The unofficial Shadow Defender Support Thread.

Discussion in 'sandboxing & virtualization' started by Cutting_Edgetech, Feb 14, 2011.

  1. pegr

    pegr Registered Member

    Joined:
    Apr 8, 2008
    Posts:
    2,280
    Location:
    UK
    You're welcome. :)

    Regards
     
  2. AaLF

    AaLF Registered Member

    Joined:
    Feb 20, 2005
    Posts:
    986
    Location:
    Sydney
    Thanks a bunch Kircho. Great little bonus. :thumb:
    you can make that 16 happy clients now. :thumb:

    I also set it so that its now a start-up in-your-face pop-up. At last I dont have to glance up to the top of the monitor 30 minutes after going on the net to realise I forgot to invoke Shadow mode.
     
  3. Kircho

    Kircho Registered Member

    Joined:
    Sep 8, 2008
    Posts:
    4
  4. PC_Dunce

    PC_Dunce Registered Member

    Joined:
    Dec 16, 2011
    Posts:
    1
    Location:
    UK
    Sorry if this is being posted in the wrong place but I am extremely new to forums of any kind.

    So to my question which is related to shadow defender. (I had a search around to see if anyone had asked this question but no joy).

    I currently have 32bit version of XP which is being protected by Shadow Defender. I have now upgraded my machine to work with windows 7 and purchased a copy of 64 bit win7. Also I have successfully slipstreamed SP1 to an ISO(i hope). What I wish to do is try out the finished product by installing it (testing) and still being able to return to xp afterwards. So that I know when time comes for me to swap everything will be smooth.

    Finally to the long drawn out question. Is this possible or would I need to partition the drive for it to work.

    Many thanks for any replies.

    Meena
     
  5. Wendi

    Wendi Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    643
    Location:
    USA
    Please forgive me if this is a dumb question, as I'm a total noob when it comes to SD. ;)

    How does a SD user with a real-time AV configure SD so that intra-day AV updates 'take'? - or is a real-time AV of no value in a SD-protected system? o_O

    Thanks,
    Wendi
     
  6. pegr

    pegr Registered Member

    Joined:
    Apr 8, 2008
    Posts:
    2,280
    Location:
    UK
    Hi Wendi,

    A real-time AV can be of value in a SD-protected system, as can policy restriction and anti-executable software. Virtualization alone cannot protect the user against the damage that malware may do in terms of data and identity theft if it is allowed to run unchecked within the virtual system. Virtualization is best deployed as part of a layered security strategy IMO.

    Regarding configuring SD to work with real-time AV updates, it will depend on the specifics of the AV concerned as to what will work and what won't.

    If the AV is a traditional AV that requires regular downloading of signatures you may be able to add the folder(s) where the antivirus definitions are stored to the SD Exclusion List. This will only work if the AV doesn't also update the registry as part of the update process though; otherwise you may find that the definition updates although stored on disk have not been registered within the AV and get downloaded again and reapplied the next time you exit Shadow Mode.

    If that happens then, as an alternative, you could exit Shadow Mode periodically to allow definition and program updates to be downloaded and applied permanently to the system before entering Shadow Mode again. Personally I prefer this approach and I have a scheduled task set up to automatically exit Shadow Mode overnight when I'm not using the machine to allow updates to take place then I manually re-enter Shadow Mode in the morning before using the machine.

    Alternatively, you could try a cloud-based AV that doesn't require updating when connected to the Internet. Panda Cloud Antivirus (PCAV) and Webroot SecureAnywhere (WSA) both come to mind.

    Panda has a free version but one thing to watch with PCAV, if you decide to try it, is that its real-time protection can interfere with the disk locking that SD has to do in order to enter Shadow Mode. From my own experience for trouble-free operation, it's best to suspend PCAV's real-time protection prior to entering Shadow Mode then re-enable it again afterwards.

    If you are prepared to pay then WSA has the advantage that all of its settings, offline cache, etc, are held within a single folder in the user profile without using the registry, so it works perfectly with SD simply by adding one folder to the SD Exclusion List. Unlike PCAV, WSA doesn't cause any problems with SD disk locking either, so it isn't necessary to suspend real-time protection when entering Shadow Mode.

    Depending on which AV you are using, you will need to experiment to find the approach that works best for you, but hopefully the above will give you some ideas.

    Regards
    pegr
     
  7. Wendi

    Wendi Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    643
    Location:
    USA
    Hi pegr,

    Thanks so much for your in-depth reply - it gave me a better idea about some of the issues I would need to address with SD.

