Looking to add the final layer

Discussion in 'sandboxing & virtualization' started by n8chavez, Mar 14, 2012.

Thread Status:
Not open for further replies.
  1. n8chavez
    Offline

    n8chavez Registered Member

    I'm looking to add the final layer of my setup, which already includes Sandboxie Pro, Shadow Defender x64, and LnS. I was wondering if anyone had an opinion as to what may fit my current setup the best. I was thinking of either Hitman Pro, Windows Defender, or AppGuard. Any ideas as to what my complited my layered approach the best?

    Thanks.

    n8
  2. Dark Shadow
    Offline

    Dark Shadow Registered Member

    I would not even bother with windows defender.Hitman Pro is always good to have on hand.AppGuard and Sandboxie together is a killer combo,But IMO you dont need it with your current setup.
  3. n8chavez
    Offline

    n8chavez Registered Member

    Do you mean that there would be no point to adding AppGuard. I do kinda like it, but to be honest I am looking for something that is set-and-forget.
  4. Dark Shadow
    Offline

    Dark Shadow Registered Member

    No I am not saying there is no point in fact they complement each other, but with whats in your current sig I doubt its needed,but it cant hurt to have for the extra layer.
  5. Noob
    Offline

    Noob Registered Member

    HMP would be very good as the last layer, no performance impact, super light/fast and very good detection. :thumb:
  6. n8chavez
    Offline

    n8chavez Registered Member

    You know, that's what I thought too. I like Hitman Pro, and I have a license for it, the only thing is that there seems to be a bug in it that prevents scanning via the context menu on a directory is that directory has sub directories in it. That's my only issue with it.
  7. acr1965
    Offline

    acr1965 Registered Member

  8. n8chavez
    Offline

    n8chavez Registered Member

    That is a nice idea. But it seems redundant is you have HMP installed because it lets you take advantage of the VirusTotal API to upload files there too.
  9. Noob
    Offline

    Noob Registered Member

    Not a bad idea but HMP would cover the whole PC instead of specific files? :D :thumb:

    Still a very good idea if you tend to download lots of files from the darkz sides of the web. :D
  10. Hungry Man
    Offline

    Hungry Man Registered Member

    I would say any setup needs EMET.
  11. Dark Shadow
    Offline

    Dark Shadow Registered Member

    +1 :thumb:
  12. Wendi
    Offline

    Wendi Registered Member

    Whenever I have run Hitman Pro it finds and lists files, which I know are perfectly safe, as 'Suspicious'; one example being Drive Snapshot's snapshot.exe. :doubt:

    So I would suggest adding Panda Cloud AV to your setup. It's free, truly 'light as a feather' and has never bothered me with FPs! Adding PCAV would give you real-time interactive antivirus protection, which you don't now have.

    Wendi
    Last edited: Mar 15, 2012
  13. Blues7
    Offline

    Blues7 Registered Member

    On a similar note, when HMP recently detected three alleged remnants of adware during a scan, electing to remove them left my system (XP Pro SP3) unstable forcing me to install a recent image via Drive Snapshot.

    Erik has not yet accounted for why HMP caused this instability during the process. I have removed HMP for at least the foreseeable future. YMMV.
  14. Wendi
    Offline

    Wendi Registered Member

    Hi Blues,

    Seeing that you use Emsi's Anti-Malware, I found (quite often) that it also alerted me with what turned out to be FPs! Have you not noticed that?

    Wendi
  15. Blues7
    Offline

    Blues7 Registered Member

    Hi Wendi,

    It's been great for me. The only FP I've had was when I downloaded the Shadow Defender installer and scanned it prior to installing.
  16. Noob
    Offline

    Noob Registered Member

    I have experienced around 3 FP's with EAM. (Been using it for 2 years already)
    All of them were fixed within 24 hours after submitting the samples a FP right through the UI. :D
  17. pegr
    Offline

    pegr Registered Member

    AppGuard would add a significant extra layer of system-wide protection that should work well with your current setup without causing any conflicts or other performance issues. In my experience, it is a very good complement to Shadow Defender.

    Like Sandboxie, AppGuard requires some initial customisation to get the best out of it, but after that it is entirely set-and-forget during normal operation.

    An exception to set-and-forget is that when installing new software (and for some system updates) you have to temporarily lower the protection by manually switching AppGuard to Install mode. This is a direct consequence of the strength of AppGuard's protection against drive-by downloads.
    Last edited: Mar 16, 2012
  18. kjdemuth
    Offline

    kjdemuth Registered Member

    pegr,
    Are you using shadow defender and WSA? It says you are in you sig. Just curious because I was having issues with both installed.
  19. pegr
    Offline

    pegr Registered Member

    Yes, I am. The only issue I've experienced is that the system sometimes hangs at the Windows XP shutdown screen when I reboot, which I established is due to a conflict between WSA and AppGuard, not Shadow Defender. I haven't personally experienced any issues between WSA and Shadow Defender though.

