The unofficial Shadow Defender Support Thread.

Sure! Yes!

Page: 129 # 3206 = Boot Screen
Page: 129 # 3209 = BSOD
Page: 132 # 3298 = Hiber/disable fast boot

"MW, can you be more specific re the 'SD bug' to which you are referring (when using W8's fast-boot)?"
Page 132 is the one that make me very uncomfortable! About Shadow Defender!

Best regards!

 

MW, of those listed I believe #3298 is the only potential bug undergoing investigation, as the others occurred in prior releases and were corrected by Tony in build 519. Until Tony resolves the latter (Win8-specific) issue all you need to do is disable fast-boot and hibernation. After doing that, you shouldn't have a problem running SD.

TS

 

Hi,
"MW, of those listed I believe #3298 is the only potential bug undergoing investigation, as the others occurred in prior releases and were corrected by Tony in build 519. Until Tony resolves the latter (Win8-specific) issue all you need to do is disable fast-boot and hibernation. After doing that, you shouldn't have a problem running SD.

TS"

Let us know when this is corrected by Tony! That is disable fast-boot and hibernation. The sooner the better! Hopefully much sooner!

 

You really don't have to wait on Tony, especially since you will just be running a 30-day trial to see how much you like SD. Just disable fast-boot and hibernation, as The Shadow suggested, it's easily done and won't hurt anything (I actually never use hibernation). Then install SD and be ready to be amazed!

Almost time (in NY) for fireworks, so bye for now.

Wendi

 

I for one am amazed. SD is truly amazing. I would hate to have to use my computer without it.

 

Yes it is truly superb and extremely useful.
For example...I use it for experimenting with editing and if I get a good final edit, I'll commit that and any other junk or lesser saved edits will be gone after re-boot to normal mode. I also use it to programs that I wouldn't otherwise dare to try because of my lack of knowledge and it helps me to get experience in those areas...so as long as I'm offline at the time, I can try software without fear of it mangling my real system.
Also I often install software for a one off use in Shadow mode knowing that it won't carry through to overburden my real system.

I use it every day. You just have to remember if you are set to re-boot from Shadow Mode to ordinary mode that you commit whatever you need to commit before you leave Shadow Mode...otherwise, your face will go pale when you realise, it's gone and all your hard work was for nothing. If you are testing software that you are unfamiliar with, stay offline whilst you are using it just in case of trojans or 'call homes' that might give some indication of the workings of your real system when you re-boot.

Patrick

 

Hi,

I will install Shadow Defender sometime on Sunday during the day! Having a hard making up my mind with Sandboxie and/or Shadow Defender for my PC's.

Of which one offer better protection?

#3338

 

can't compare both , one virtualize the whole system (SD) , the other only what you execute (SB)

 

guest,

Thanks! For making my choice easy!

 

I just found out that passwords can be extracted from the pagefile and so I am wondering if SD virtualizes the pagefile? I know that you can choose to encrypt the write cache in SD, but does that include the pagefile? Or does anyone really know?

 

The default location of the page file (pagefile.sys) is in C:, so once you place the c-volume into shadow mode everything in that volume is virtualized (with the only exception being any exclusions you have listed). However, if you have relocated pagefile.sys to another volume, it would only be virtualized if/when that volume is placed into shadow mode.

TS

 

Install Shadow Defender here in my Feedback:

> Windows 8.1.1 X64 Bits Operating

> After shutdown/restart of the PC 3 time it now showing Shadow Mode.
> IE is working correctly now! It would not open at first!
> Still no yellow border around my browsers is this normal?
> Also, notice a slow boot up and performance is just a little bit slower!
> Performance meaning with my browsers going from one page to another page!

Looking forward to your feedback?

Just wondering ? Will Shadow Defender protect me from Cyrpto Locker and Prison Locker?

Thanks!

 

So no data like passwords could be saved after reboot while SD is enabled? This is a really good thing. I had no idea that passwords could be extracted like this until recently. Thanks for letting me know this. God Bless Shadow Defender! I think it is the most wonderful piece of software that I have ever seen or heard of. It's like having a magical power.

 

,

You are confusing Shadow Defender (which displays a small Shadow Mode label) with Sandboxie (which produces a yellow border around your browser)!

I do not notice that at all (but I'm running Windows 7).

Yes, if your system volume is in shadow mode at the time you are infected by any of the ransomware variants.


Moose World, may I respectfully suggest that you refrain from using that 'dramatic text' (bold, underlining and colored fonts). It's really gets to be annoying!

TS

 

I have both but very rarely use them together. When browsing on the internet I only use Sanboxie (with restrictions) as it will sandbox Chrome and anything that will happen during the session. An AV and Virus total will tell me if a download is safe, although very rarely anything is flagged.