    Currently, I'm using Norton Internet Security which updates several times a day, but I don't have a clue as to the associated folder, registry, etc. Furthermore, I just thought about Windows updates which I now have set to automatic. I guess with SD those would have to be handled manually? I'm also an MS Outlook user for email (pop3), calendaring, etc., and I now realize I would also have to exclude Outlook's pst folder in SD.

    While at first glance, SD seemed like it would be a great addition from a security perspective, but now that I'm getting a better feel for what would be involved (in my case) it may not be my cup of tea... :doubt:

    Happy new year!
    Wendi
     
  8. pegr

    pegr Registered Member

    Joined:
    Apr 8, 2008
    Posts:
    2,280
    Location:
    UK
    You're welcome Wendi.

    Happy new year to you too! :)
    pegr
     
  9. Crane_Mann

    Crane_Mann Registered Member

    Joined:
    Apr 2, 2009
    Posts:
    46
    Location:
    United States
    Well crap... I've been using SD for a very long time and ALWAYS run in SD mode. So, CRAP, I've been wasting my time with the defrag...

    Explain to me tho, when I reboot whether still in SD mode or out, don't I get the original clean copy... I've installed software and rather than uninstall after testing, I just reboot and it's gone... are you saying (some software require a reboot to finish installing) there is a way to continure while in SD mode without exiting SD mode?
     
  10. pegr

    pegr Registered Member

    Joined:
    Apr 8, 2008
    Posts:
    2,280
    Location:
    UK
    You can optionally set SD to reboot automatically into Shadow Mode but you get a new virtual session each time, not a continuation of the previous virtual session. All changes from the previous virtual session are lost on reboot so there is no way of using SD to test software that requires a reboot.
     
  11. sdmod

    sdmod Shadow Defender Expert

    Joined:
    Oct 28, 2010
    Posts:
    1,160
    Regarding defrag, I think Tony told me that you can defrag with Shadow Defender on your system (and I do regularly using voptXP) but not when you are in Shadow Mode.
     
  12. Crane_Mann

    Crane_Mann Registered Member

    Joined:
    Apr 2, 2009
    Posts:
    46
    Location:
    United States
    After reading this thread, I found the hidden file in the root of C:

    So, assuming, defrag won't/can't move certain files anyway and that file gets created/deleted at boot time anyway - I'm assuming defrag does work in/out shadow mode.

    I might be a bit of trouble now tho. I want to try CTM, but, I would have to uninstall SD. I cannot find my original install or my reg code. Is there any way to get it from SD? Like I said, I have not un-installed it yet.
     
  13. ichito

    ichito Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    1,997
    Location:
    Poland - Cracow
    If SD is still correctly installed you can find reg-key in file "user.dat" in folder of SD...in third line
     
  14. Crane_Mann

    Crane_Mann Registered Member

    Joined:
    Apr 2, 2009
    Posts:
    46
    Location:
    United States
    Thank you!

    But I found my original install with the email with the reg code. Still tho, thank you for the quick reply/aid!

    Another problem, (while attempting to install CTM) it says file system is not supported and lists NTFS, which is what I have. I've already posted on Commando's forum for help.

    What I don't like, about CMT is
    1) the need NOT to defrag and
    2) to have "exclusive control over reads and writes" and wonder does SD REALLY play together nicely, dispite what someone posted here...o_O
     
  15. Kid Shamrock

    Kid Shamrock Registered Member

    Joined:
    Apr 3, 2007
    Posts:
    229
    CTM is no longer being actively developed and is still buggy, so be careful if you install it. Several members here have had their systems rendered unbootable. Make sure you have a good system image available just in case.
     
  16. Crane_Mann

    Crane_Mann Registered Member

    Joined:
    Apr 2, 2009
    Posts:
    46
    Location:
    United States
    I used Acronis True Image Creator (2009), which too had to be deactivated before installing CTM. So I got CTM and Shadow installed and working. So far, 3 machines all with good luck so far.

    Thanks for the heads up on this...
     
  17. Wendi

    Wendi Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    643
    Location:
    USA
    What's the point in having both CTM and SD running at the same time? ... and which one did you install first?

    Thanks,
    Wendi
     
  18. Crane_Mann

    Crane_Mann Registered Member

    Joined:
    Apr 2, 2009
    Posts:
    46
    Location:
    United States

    Well, for me, I'm a loyal fan of Shadow Defender. The only thing missing from it was the ability to roll back to an earlier time.

    If I had install a program that required a reboot and it turned out to be a bad program, then it had defeated Shadow Defender because of MY STUPIDITY.

    With CTM, I can roll back to an earlier time - before my "mistake".

