diverse platforms and technologies in physical and virtual environments. The new PPR 3.5 delivers rock-solid security in heterogeneous IT environments consisting of domain and non-domain machines.

PPR 3.5 comes with significantly increased backup and recovery performance by at least 50%. In addition, the new PPR 3.5 is now able to work with complex infrastructures utilizing up to 20,000 objects per OU (Organizational Unit).

The new release brings the most efficient utilization of backup storage and network traffic, delivering a very powerful deduplication mechanism, specially developed for today’s diverse corporate IT environments challenged with managing heterogeneous systems. PPR 3.5 delivers enhanced Exchange database backup and recovery, protection of virtual machines hosted by Microsoft Hyper-V, and other advancements.

In case of a disaster, PPR enables IT administrators to instantly restore any physical or virtual machine, minimizing the downtime and the entire recovery process to seconds. PPR employs the VMware replication mechanism, strengthened and broadened by Paragon Software’s own proprietary patent-pending data processing techniques that enable it to benefit from very fast recovery timings of VM replication during the restore of physical machines, making it a unique feature on the market.

“Data is the most important asset of any organization. In case of a disaster, IT administrators should be able to get systems back online within the minimal downtime. PPR tackles data loss threats posed to companies by providing advanced, easy-to-use protection, incorporating the latest imaging, replication and restore technologies,” commented Konstantin Komarov, CEO of Paragon Software Group.

IT administrators can benefit from PPR’s ease of use via a centralized management console, very low impact on the performance of systems during backup, and distributed architecture providing real flexibility. Attractive licensing models, based on the number of systems and variety of platforms to be protected, are especially optimized to meet up to date IT-compliance and financial controlling guidelines. Paragon offers a competitive (up to 50%) discount to companies replacing multiple data protection solutions for various platforms and environments with PPR, designed to work seamlessly with all.

New features and benefits:

  • Backup Data Deduplication
  • Enhanced Exchange Database Backup and Recovery
  • Enhanced Virtual Machine Backup and Replication
  • Highest Performance and Exceptional Robustness
  • Native PPR Security
  • Rotating Media Support


Availability and Licensing:

With PPR 3.5, Paragon introduces a new and more flexible licensing model, with options to suit various scenarios.  To find out more about Paragon’s cost-efficient starter packages for small and medium-sized companies, volume and non-profit discounts, please send inquiries to

All product editions include the management console, the deduplication server, adaptive restore (restore to dissimilar hardware) and a 1-year maintenance, including extended support and upgrade assurance at no extra cost. For more information on licensing, please visit:

To download a free evaluation copy, please visit To schedule afree webinar, please visit:


PPR 3.5 is also available through Paragon’s partner program.

You can find the full article here

Read more

Choosing a Management OS for Hyper-V: Hyper-V Server Part 2

Choosing a Management OS for Hyper-V: Windows Server

by Eric Siron

In the sister article to this piece, we talked about choosing Hyper-V Server over Windows Server as the management operating system. In this one, we’re going to go down the other road and make the case for Windows Server instead. A Clear Definition of Hyper-V Terms The earlier article had a section devoted to clearing…

Read the full blog post here.

From the Test Laboratory: Greatly Increased Archiving Performance with MailStore Server 9

MailStore Server performs a check on every email in the mailbox to see whether it is already in the archive when archiving from mailboxes. This is how it prevents duplicates from occurring in the archive.

The time required for this process varies and depends on the number of mailboxes to be archived, the volume of received email, and the size of the existing archive.

Now an intelligent caching system and a new store hinting algorithm have been implemented in MailStore Server 9 for the first time. The algorithm greatly reduces the time required for checking emails when archiving mailboxes.

Read our new white paper to learn more about how MailStore Server 9 proves its worth during a performance test and how you can achieve an even greater increase in performance.

Choosing a Management OS for Hyper-V: Hyper-V Server

Choosing a Management OS for Hyper-V: Hyper-V Server

by Eric Siron

For the server edition of Hyper-V, you have a choice in management operating systems. You can use the free, no-GUI Hyper-V Server or you can use the full-fledged Windows Server. This will be the first of two articles in which I will argue both sides of the debate. In this installment, I’ll take the position…

Read the full blog post here.

