The unofficial Shadow Defender Support Thread.

I agree, a great post by pegr.

And I just wanted to say thank you to CyberMan969 also for his very interesting and useful posting # 924: https://www.wilderssecurity.com/showpost.php?p=2067514&postcount=924

It is like a guide for obtaining maximum security on your computer when using Shadow Defender.

 

Thanks mate!

 

Excellent POST!

Well done!

Best regards,

KOR!

 

Thanks guys, I have to say that this forum is the perfect place to learn new things about security, a lot of useful stuff to tap into. And no big heads, even when disagreements happen it is always done as a proper civilized debate. Not all forums can claim that.

 

Hi pegr,

That would be a very good idea - if it worked - it doesn't (for me)...

Whenever I put my D-partition into Shadow Mode, SD will not allow me to exit D's SM without restarting or shutting-down!

TS

 

Shadow, have you moved your user folders to d: by any chance? This would explain your symptoms.

 

I'd be interested in the outcome to this because (as I understood it) you could leave the shadow mode drive/partition "on the fly" without reboot if it wasn't the system one.

 

Bingo! - that must be the reason - but I believe moving user folder to D: is the smart thing to do!

 

Me too, I always do it. One of the benefits is that I don't have to commit Favorites, Downloads etc when C: is in Shadow Mode. Best to schedule the User Folders disk/partition to be Shadow Moded along with C: upon reboot, to avoid the open files warning.

 

Right, but I just put C: in shadow mode. That along with my other security programs (in my sig) are protecting me just fine!

 

Anyone else has the same problem? Got this BSOD on Windows 7 HP SP1 while watching a movie and Shadow Defender was not in use (just in system tray). No antivirus, just Emsisoft Mamutu running all the time.

 

When I place C: into Shadow Mode I have no problems.

But when I try to place E: and G: into Shadow Mode I get this message:

http://i48.tinypic.com/2zfpyxi.jpg

E: is called HP TOOLS and when I bought the HP Laptop it was there. By pressing F2 at boot it takes me to a system, hard drive and memory check etc.

And G: just contains Macrium "Image Protector" that I created for Macrium bootmenu and G: contains my PROGRAM FILES folder where I install programs to.

So what can I do to protect E: and G: ?

It says some files are in use and should be closed, but I don't see any open files at all. If I press OK, what will SD do? Will SD close whatever is open for me, or will it just continue and leave some files open and place my E: and G: at risk of infection and not being completely protected by Shadow Mode?

 

I just followed these instructions:

http://www.terabyteunlimited.com/kb/article.php?id=409

And YES, pressing F8 works and takes me into a repair screen. But at first I didn't think it works because you have to time the pressing F8 just right, so I instead just kept my finger on F8 the whole time the Laptop was rebooting and it worked

 

Hi TheMozart

All you need to do is exclude the file places.sqlite

Important Firefox data and their files:-



Bookmarks and Browsing History.

>places.sqlite<

This file contains all your Firefox bookmarks and the list of websites you have previously visited.


Saved passwords.

>key3.db<
>signons.sqlite<

Your passwords are stored in two different files, both of which are required:

This file stores your key database for your passwords.

To transfer saved passwords, you must copy this file along with the following file.


Site-specific preferences.

>permissions.sqlite<

This file stores many of your Firefox permissions that are decided on a per-site basis. For example, it stores which sites are allowed to, or blocked from setting cookies, installing extensions, showing images, displaying popups, etc.


Cookies.

>cookies.sqlite<

Cookies are used by websites for a variety of reasons, some of which include keeping you logged into a website you have previously logged into, remembering any preferences a website has allowed you to set, authenticating you as a person who has visited a specific website before, etc.


Take Care
TheQuest

 

I cannot find any file called places.sqlite. I think that may be due to me using Portableapps Firefox.

But it doesn't matter anymore anyway, I deleted that SBIE crap and using SD now

 

Hi TheMozart

It is in >AppData folder< which is a Hidden folder.

>C:\Users\yourusername\AppData\Roaming\Mozilla\Firefox\Profiles\>somename.default.

OR, in your case I think it would be somewhere in >FirefoxPortable\Data\profile directory.

Take Care
TheQuest

 

Ok thank you

 

Hi TheMozart

You're welcome.

Take Care
TheQuest

 

The link you provided is a very good guide Mozart.

Regarding the F8 Repair option it looks like I'm mistaken after all. I have tried in the past after removing the hidden partition, and when I pressed F8 I had no option to repair the computer. Maybe I overlooked something. In any case, I stand corrected.

 

Pressing F8 didn't work for me either Cyberman. I had to keep my finger on F8 all the time as my laptop was rebooting, and then it worked.

 

File and folders from those two partitions are in use by Windows that's why you're getting that message. Try scheduling SD prtection to auto-start with all those partitions, then reboot. It should work.

 

Thank you CB, but I have removed SD and began using the latest version of BufferZone PRO, which I love as I don't need to reboot the PC after closing down BZPRO or after cleaning out the BZ. But with SD I need to reboot which is annoying and also SD isn't worked on anymore and apparently the website has been hacked as well I heard. Very suspicious and too risky to even use the older versions.

CB, have you tried BZPRO?

 

As I mentioned before there are malware that add their own Favorites entries, or infect your user files. If your user folders reside on another partition/disk then SD will not protect them even with C: being on Shadow Mode. To be sure just schedule SD protection for both partitions to autostart, then reboot before going to any suspicious sites. Of course you most probably won't need to do this if you use Sandboxie on your browser, and if you are also sandboxing all suspicious programs.

For me the great thing about Sandboxie vs dodgy executables is that you can run the program safely, then browse the sandbox folder and see what the executable would have added to your system if it was to run normally.

 

Bufferzone does not protect the whole partition from changes, it just sandboxes your browsers, instant messangers etc. I've tried it a year ago but with both SD and Sanboxie on my system there was need for Buffezone.

I stuck with SD because it is still the only one that can still fully undo TDSS attacks, and all that in a lightweight small program. This is amazing, especially when we consider that it hasn't been updated for last two years - a testament to Tony's coding skills. To tell you the truth Mozart, I wouldn't feel safer with anything else.

Sandboxie can do all that Bufferzone Pro does and much more, it can sandbox ALL programs for testing purposes and you can see what would have been added to your system. These are features that are too good not to use, and Sandboxie also doesn't stop working after its trial license expires, it carries on as normal with just a brief nag screen.

To me Bufferzone Pro would be ideal for novice Windows users who would want automatic web-based protection without any confusing terminology and configuration getting in the way. For such a user Bufferzone Pro would be the better choice, I have installed it on the PCs of my two young nephews, they can then get on with their online browser games without much worry. Sandboxie on the other hand is the better choice for users who want to safely test-drive a program; you can actually see what it does to your system when it runs.

Regarding SD, I understand why people are worried about the controversy regarding Tony's disappearance, I was worried too when I first heard about it. But after following the story closely here at Wilder's, I decided to stick with my good old v1.1.0.325. Some members have provided good reliable links for that version, files that were released when Tony was still around.

Regarding buying a license, people don't have to worry about buying directly from the SD site. The following PC World link allows users to safely buy a license through a Digital River affiliate:

http://www.pcworld.com/downloads/file/fid,94761-order,4/description.html

Click the Buy Full Version button and you'll be re-directed to the DR affiliate site.