The unofficial Shadow Defender Support Thread.

I use Shadow Defender (long time). First, the only exit to shadow mode is re-boot.

The other thing - SD will protect your system. Well, not exactly. While IT WILL put your system back to pre shadow mode - should you get a virus, the virus will do what ever it was designed to do until/unless a) you reboot, b) have an antivirus to stop it.

Once you re-boot, the virus will be gone.

If you don't reboot, for example, it (virus) could possibly "call home" with your personal info, passwords, etc

All SD does is protect your system. If my grand kids come in and mess up my computer, all I have to do is re-boot and everything they did will be un-done.

Someone mentioned Winsonar. I'm trying it now. You need added protection, let us know what other protection you are considering, I would be interested.

 

Virtualization on its own is not enough for the reasons that Crane_Mann stated. It's always best to try and prevent malware from running in the first place, and for this you need a layered approach. You could try adding an AV - Panda Cloud for example would be an excellent choice, as Wendi suggested.

You could also consider adding policy restriction, HIPS, or anti-executable software. This provides stronger protection than an AV because it operates on a default deny basis, whereas AV works operates on a default allow basis which is not as secure.

You can of course combine any or all of these approaches. It's a matter of personal choice and finding what works well on your system.

 

I don't know shortcut to do this but...you can always schedule entering into SM and make it as the rule (both from Normal and Shadow Mode)
- enter into "Mode Settings"
- fix ON disk that you need - by this way you activate "Schedule" button
- click the "Schedule" button and choose "Enter Shadow Mode on Boot"
- the mode will be changed in column "Schedule"...and that's all

I know only one program that can do this...Wondershare Time Freeze.

BTW...if you are in Shadow Mode and you need save all changes on disk (not only files/folders added in panel "Commit Now") fix ON disk that you need in "Mode Settings" and click the button "Exit Shadow Mode" (not "Exit All Shadow Mode") and then choose option "Commit all changes"

 

Thanks to all for your replies to my questions and for your suggestions for additional protection. I was so enamoured with SD's simplicity and effectiveness in removing malware upon rebooting that I overlooked the potential harm that could result just from malware/spyware running inside Shadow Mode!

I have since installed the Panda Cloud v1.9.1 beta which, other than the firewall bug reported by pegr elsewhere, is working well with SD. I'm also thinking about adding DefenseWall, but have not yet tried it with SD - anyone running that combo?

 

DefenseWall 3.17 + Shadow Defender 1.1.0.325 running fine for some time here on Xp home SP3 32bit.
A fantastic combo IMO. (No AV running in realtime)
Keep in mind that DefenseWall only works with 32bit systems. No 64bit yet.

 

LW, thanks for the endorsement. As I'm still running on 32-bit Windows I'll give it a go. It's interesting that with this combo you don't need a real-time AV. I guess the theory is that if you get infected while in shadow mode DW will keep the nasty from doing any harm and then when you reboot SD throws the nasty away!

 

I have never heard of or encountered myself anything out there that has bypassed DW or SD (Malware,POC or test) so a realtime AV seams to to be a waste of resources as far as I'm concerned.
Now something on demand is still a good idea IMO, for downloads, an occasional scan and such.

 

LW, which version of DW are you running - the Personal Firewall (with HIPS) or just the HIPS?

 

Firewall + HIPS

 

I'm running AppGuard in conjunction with Shadow Defender but DefenseWall should work just as well. When using lightweight virtualization combined with policy restriction, I agree that it isn't necessary to also run a real-time AV unless you choose to.

 

I've been using SD for about a month now and it has exceeded my expectations. However, after running in Shadow Mode for a several hours yesterday I restarted my system in order to install a few updates. My netbook booted-up without incident and my usual desktop appeared - but it was not responding - the mouse (touchpad) arrow moved very very sluggishly and nothing I clicked-on would open including my Start menu! Ctrl-Alt-Del would not even work!

My only recourse was to power-down, followed by a cold-boot. Windows recognized that it did not shutdown normally and ran a check-disk which found and corrected a few errors. The system completed its bootup, presented the desktop and all was well.

Since I never encountered a system lockup like that before, I'm wondering if it could be related to SD.