Attack of the Qbot: 6 years, 800,000 online banking transactions sniffed

Attack of the Qbot: 6 years, 800,000 online banking transactions sniffed

What’s been around for 6 whole years, has infected roughly 500,000 Windows-based PCs, and has intercepted information from over 800,000 online banking transactions, including account credentials? Zeus? Guess again.iBanking? Nope. Dyre? No, it’s not that one either – although it does have an equally unusual name. This time around, the culprit is called Qbot, and according to researchers it’s a highly successful botnet operation specifically targeting people who use older versions of Windows in the United States and Europe.

What is Qbot?

Qbot is a family of malware that spreads through compromised WordPress sites. Once these sites are compromised, they are reprogrammed to exploit visiting computers that contain application vulnerabilities.Once these vulnerabilities are exploited, the computer is instructed to download Qbot, a malicious program that connects the machine to a botnet and that can steal banking credentials.

Who’s at risk?

According to recent reports, Qbot has an eye for the outdated.  Since 2008, 52% of observed infections occurred on Windows XP; 39% of observed infections occurred Windows 7; and, 7% of observed infections occurred on Windows Vista. In all that time, 59% of Qbot banking interceptions occurred when a user accessed a website of one of the 5 largest banks in the United States.

Every Q needs a U – Don’t become one

Qbot is currently alive and well, with 75% of its 500,000 infected bots residing in the United States.

With headlines reading that the security of nearly 83 million JPMorgan Chase accounts has been compromised by Russian hackers and that 56 million people who shopped at Home Depot between April and September 2014 will need to get a new credit card, 500,000 might not seem like a lot. But a stolen banking password is still a stolen banking password, and in addition to credential theft Qbot also allows attackers to rent out your computer to cybercriminals looking for a zombie horde to commit malicious deeds (think spam or taking down a competitor’s website by overloading it with traffic).

What can you do to stay protected?

Well, a quick look at the stats should make the steps to prevention pretty clear. Don’t run an outdated OS filled with applications that haven’t been updated in years… and if you do, don’t use it to bank online. If you’re unfamiliar with why doing so is generally unsafe, we’d recommend this article on application vulnerabilities.After that, you can also check out the Emsisoft Security Knowledgebase to learn How to perform online-banking securely.

Want an automated solution instead? Then check out the brand new Emsisoft Internet Security. It can block Qbot variants in 3 different ways and also features an online banking mode specifically designed to harden browser software against vulnerabilities the malware attempts to exploit.

Have a great (Qbot-free) day!

For more on Qbot, see this recent featured article from SC Magazine.

New Case Study: MailStore Server Implemented at the Beltz Group

New Case Study: MailStore Server Implemented at the Beltz Group

Ever since its founding in 1841 in Langensalza, Thuringia, the Beltz Group has remained an independent family-run business that still specialises in publishing. The publishing group releases academic books and magazines for psychology and education (‘Psychologie Heute’), as well as children’s books, including the famous Janosch series. Approximately 450 employees at sites in Weinheim, Hemsbach, Frankfurt am Main, and Bad Langensalza help contribute to an annual turnover of more than €35 million.

The media company archived its emails with a competitor’s solution until the beginning of 2014. Since this failed to meet expectations, Jürgen Krapp, network administrator for the Beltz Group, carried out some research into possible alternatives. The business switched to MailStore Server in February 2014 after a brief evaluation phase.

“We particularly liked how the MailStore solution was installed within two to three hours and you could start using it immediately. Of course we tested everything first but we had no problems throughout the entire test phase. This is exactly how email archiving should be,” summarizes Jürgen Krapp.

Since Beltz replaced another manufacturer’s email archiving solution with MailStore Server, they were able to profit from our competitive upgrade offer, which enables customers to purchase our solution at a special discount rate of 50%.

The project leader describes the migration to MailStore Server in the corresponding case study.