I use Shadow Defender for testing purposes (not malware) and when I need to plug in third party flash drives in my work. Flash drives can be sandboxed too, but I prefer Shadow Defender in this situation as it virtualizes the whole drive, giving me less anxiety in the process.

Why do I like SB? Because when I'm doing research work I don't have to worry about re-booting, excluding, committing anything... In shadow mode when doing serious work one has to remember to commit the work which would be otherwise lost when re-booting, committing 2 GB of images could take up to 10 minutes, a long time if one is in a hurry.

I can't imagine using any of my machines without these two great programs, their protection is arguably the best one could get nowadays. I've used Shadow Defender since its creation, and it has been effective with literally hundreds of types of malware (flash drives from other people are often infected).

 

Moose, Shadow Defender will not prevent you from becoming infected, but any infection you get while in Shadow mode will be discarded once you reboot. You are operating in a virtual environment similar to a Virtual Machine. Shadow Defender protects you by dropping all changes made while in shadow Mode after rebooting. If you become infected while in Shadow Mode that infection will actively run on your machine until you reboot again. After you reboot all changes made to your machine while in Shadow Mode will be discarded, and your machine will return to the exact state it was before entering Shadow Mode. You can test this yourself by uninstalling some software, and deleting some files while in Shadow Mode. After you reboot you will see that the software you uninstalled, and files you deleted are still there. Shadow Defender will not allow you to make any changes to your machine while in Shadow Mode unless you define exclusions in Shadow Defender's settings. If you want to test this just make sure the software you uninstall, and the files you delete are located on the volume that you are running in Shadow Mode.

 

In post #3360 you asked if SD virtualizes the page-file and (as I replied in #3361) it does if you were running the page-file's volume (typically the C-drive) in shadow mode.

Now I'm not quite sure I understood your actual concern, as now you may be asking if your passwords are protected from potential spyware while in shadow mode. If that's what you're driving at, the answer is a definite 'No' (that's why it's very important to run a real-time AV-AS program all of the time, even in shadow mode)!

TS

 

Hi,

> Still no yellow border around my browsers is this normal?
You are confusing Shadow Defender (which displays a small Shadow Mode label) with Sandboxie (which produces a yellow border around your browser)!

Okay! Thank you! For clearing this up!

> Also, notice a slow boot up and performance is just a little bit slower!
> Performance meaning with my browsers going from one page to another page!
I do not notice that at all (but I'm running Windows 7).

Big difference in Windows 8.1.1 Especially in the Browsers.
Need work and/or improvement in this area... without question!
And page loading!

I will compare the page loading of the browser to another PC starting tomorrow.
Very annoying about the page loading and start up of the PC.

Will Shadow Defender protect me from Cyrpto Locker and Prison Locker?
Yes, if your system volume is in shadow mode at the time you are infected by any of the ransomware variants.
​

Okay! Thank you! For clearing this up!


Question,please! How often is Shadow Defender updated? And is the development on going? Can you explain or give me
more detail?

http://www.shadowdefender.com/images/new.gif2014.4.25
Version 1.4.0.519 is released.

http://www.shadowdefender.com/images/old.gif2013.9.13

Seem to be a big gap with this time period. If a professional had a gap like this on his resume. He/she
be not working or on unemployment. Can you explain? And give one better insight into this,please?

" Moose World, may I respectfully suggest that you refrain from using that 'dramatic text' (bold, underlining and colored fonts). It's really gets to be annoying!"
TS
Okay! Understand! Just trying to add a little color to a black and white page! And your are entitle to your opinion!
Respectfully!

Kind regards,

Moose World

 

Cutting_Edgetech and Osaban,

Thank you for the insight and information with Shadow Defender. It is truly appreciated.

 

Here are some points to consider that may help you decide. Sandboxie and Shadow Defender are different types of virtualization, and it helps to have an appreciation of how each works.

First a general note about virtualization. Virtualization prevents the system from becoming permanently infected by malware and ensures perfect cleanup, with no traces of any malware remaining outside of the virtual environment; but it doesn't, by itself, prevent malware from running within the virtual environment, with the possible risk of data and identity theft.

Furthermore, there will always be some files and folders that the user won't want virtualized (in case of data loss as a result of forgetting to save changes to data before exiting the virtual environment). These may be a potential target for ransomware, e.g. Cryptolocker.

Virtualization is a useful layer to contain system change but shouldn't be thought of as a complete security solution. Some kind of additional protection is also required. This can be real-time AV/AM, or can be HIPS, policy-restriction, anti-execution, etc, according to user preference.