Wendi

 

I assume you are still running the Panda Cloud 1.9.1 beta, in which case it's likely that the combination of SD and PCAV caused this. I experienced similar system lockups when testing the PCAV beta in conjunction with SD, as I've said previously. Either program is fine on it's own but they don't always play nicely together.

One thing you could try is to uninstall the PCAV beta, install PCAV 1.5.1 and see if a similar problem occurs. PCAV 1.5.1 is more stable with SD than the beta so you are less likely to run into problems. It's likely that the firewall component in the PCAV beta is responsible for the conflicts. Panda are already aware that the firewall has some issues with SD so hopefully the problems will be resolved before the PCAV beta goes final.

 

Hi pegr,

That does make sense. I'll definitely do as you suggest - uninstall the PC 1.9.1 beta and install PCAV 1.5.1 in it's place (should I just use Windows' FW?) - I sure don't need any more system-lockup issues!

Thanks,
Wendi

 

Panda + Windows firewall + SD = Happy face on Wendi,I'll bet on it!

 

Agreed.

 

Boost & pegr,

Ok, I hear you guys, but I can't help but notice GeSWall in Boost's signature and Comodo FW in pegr's signature. Is this a case of "do as I say and not as I do"?

Wendi

 

You'll find alotta different combos on this forum,only advice I can give is,stick with what works for you.

 

Either that or you can switch security like some people change socks.

 

Hi Wendi,

What Boost said about sticking with what works for you is good advice.

Comodo Firewall and PCAV work well together on some systems but not on mine, which is why I don't currently use PCAV 1.5.1 and why I don't suggest the combination to others. Comodo software is on the list of known conflicts with Panda Cloud; see here: http://wiki.cloudantivirus.com/index.php/Known_conflicts

As you like Panda Cloud, I suggested you could try PCAV 1.5.1 instead of the beta. You then asked whether you should just use it with the Windows firewall as you didn't want to risk any more system-lockup issues, so I responded to you on that basis. If your main priority is to avoid risk, turning on the Windows firewall is always a safe option; but as soon as you install a third-party firewall there is always the possibility for conflict. If you want a firewall with outbound control, you will have to experiment to find a combination that works for you.

Regards
pegr

 

I have SD 1.1.0.325 ( 4.65.0.0 Copyright (c) 1999-2009 Igor Pavlov ) installation file. It's working fine for years in my XP 32 bit PC.
Can I use it for W7 64 bit ? I know that many 32 bit programs works in 64 bit. (Or this version that I got or bye bye to SD. )

 

There is a 64-bit version of SD v1.1.0.325 - unfortunately you can no longer download that version from the SD website, but check out post #418 of this thread ...and I'm pretty sure your 32-bit product key will work.

Scott

 

I was thinking about using Returnil, but have read some things about it possibly being vulnerable to TDL/TDSS. It sounds like Shadow Defender doesn't really have any vulnerabilities from what I've read, but it also sounds like it isn't really being maintained and might be vulnerable to newer attacks. So I'm looking for opinions about which is a better choice for a new Win 7 Home Premium deploy? Or is there another choice I'm not aware of? Is Returnil a good choice if I supplement it with something else? I plan to use Panda cloud free, Windows FW, Sandboxie and a few other programs on demand.

 

Hi lockitdown (I like your 'handle'),

Just a couple of months ago I pondered the very same thing. After running a few different LV trials I found SD just worked more smoothly than the others, so I bought it.

Who knows if SD will have vulnerabilities in the future? What is known is that it's the only LV that's been shown to be impenetrable by those rootkits! Btw, I run Panda Cloud AV along with SD as added security inside shadow mode. Together, they are very light on my netbook's limited system resources.

Wendi

 

Hi Wendi

Thanks for your reply. This was really one of those things where I was leaning towards SD but hoping for a little confirmation that it would a good decision. Glad to hear it should be, especially since it sounds like we run similar configs. Thanks again!

 

I'm glad that I could be of help. Admittedly, the mystery surrounding SD's developer had me concerned at first, but in the end I just couldn't ignore all of the favorable commentaries and test-results, not to mention the great user-support here on Wilders!

I very much doubt that you will be disappointed by going with SD.

Wendi