    What problems are you having?

    EDIT: I've just noticed from your signature that you also use Panda Cloud. I have experienced conflicts between Panda Cloud and Shadow Defender in the past. Are you sure that it's WSA and not Panda Cloud that is causing your issues?
    Last edited: Mar 16, 2012
  20. Wendi
    Offline

    Wendi Registered Member

    Hi pegr, it's been a while since we chatted (I am so grateful that you introduced me to Shadow Defender)!

    I'm using Panda Cloud AV v1.5.2 with SD and they have been getting along together very well. Every so often when I bootup I get a PSUN error and as a result Panda isn't running. But that can't have anything to do with SD because I don't start SD on bootup! So far I haven't experienced any Panda - SD conflict when restarting in order to exit Shadow Mode.

    Wendi
  21. pegr
    Offline

    pegr Registered Member

    Hi Wendi,

    I too sometimes experienced PSUN errors at system startup with PCAV 1.5.1 and I agree that this is unlikely to be anything to with Shadow Defender if Shadow Defender is set to start normally with Shadow Mode disabled. I too never experienced any problems rebooting to exit Shadow Mode as long as Shadow Defender was set to start normally at system startup.

    The issues I experienced using PCAV 1.5.1 and Shadow Defender together were that, on my system, Shadow Mode sometimes couldn't be entered with PCAV real-time protection active. The problem only occurred on the system partition, never on either of my two additional non-system partitions. There were also sometimes conflicts at boot time if Shadow Defender was set to automatically enter Shadow Mode on the system partition at system startup.

    I suspect that PCAV accesses the disk in a way that prevents Shadow Defender from locking the system partition when enabling Shadow Mode if PCAV's real-time protection is busy accessing it at the time. Disk locking is necessary to enter Shadow Mode on the system partition but not on non-system partitions, which is also why a reboot is necessary to exit Shadow Mode on the system partition but not on non-system partitions.

    This would explain why the problem is intermittent, and also why it doesn't affect non-system partitions. It's not really a big deal though because all that is needed for reliable operation if this problem does occur is to always enter Shadow Mode manually after startup, and to temporarily disable PCAV real-time protection before entering Shadow Mode on the system partition.

    Interestingly, I've never experienced these issues with any other AV I've tried, only PCAV. I suspect that the way PCAV handles the disk is also involved in the confirmed firewall issue that I reported between the PCAV 1.9.1 beta and Shadow Defender, whereby the PCAV firewall doesn't resolve file path names properly if Shadow Mode is enabled.

    Regards
    pegr
  22. The Shadow
    Offline

    The Shadow Registered Member

    pegr, I certainly don't question the Panda-SD issue you experienced but I wonder if there wasn't something else 'at play'. As you can see from my sig I also use PCAV with SD and like you I'm running on XP SP3 as well. I have never been unable to enter Shadow Mode (I only use SD to 'shadow' my system partition).
  23. wtsinnc
    Offline

    wtsinnc Registered Member

    Why not add Keyscrambler. They offer a free version which is regularly updated and it is non-intrusive.
  24. pegr
    Offline

    pegr Registered Member

    I'm sure you are right that it is specific to certain hardware/software configurations. That's often true with these kind of issues, which is why it can be difficult to pinpoint the exact cause. You see this kind of thing all the time in the forums where a few people are reporting an issue that most other users don't have.

    That doesn't make it any less of a conflict for me though, as Shadow Defender works perfectly well on my system when PCAV real-time protection is not enabled. As I said, I have never seen this issue with any of the other AVs that I have used, so it appears to be something specific to the way PCAV works that can be an issue on some systems that have Shadow Defender installed.

    The firewall issue in the PCAV 1.9.1 beta when Shadow Mode is enabled has been confirmed as genuine and reproducible, and has been referred to the developers for investigation. Again, it suggests that there may be something slightly different about the way PCAV accesses the disk. Other firewalls I have used have never had a problem resolving file path names correctly with Shadow Mode enabled.
  25. kjdemuth
    Offline

    kjdemuth Registered Member

    That's really odd because I have no issue with PCAV and SD. Of course you know my issue with SD and WSA. Which you have on problems with either. Just goes to show you that each persons system is very different. I would love to be able to run WSA and SD together. I might try it again after a few more versions. Currently I'm happy with PCAV.
Thread Status:
Not open for further replies.