We have been using Faronics Deep Freeze for some time. I was quite skeptical at first as the approach is unique. After 4 years experience with this paradigm I am a believer. They claim to have provided protection from defective patches during the public beta testing initial release phase.
The concept is quite similar to a VM snapshot in combination with a “thaw space” concept. When a PC is frozen all user files must be contained within the thaw space because the other drive partitions return to the VM snapshot state after each reboot.
If your system is infected (or misconfigured), simply reboot and it returns to the previous snapshot. Problem solved. Any user ignoring the use of the thaw space will lose all data not stored within the thaw. This is a small price to pay for such robust security. The thaw space is not protected from crypto-lockers, however.
Snapshots (my term) are created during the freeze process and requires a reboot.
So, Faronics claims to have a robust thaw, distribute known good patches, refreeze automation process including a robust command and control interface. We have never utilized this utility before we converted our first 50 of 250 PCs from Win7 to WinX. Now we need a good tool after forced updates took out 6 of 50 PCs. I hope to test this new patch management feature next week on a small number of WinX systems prior to the pending April patch recovery Wednesday.
Thoughts on the novel approach anyone?
