The unofficial Shadow Defender Support Thread.

Here is an update from Tony (nb Tony has given me permission to post contents of emails)

Please read from bottom to top

..........................................................

support@shadowdefender.com

To Patrick

Hi Patrick,

The driver 355 used doesn't change more. I don't think 325 is stable
than 355.
I noticed there are some delay when sygate saves its rules.
Maybe when entering shadow mode Syate happened to save its rules, so
the rules are partial saved into the original volume. this will lead to
the problem.
Also any program that saved files like sygate will lead to the same
problem.
To avoid this problem, all running programs should be closed before
entering shadow mode.

Best regards,
Tony

On 2013-01-11 20:02, Patrick wrote:
Hi Tony,
I think that we have a misunderstanding, I have never commited any
files of significance, even when testing...I think that this is not
really a firewall or a sygate issue, it's various softwares losing
their settings when 1.2.0.355 is installed and after having been in
shadow mode and out again into ordinary mode.
I think it is the kernel driver which is sometimes effecting the
ability of the other softwares to function correctly, maybe stopping
them from using certain resources, (maybe needed system files or
registry settings) and they revert back to default settings...like
before the user had configured them
The softwares that were effected have been configured for a long
time before installing 1.2.0.355 and have been on the system and in
use for years.
I don't think that settings are getting lost because the user doesn't
know how to commit....I think something is different in the Shadow
Defender 1.2.0.355 driver from the driver in 1.1.0.325
Shadow Defender 1.1.0.325 (32 bit version) has been the most stable
version up to now and didn't have these problems,
although some earlier versions of Shadow Defender had these
problems.

These problems do not occur on every boot/re-boot

below is something that I found somewhere (It's not mine) but maybe
it sort of describes what I am trying to say

Forgive me if i'm misunderstanding...I'm not a programmer.

............................................................
"Should You Program in the Kernel?

If you are thinking of writing code for the kernel environment, think
carefully. Programming in the kernel can be a difficult and dangerous
task. And often there is a way to accomplish what you want to do
without touching the kernel.

Software that resides in the kernel tends to be expensive. Kernel
code is "wired" into physical memory and thus cannot be paged out by
the virtual memory system. As more code is put into the kernel, less
physical memory is available to user-space processes. Consequently,
paging activity will probably intensify, thereby degrading system
performance.

Kernel code is also inherently destabilizing, much more so than
application code. The kernel environment is a single process, and
this
means that there is no memory protection between your extension or
driver and anything else in the kernel. Access memory in the wrong
place and–boom– the entire system can grind to a halt, a victim of a
kernel panic. Moreover, because kernel code usually provides services
to numerous user-space clients, any inefficiencies in the code can be
propagated to those clients, thereby affecting the system globally.

Finally, kernel software is a real pain to write. There are
subtleties to grapple with unknown in the realm of application
development. And because the tools for kernel development are in an
early stage of maturity, bugs in kernel code are harder to find than
in user-space software.

With all this in mind, the message is clear. It is in everyone's best
interest to put as little code as possible into the kernel. And any
code that ends up in the kernel should be honed and rigorously
tested."
...........................................................

best wishes

Patrick

Date: Fri, 11 Jan 2013 02:34:30 +0000
From: support@shadowdefender.com
To: patrick
Subject: RE: Well done

Hi Patrick,

Thanks for your feedback.
I have done a lot of tests and can't reproduce the problem.
The rules file of Sygate are all in Sygate installation
folder(*.dat,
*.dat.bak).
Did you commit those files?
or could you tell me which files were committed when you tested SD?
Thanks.

Best regards,
Tony

On 2013-01-10 07:17, Patrick wrote:
Hi Tony,
No, I don't think that is the problem that I was having or others
are having.
It is apps that have been configured for a long time revert to
default setting. Not all the apps and not all the time or every
time
you come out of Shadow Mode.
For example I may have set avg anti-virus six months ago to not
connect out or Sandboxie or Admuncher to act in a particular way
and
then just suddenly when I come out of Shadow Mode and re-boot into
normal mode the software settings are changed to default settings
for
those apps.
When I first noticed this happening years ago with Nero, it would
lose it's registration and I would have to re-register.
I think the Shadow Defender kernel driver is conflicting or
overrulling some of the other apps drivers status to keep their
own
settings.

https://www.wilderssecurity.com/showthread.php?t=293075&page=75

best wishes

Patrick

Date: Thu, 10 Jan 2013 02:49:00 +0000
From: support@shadowdefender.com
To: patrick
Subject: RE: Well done

Hi Patrick,

After a lot of tests, i have reproduced this problem.
Here is my test steps:
1, run internet explorer.
2, sygate popuped up a query dialog.
3, make 'Remember my answer...' option checked and click Yes.
4, enter shadow mode.
5, reboot.
6, run internet explorer.
then the query dialog popuped up again.

