Windows LTSC Unified Write Filter functionality like Shadow Defender

This functionality available with the LTSC and other enterprise SKUs flies under the radar but its useful. Its similar to Shadow Defender in that it intercepts writes to your physical drive and redirects to a virtual overlay like your RAM. So it comes handy, if you are testing software/driver installs etc.

Its an optional feature so you need to install it via Windows Features and start using the UWFMgr tool.

The magic happens after you have set your drive to protected mode. Install and test any software and once done, just unprotect the drive. Restart and viola, you are back to where you started with a clean slate. You can also download this third party utility to obtain more information on the settings.

This is exactly the same/similar technology what immutable distros are for Linux.

I use this for my Malware analysis/RE lab.
Also, primarily for my parent’s PC. You can use it on Pendrives too,

isn’t using a disk restore software like acronis better? what is the benefit of this? never used Shadow defender, checking out.

It’s a different functionality catering to a different use case. The closest equivalent is using Shadow Defender but that has not been updated in a long time and requires compatibility workarounds to install in 11.