Sandboxie
Sandboxie is an application sandbox that works at the file system level, but only for those applications that the user chooses to run in the sandbox. Sandboxed applications have all file system and registry writes redirected into the sandbox container folder, isolating them within the sandbox. Sandboxed applications also have to be isolated from interacting with unsandboxed applications in ways that would allow sandbox security to be breached. Isolating sandboxed from unsandboxed processes introduces some complexities.

1. Application software updates can sometimes break sandbox functionality, which means that Sandboxie has to be kept updated to cope with the consequences of software changes in applications that are candidates for sandboxing, e.g. browsers. Unless a lifetime license was previously purchased before the Invincea takeover, keeping Sandboxie up to date will mean purchasing an annual license.

2. Sandboxie compatibility settings may be required for Sandboxie to work smoothly alongside some other security applications and utilities. There may be also a few applications which simply aren't compatible.

3. Sandboxie has to prevent the installation drivers and services within the sandbox, and cannot be used to test software that installs a driver or service.

One of the major plus points of Sandboxie is that it also has a rich set of policy-restriction features that can be applied to applications running in the sandbox. It is much more than just application sandboxing, which means that Sandboxie can be used as a complete security solution for the containment of untrusted applications.

Shadow Defender
Shadow Defender is lightweight virtualization that works below the level of the Windows file system to virtualize entire disk partitions. As a minimum this should include the system partition. Changes are virtualized by redirecting all disk sectors writes on a shadowed partition to a hidden temporary cache. Shadow Defender can be thought of as sitting between Windows and the running applications. This has some consequences.

1. Providing applications are making normal Windows file system calls (direct disk writes are prevented), Shadow Defender will handle disk sector redirection without the application being aware of Shadow Defender's existence. This is a simple and robust mechanism. Shadow Defender does not need to be kept up to date to cope with software changes in applications. Furthermore, the license is lifetime, covering all future software updates.

2. No software compatibility settings are required for Shadow Defender to operate smoothly alongside other security applications and utilities. The operation of Shadow Defender is invisible to applications running at the level of the Windows file system.

3. As all system changes are discarded when rebooting to exit Shadow Mode, Shadow Defender restores the system to a previous known state in order to eliminate unwanted change from whatever cause: malware infection, system crashes, etc. It's about more than just protecting the system against infection by malware.

4. Because the entire system partition is virtualized in Shadow Mode, all processes are running within a system-wide sandbox. No process isolation between sandboxed and unsandboxed processes is needed. Software that installs drivers or services can be tested using Shadow Defender, providing that it does not require a reboot to complete the install.

5. Because Shadow Defender virtualizes the entire system partition, care needs to be taken to ensure that changes to data aren't accidentally lost when rebooting. If the data folders are located on the system partition, Shadow Defender can be configure to permanently exclude them from virtualization. Alternatively, data folders can be moved to a separate data partition, if there is one. (As an alternative to folder exclusions, changes to data files can be committed manually but it does mean remembering to do it to avoid data loss.)

Unlike Sandboxie, Shadow Defender does not have any added real-time protection features beyond virtualization. This makes it essential to supplement Shadow Defender with additional real-time protection.

Finally, because they operate differently, they can be used together. Sandboxie can provide the additional real-time protection for sandboxed applications that Shadow Defender lacks, whereas Shadow Defender enables the system to be kept in a constant state that can also be useful for software testing.

Hope that helps.

 

Pegr,

Thank you for the great detail with the additional insight and information about Sandboxie and Shadow Defender. This is truly and appreciated! And it nice too know that you can run Sandboxie and Shadow Defender.

You may want to go back and see my security setup, just to make sure it safe to run Sandboxie and Shadow Defender together? At the time on the PC? Post # 3338

I am open to suggestions about my security setup? Always looking for improvement. From anyone!

Kind regards,

 

Question, with the File Exclusion List. Can I exclude my Emsisoft Anti-Malware, Malwarebtyes Anti-Malware and Trojan Hunter. So, that they can receive there updates. And keep them running in real-time without any chances to them on my PC? Could you give a example, please! So, that I can make sure that I am doing
this correctly!

Thank you!

 

Moose,

There is absolutely nothing to be gained in doing that and in the process of listing exclusions you may even open some 'holes' for malware to creep through! Just let those security programs update as they will - in and out of shadow mode.

TS

 

File and folder exclusions are best reserved for user data in my experience. The problem with excluding program data is that there may be associated registry entries that won't be saved on reboot. In the worst case, this can lead to a loss of integrity where the application no longer functions correctly. When it comes to AV/AM definition updates, the safest course of action is to allow them to be automatically downloaded again when the system is next rebooted.

 

MW,

I completely agree with those 'words of wisdom' from TS and pegr.

Wendi