After some research, i found why this happened.
When i checked 'Remember my answer...' option, sygate didn't
write
my
choice into its rule file immediately. if enter shadow mode
meanwhile,
my choice will be lost.
but if i close sygate to force sygate to write my choice into its
rule
file. after that enter shadow mode, my choice will not be lost.

This is why when entering shadow mode SD shows a confirm dialog
'Please
save your documents before enter shadow mode...'.

I also noticed in wilderssecurity forum, someone had problem with
Chrome.
I will test it later.

Best regars,
Tony


On 2013-01-09 15:57, Patrick wrote:
Hi Tony,
Some more people are having the same problem that I described
losing
settings to firewalls etc
https://www.wilderssecurity.com/showthread.php?t=293075&page=75

best wishes

Patrick

Date: Tue, 8 Jan 2013 02:51:26 +0000
From: support@shadowdefender.com
To: patrick
Subject: RE: Well done

Hi Patrick,

Thanks for your informations.

Best regards,
Tony

On 2013-01-07 10:20, Patrick wrote:
Hi Tony,
My OS is Windows XP sp3 fat32

After I had lost the dcom settings using 1.2.0.335 I
reinstalled
1.1.0.325 and reset my dcom settings
and so today I uninstalled 1.1.0.325

then I defragged the drive as you asked

then I installed 1.2.0.335 again to test

and this time the problem has not happened

I will keep 1.2.0.335 on my system and see if anything bad
happens
If it does, I will let you know.

best wishes

Patrick

Date: Mon, 7 Jan 2013 07:33:53 +0000
From: support@shadowdefender.com
To: patrick
Subject: RE: Well done

Hi Patrick,

Thanks for your informations.
Could you mind to defrag your system drive before enter
Shadow Mode and have a test again?
and please tell me which OS you use, Win 7 or Win XP, 32
bit or 64 bit.
Thanks.

Best regards,
Tony

On 2013-01-07 03:52, Patrick wrote:
Hi Tony,
No I didn't add any software to the exclusion list
I have never used exclusion list on any of the versions
of Shadow Defender that I have used. I just commit files through
windows explorer right click.
All I did was start the new Shadow Defender in Shadow
mode..moved a couple of ordinary text files about just to test it and
then re-booted into ordinary mode and that's when the firewall came
up..the programs trying to connect out to dcom

I don't know if you remember this also happened a few
versions back?,
quite a long time ago...things like Nero losing it's
registration, AVG losing it's settings, Sygate.... always apps with kernel
level type
drivers I think

It's not that I am updating the antivirus, Sandboxie or
Admuncher
definitions during a Shadowed session
It is just that ordinary settings are being overridden
not any sort of updating.
I always update outside Shadow Mode.

One other person posted to Wilders with the similar
problem in the new version
I'm still waiting for others to post

It seems like the softwares (anti virus, admuncher,
Sandboxie) driver
is being overruled or the registry settings of the
programs are being disturbed....I've been running 1.1.0.325 with these
programs for ages with no problems.


https://www.wilderssecurity.com/showthread.php?t=293075&page=73

best wishes

Patrick

Date: Mon, 7 Jan 2013 01:31:01 +0000
From: support@shadowdefender.com
To: patrick
Subject: RE: Well done

Hi Patrick,

Thanks for your feedback.
Did you add any folders into Exclusion List?
Are those softwares OK if you disable Exclusion List?

Best regards,
Tony

On 2013-01-06 14:20, Patrick wrote:
Tony,
I think that there might be a problems with the new
version
1.2.0.335 which are the same as a problems that
occurred in earlier versions of Shadow Defender. I think it is some kind
of kernel driver conflict.
I am not a programmer so I can't express myself very
well. I noticed the problem today after being in Shadow Mode
and re-booting into normal that my dcom settings were lost and two
programs wanted to connect Sandboxie and Admuncher.
I have only been in Shadow Mode once since I installed
the new version
I usually have port 135 turned off

In the past with earlier versions of Shadow Defender
the programs that I had the problem with were Nero, AVG antivirus
and others which would go back to default settings as if they had not
been configured by firewall or from within the program etc.

In the past when this has happened it is always after
I have done a fresh install of Shadow Defender...gone into Shadow
Mode...come out into ordinary mode..this is when the changes to my
configuration of these programs and settings occurs.