    Why bother with CTM vs a backup? Both do the same thing. A Backup takes a long time. Not very convient. I've already noticed CTM is very fast.

    What about system restore? So many times, system restore proceds to the final step and then has an error. So many of us can't count on that.

    What's left?
     
  19. Wendi

    Wendi Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    643
    Location:
    USA
    Sorry, but that doesn't make much sense to me because... if you install a program requiring a reboot (to complete the installation) while in shadow mode, the reboot will remove that install. If you bypass shadow mode in order to install the program and you wind up with a malware infection you can't really count on CTM to bail you out. This test (and a few others) demonstrated that rolling back to a prior snapshot with CTM will not remove a SafeSys/TDSS exploit infection, and that only SD (of the tested programs) was able to do that. So from a security standpoint I wouldn't trust CTM to backup SD (in the event any malware bypassed SD). Besides that, CTM itself may prove to be a disaster waiting to happen!!! :doubt:

    Wendi
     
    Last edited: Jan 10, 2012
  20. pegr

    pegr Registered Member

    Joined:
    Apr 8, 2008
    Posts:
    2,280
    Location:
    UK
    I agree with this. AFAIK CTM uses disk sector mapping for its snapshots, which is not an entirely safe reliable technology from either a security or a backup perspective. Personally, I prefer to rely on imaging software for backups; and either imaging software or a VM for testing software that requires a reboot. CTM snapshots might be fast to make and restore but I prefer reliability over speed.
     
  21. Wendi

    Wendi Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    643
    Location:
    USA
    Thanks for the confirmation pegr; I am learning (thanks to contributors like you)! ;)

    Wendi
     
  22. Crane_Mann

    Crane_Mann Registered Member

    Joined:
    Apr 2, 2009
    Posts:
    46
    Location:
    United States
    Oh crap - I did NOT know that... So the only real safe way to ensure protection is backups?

    Is http://www.virtualbox.org/ with my current OS any kind of protection?
     
  23. The Shadow

    The Shadow Registered Member

    Joined:
    Jan 24, 2012
    Posts:
    814
    Location:
    USA
    Hello everyone,

    As a relatively new SD user I have two questions about its use and one question about relying on it exclusively while surfing the net.

    1. Is there a shortcut method to enter Shadow Mode or is the only way by opening SD and clicking on the Mode Setting button?

    2. I can't seem to exit Shadow Mode without restarting or shutting-down. When I attempt to exit SM via the Mode Setting button I always get a message to the effect that SM can't be exited without a reboot/shutdown because of files that are in use. I would like to exit SM without rebooting - how can I do that?

    3. I'm relying solely on SD's Shadow Mode for protection while surfing the net, although I do run an on-demand MBAM scan at the end of each day and I also make weekly image backups. Am I kidding myself into thinking that's good enough? If SD is not sufficient, what additional security program would you suggest (that wouldn't wind-up being a drag on my netbook)?

    TIA.
     
  24. Wendi

    Wendi Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    643
    Location:
    USA
    Hello and welcome to Wilders!

    I too am a new SD user so I'm afraid I have no answers to your first two questions (fwiw I also encounter the same issue you mentioned in your 2nd question).

    Re your 3rd question, I am also using a (somewhat underpowered) netbook. While I don't really know whether or not Shadow Mode (in itself) provides sufficient protection while surfing the internet, in addition to SD I use (and you may want to look into) Panda Cloud AV, which truly is 'light as a feather'.

    I'm sure that more experienced SD users will come along and provide knowlegeable answers to your concerns.

    Wendi
     
    Last edited: Jan 24, 2012
  25. Scott W

    Scott W Registered Member

    Joined:
    Sep 21, 2008
    Posts:
    659
    Location:
    USA
    I used SD for about a year and while I loved the program I stopped using it when it was abandoned by its developer. I keep checking back here hoping to learn that mystery has been solved, but alas not so far. :doubt:

    That said, based on my experience with SD I would reply to your questions as follows:

    1. There is no shortcut to enter shadow mode. The way you are doing it is the only way that I know of (other than selecting to reboot into shadow mode).

    2. I don't believe you can exit shadow mode without rebooting (or shutting down). Admittedly, SD's mode settings does give the impression it is doable (that sure would be a cool feature!), but as much as I tried I never was able do that.

    3. Assuming you don't make a habit of visiting risky websites (porn, warez, etc.), I think your current security setup is good enough. But I do think Wendi's suggestion is worth considering - after all, Panda Cloud AV is free, very light on resources, and provides an additional layer of protection!

    Scott
     
    Last edited: Jan 24, 2012
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.