Shadow Defender Questions

I just downloaded and installed Shadow Defender (trial) and as there doesn't appear to be a user-guide, I would appreciate answers to the following questions (along with any tips you care to share):

Where does SD place its Shadow Mode file? - can I specify a partition other than C: ?

Which types of programs/folders should be placed in the Exclusion list ?

With multi-partitions, is it best to just protect the system partition ?

Is it best to set SD to go directly into Shadow Mode upon startup/restarting ?

Should I install a new program by exiting Shadow Mode or should I install it in Shadow Mode and then commit it ?

Thanks!

 

Open the main GUI on the top right there's a help tab.

No, I don't think you can have access to the shadow volume, if Windows detected it, so would malware.

It is really rather personal, but usually the antivirus updater (I have Windows Calendar, and a file where I keep interesting links) Keep in mind that the more you exclude, the more you weaken the system while in shadow mode. I prefer to commit files.

Maximum protection is achieved by shadowing all partitions.

Again it is a matter of circumstances and personal choices. I don't think it makes any difference. Some people might choose schedule not to forget to switch to shadow mode.

If the program doesn't require a reboot, you can test it in shadow mode. If you are happy with it you can commit the installer, reboot and install for good. IMO it is very difficult and time consuming to commit a program already installed in shadow mode

 

If we could locate the Shadow Mode container/file & then be able to use a secure delete app on it after a session, this would be a bonus

I've asked before about both these things, and nobody seemed to know the answers

@ Wendi

I've created an excluded folder on my desktop, but it could be Anywhere, including another partition and/or USB stick/drive etc. In here i keep a .txt file that i use to compose things i want to post/email etc, and where i save interesting links and info etc i find to later maybe save. I also temp save screenies for posting in there, and delete these and anything else i don't want after a reboot, or sometimes before. This folder is also very handy for storing anything i may have DL'd whilst in an SD session. I've never had any problems with this method

 

Thank you for the feedback. Btw, I'm a heavy user of MS Outlook for Email, Appointments, etc. Should that be in my exclusion list (and for that matter, how about My Documents folder)?

 

Hi there,

MS Outlook keeps all the user data such as email, appointment in a .pst file. Usually, outlook.pst.

I keep this file in a different partition, so that I won't lose my data when coming out of the Shadow mode.

 

Don't you have the same issue with Sandboxie?

 

Hi back atcha,

I am aware of the folder which store my Outlook data, but if I keep it in another partition to prevent losing current Outlook data, then I can't protect that partition (which goes to the 3rd question in my op)!

Wouldn't it make more sense to simply add Outlook to the Exclusion list (or is there a problem in doing that)?

Using SD is more convoluted than I thought it would be.

 

would not excluding emails, poke a hole in the defense of what SD does ? I used to stay in shadow mode for a week before coming out. With emails I have found having a web based email program is best with SD. It really isnt hard to use. The point is you are creating a virtual PC and anything that isnt "virtual" defeats the purpose.

 

Hi trjam,

I understand where you are coming from, but I won't give up Outlook - it's much easier (for me) to give up SD!

 

ok, what the hell, exclude it. Maybe install MBAM to run a scan of it before exiting out of Shadow Mode would be the easiest way to do it. You wont know until you try. You should be able to just exclude the main program. Forget the .pst crap as that is not a concern for what you are wanting to do, just the Outlook folders.

 

I'm sorry, but I don't understand that (the pst file contains my personal Outlook email/calendar data, so doing what you suggest would prevent it from getting updated).

 

would not just excluding your main program recitify that. I know it will as I use to do it a couple of years ago with SD.

 

C:\Windows\Application Data\Microsoft\Outlook\Outlook.pst

 

Hi there,

The .pst data file itself is not dangerous. Of course, MS Outlook and related stuff would still be running under the Shadow Mode.

When you open MS Outlook, Microsoft brings the .pst data file in memory and locks the actual .pst data file on disk. When you close MS Outlook, after a minute or so the .pst data file is released from lock.

So, if you open an infected email and trigger a virus, which was bypassed by you AV and other on demand security, the virus will be still contained in the Shadow mode.

All my user data is under Z:\Dropbox and syncs to my other PCs.

 

This is what behind Returnil, which gives you a virtual disk as Z for saving your data on coming out of Shadow mode.

 

Unless one has changed the default it would be in the "C:\Documents and Settings\user_id\Local Settings\Application Data\Microsoft\Outlook" folder.

 

Pete/KoR,

As I'm just 'trialing' SD (haven't purchased it yet) - would I be better off with Sandboxie/Returnil/[something else] than SD (considering my daily use of MS Outlook)?

PS. My only other security software is Norton Internet Security 2011.

 

Returnil is very simliar to SD,so that being the case...
For your case,I'd say give sandboxie a try,it wont mess with your MS Outlook at all.

 

anything you want for example I have Browser book marks, log ons and MD rules.

For FF users if you want to save Book Marks navigate to the file "places.sqlite"
located in ff profiles and add that to Exclusion list . If you want to save FF user password log ons navigate to the file "signons.sqlite"

with the Tempory shadow volume being the one in use malware would have access to it anyway because you are using it, its location is irrelevant.

When running in shadow mode I think a lot of it is actually running in memory.

 

I thought that was what I typed.

 

Thank you for the offer, but I'm an IE7 user.