I hope that this had been helpful in some way

best wishes

Patrick

Please don't do anything until I have asked the other
members at Wilders if they are experiencing the same problem

Date: Sun, 6 Jan 2013 01:32:01 +0000
From: support@shadowdefender.com
To: patrick
Subject: Re: Well done

Hi Patrick,

Thanks.

Best regards,
Tony

On 2013-01-05 15:22, Patrick wrote:
Hi Tony,
Just a quick line to say "Well done" for the new
version 1.2.0.335

best wishes

Patrick

 

Hi am using SD for the first time in windows 7 64 bit system. Its working fine. The only problem I am having is updates of my antivirus software and bookmarks in browsers are gone when I restart my computer. I am using shadow defender with appguard and MSE. I also have AdMuncher. Though appguard does not need to update, MSE and Admuncher updates their database regularly but they are gone with a reboot. Also bookmarks in firefox and google chrome are deleted with a reboot. How do you guys configure shadow defender to keep updates and bookmarks of these programs stated above.

 

1.1.0.325 is the only version I've used... and it works like a charm. I quite simply have no reason to fix what isn't broken. And after reading some of these accounts... it only strengthens my position.

 

Do you mean "changes" in bookmarks, done while the virtual mode is enabled?

I have been using 1.2.0.355 since it became available, no problems at all with bookmarks in IE10 or Firefox (I don´t use SSD).

 

That's been my take as well (though I'm only an occasional user of SD).

(Of course, as I recall, we both run XP. It might be a different story for other OS's or those with SSD's.)

 

Robin,

Re the above, is that the x86 or x64 version of SD .355? Also, are you running IE10 with Win7 or Win8?

TS

 

Same here Cruise, in every respect.

TS

 

It´s SD x64 version, IE10 with Windows 7. Also Firefox stable.

 

Robin, I would like to upgrade IE9 to IE10 on W7x64, so any advice (as well as your experience after doing so) would be most appreciated. I realize that this is OT (and I apologize for that) so please PM me.

TS

 

There are several threads about IE10:

https://www.wilderssecurity.com/showthread.php?t=335884&highlight=IE10
https://www.wilderssecurity.com/showthread.php?t=338315&highlight=protected mode

 

I can help you with bookmarks for Firefox and (possibly) Admuncher.

For Firefox bookmarks to remain after reboot, you need to exclude places.sqlite in SD settings. In W7, it is located in the Firefox profile folder. You find that folder in:

App Data>Roaming>Mozilla>Firefox>Profiles.

I havent used Admuncher, if it is a Addon, exclude prefs, also located in your Firefox profile folders. Many Addons keep their settings in that file. Or find the file where Admuncher stores its updates and exclude it.

Bo

 

For AdMuncher see this POST.

 

Hey Robin, I really need to apologize for not only going OT but also for not remembering that 2nd thread (which I started).

I really need to do something about my failing memory (brain cells)!

TS

 

When I opened Nero today, it reported that the configuration had changed to the default and offered to correct this using a backup. I accepted, the burning finished without problems. I don´t remember having seen this warning before.

I post this because Nero was mentioned in several posts above as one of the programs whose configuration could be changed after reboot.

I use SD 1.2.0.355 x64.

 

Yes Robin, this is the sort of problem that I am talking about.
This problem goes back a long way...quite a few versions back but I'ver never found it happening in 1.1.0.325.
When the new version 1.2.0.355 was released I immediately tried it and after coming out of Shadow Mode some of my settings were changed which affected Sandboxie, Admuncher and DCOM.
I reported it to Tony and the Wilders forum and went back a clean install of 1.1.0.325 and reset my settings.
I then didn't have any problem until Tony asked me to check a few things on 1.2.0.355 so I did a fresh install and
almost immediately again after coming out of Shadow Mode the same thing happened again...my dcom settings were changed. Tony thinks that this a firewall or other software not managing to save it's own settings before going into Shadow Mode...I don't think it is just that because 1.1.0.325 has always worked perfectly well with the same softwares for years.
I'm still of the opinion that this is a kernel driver issue...but Tony says that there hasn't been a change in the driver between the two versions....but...there must be some difference between the versions that is causing this. I was hoping that a lot of people would post and that then we might be able to get a handle on the problem.
With so many users having different operating systems and fat ntfs 64 bit 323 bit etc and different softwares and configurations as well as different security apps that run at kernel level it's hard to get a consistant helpful picture.
Also this problem doen't occur all the time just at certain times which makes me think that it is a kernel driver either causing a conflict or instability over a whole disparate raft of software which it is influencing, the driver being at a similar or deeper level.
I don't know of kernel drivers can effect OS system files? Maybe these programs are being deprived of something that they need to run correctly, either in the registry or files that they depend upon to function fully.

These are my thoughts on the matter and I'd be interested to hear other members views.
I've described it as best as I can to Tony and can't do much more really.

best wishes

Patrick (sdmod)

 

I use SSD with trim ,so .325 does not work for me. I tried .346 on Win 8 x64 it did work for me. I put ShadowDefender on Enable at boot, everything works fine even after multiple boots no settings are changed in either Outpost Firewall or Admuncher , as soon as disable ShadowDefender and restart to install a software, on the very first restart disaster... it deletes all settings of Admuncher even the registration! and for outpost it deletes my custom config and reverts back to default,so each time I have to disable ShadowDefender and enter normal mode all settings disappear.Same happens with version .355. Both on Windows 8 x64.
I also tried the On Demand mode to see if that makes any difference it does not.
I also tried adding the program data folder of Admuncher where it stores all the config to the exception list and also of Outpost but that did not help as well,settings were still lost on disabling ShadowDefender and restarting the PC.
Hope this helps and perhaps tony can replicate this.

 

Are you using RAM or disk caching?

 

tried both, still the same.

 

Well today I experienced SD's 'disappearing act' for the first time, and this episode is really puzzling (and frightening)!

My pop3 email client is MS Outlook and while the program is on my C-partition my Outlook data files actually reside on my E-partition. I always enable Shadow Mode just on my C-partition and I'm positive that today was no exception. While in Shadow Mode I sent and received a number of emails using Outlook. Sometime later I restarted my laptop in order to install some updates and then I opened Outlook to see if I had received a reply to one of the messages which I sent earlier (while in Shadow Mode). Imagine my shock when I couldn't find any of the emails that I sent/received while in Shadow Mode earlier today!

As my emails are written to a folder on E:, I don't understand how that could possibly happen.

My Configuration:
Core i7 Quad, 8GB RAM
Windows 7 x64
SD .346 x64, 2GB RAM Buffer

TS

 

Hello,

I was one of the first ones to see this. With my system it happens too often with a total randomness as to what app will have its settings reset to default. This has happened with apps and their settings that I had on my system well before I installed SD. I know in my case at least that Tony's theory of it happening with apps that delay saving their settings and/or rules until a later time (not when settings are actually changed) is not the case. I have seen settings for an app that had the same settings for months before SD was installed. These settings were not changed in any way by me, just out of the blue went back to their defaults. I mean it happens to apps where settings have not changed in months, even years. For me this problem is too serious and too random, so for the time being until this can be resolved, I have removed SD. I had started to think this may be OS specific, but I have now seen others with different OS's than me (Win 8 Pro x64) have the same issues. Hopefully enough are now having this problem where Tony will realize his theory is no longer viable and he can find and fix this bug.

 

Same random issue for me with EAM:

- using shadow mode at every boot
- multiple shadow mode sessions with EAM updating itself properly
- out of the blue, after i boot or quitting shadow mode, EAM is reset and not loads at startup, it must be load manually as if i just installed it (launching the first use wizard, asking my license, etc...)

weird, now i use SD on-demand.

 

I tried to send Tony email a number of times this morning saying
"Hi Tony,
More people are experiencing the problem
https://www.wilderssecurity.com/showthread.php?t=293075&page=76

In version 1.1.0.325 this does not happen.

best wishes

Patrick"

but kept getting
...........
This is an automatically generated Delivery Status Notification.

Delivery to the following recipients failed.

support@shadowdefender.com
.......................

I'll try again later

 

Wow, you guys have scared me enough, that i won't use this version until Tony clears the situation. I m glad i only used it once and nothing evil happened to my installation, but i m not risking it anymore.

Good job guin...eerrr...guys!

 

Update, email eventually "went"

Tony's reply

Hi Patrick,

Thanks for your informations.
I will continue to research this problem.

Best regards,
Tony

 

Please excuse this elementary question...but is there a commonality to where the settings of these affected programs are stored. Are they stored in the "registry", or in an .ini file within the program's installed folder?

Say, all the affected programs have their settings stored within the program's folder in C drive....or say the settings are stored "externally" in the Registry...does this mean something? Is the program suddenly faced with a "wrong" time stamp and self protects itself with a return to default values?

Also, what changed between the "old" bug version and the next version without the bug?

Assuming that it is true that Tony has developed his own file system to hold the "image", was this "file system" adjusted to work with SSD's, but is somehow incompatible with Windows file systems reading the .ini file to enable the programs to read their configurations...and so they revert to default values?


I think it's pretty plain to everyone I have no idea what I'm talking about...I'm just firing off bullets that may / may not hit a target.



- cheers,
feandur