The unofficial Shadow Defender Support Thread.

Too long and not in English. What is the bottom line?

 

Hi Robin,

From what I can make out of it (and that's only by looking at the ending '4/5' presentation), it seems that one of the 'nasties' penetrated SD's virtualization and infected the system!

Cruise

 

Hi everybody...
- yes...test mentioned above is not in English...but I think you know that English is not only one language which is using
- this test is in Polish which is my own language
- yes...that test is the test SD versus 5 MBR infection
- yes...SD failed test with Backdoor Sinowal
- infection was detected inlocation DEVICE\HARDDISK0\DR0...and it was the reason of my thread on forum
https://www.wilderssecurity.com/showthread.php?p=2194884#post2194884

 

Hi ichito,

Please don't take offense by our language comments; it's just that since most of us are english-speaking members it is very difficult to follow a test conducted in another language. We do appreciate accurate interpretation - thank you!

Cruise

--------
PS. Would you know if any similar test has been conducted with any other light virtualization program (such as TTF) and whether or not any of them were able to reject the Backdoor Sinowal (after system restart)?

 

Malware resistance tests within a VM are not reliable IMO...

 

Curious, what OS, service pack, 64x or 32x which .370 failed 1 out of 5 in this test was run on?
Sorry only understand English here.
Also would be nice to see same test with various OS's and different version's of SD as I know this can make a difference on the results.

 

+1, and also on a real system, not within a VM

 

That also would be nice.

 

I have just sent info about the Sinowal backdoor to Tony. Hopefully he'll research it and maybe test SD with it on a real testbed.

 

Hi Cruise...
I know that and my answer was only a very small ironic joke ...and honestly I absolutely don't feel offended because of this So...back to meritum

There are two more known forums in my country where users test LV apps (BTW...some users are members of both forums and they do the tests of other kinds of security too) and not looking how is origin of tests I will try give few direct links in some order
Shadow Defender
-http://youtu.be/QFYHDMiot6U-
-http://www.youtube.com/watch?v=2-fghBsRSPA
-http://programyzadarmo.net.pl/forum/testy-wideo-programow-do-ochrony-komputera-programyzadarmo-f16/shadow-defender-konta-10-probek-z-o-liwego-oprogramowania-t9177.html
-http://programyzadarmo.net.pl/forum/testy-wideo-programow-do-ochrony-komputera-programyzadarmo-f16/shadow-defender-1-2-0-346-vs-10-malware-samples-test-t11214.html
Returnil System Safe
-http://youtu.be/dt3-y39FckA
Wondershare Time Freeze 2
-http://youtu.be/dI-MdSIUtiY
-http://vimeo.com/45335332
Toolwiz Time Freeze
-http://youtu.be/cz9Z8dcx-nw
-http://www.youtube.com/watch?v=OLh9UKmP2YE
-http://youtu.be/MCtHeirCk3E
Deep Freeze Standard
-http://programyzadarmo.net.pl/forum/testy-wideo-programow-do-ochrony-komputera-programyzadarmo-f16/deep-freeze-standard-7-60-20-4298-vs-5-mbr-vbr-rootkits-t12520.html

 

keep us updated , id like to hear what tony has to say as well

 

I just received a reply from him. Apparently he cannot access YouTube from China...

He has asked me for a sample and I have just sent him the most recent Sinowal sample I could find (from Contagio). I'll report any updates.

 

Hi ichito,

As Cruise has mentioned, it is very difficult for most of us English-speaking members to understand what's happening in those youtube tests. Since they are in your native language, would you be so kind as to provide us with a table (based on the above tests) comparing those LVs as to their ability to reject malware. That (and your interpretation) would be fantastic...

Thanks in advance,
Wendi

 

ichito,

I 2nd Wendi's request and imho that would be a terrific contribution.

Cruise

 

Just to let you guys know that in the above regard I have sent the following email to Tony:

 

Make that +3.

 

Cruise, I really like your '1-Click Shadow Mode’ suggestion - that would be very cool.

 

+1 guys. Also the ability to create SD desktop shortcuts for different volumes that will enable users to double-click and place the volumes in and out of Shadow Mode.

I mean functionality that is similar to the Sandboxie program shortcuts. With Sandboxie we can create program shortcuts with custom paths.

It would be nice to have something similar for SD to place drives in and out of shadow mode with a double-click, without opening the SD interface.

 

I suggested this to Tony several weeks ago and he said he'd consider it. Hopefully the more that people suggest it, the more likely he'll be to implement it.

 

Right, I'll send him a request for the 1-Click Shadow Mode option. It would be a cool enhancement so I hope others will also request it.

 

Hi CyberMan969

Would that not be a security risk? as it could be used by someone other then [the password holder of SD].

Take Care
TheQuest

 

For machines where kids or other users with limited User accounts would have access, I think that an SD password should always be applied. In such a case the SD volume shortcuts should only be available to full user or admin accounts, and also turned off by default. Admin users could enable them if they wish so but they would still appear for full accounts only. And even then, the shortcuts should be password-protected too.

For people who are the sole users of their machines a password is still the safer option in cases where the computer has been left on when your 6 year old nephew is in the house and he just has to watch Power Rangers online. Personally I would like to have volume shortcuts up there and just double-click them into/out off Shadow Mode, without a password prompt getting in my way every single time. I still appreciate the need for a password, especially when uninvited little users may be lurking around.

 

I wrote to Tony about the (from Windows Explorer) not being able to right click "commit" empty folder problem.

.......................
Hi Patrick,

I will fix it in the next version.
Thanks for your feedback.

Best regard,
Tony

On 2013-02-28 13:42, Patrick wrote:
> Hi Tony,
>
> Go into Shadow Mode
>
> make a new folder under c:
>
> call it ababab
>
> so it will be c:ababab
>
> right click the new folder ababab in Windows Explorer
>
> choose
>
> "commit to shadow mode"
>
> re-boot
>
> The folder is not there.
>
> tried in 1.1.0.325 and 1.2.0.370
>
> best wishes
>
> Patrick
>
>> Date: Thu, 28 Feb 2013 05:34:32 +0000
>> From: support@shadowdefender.com
>> To: me@xxxx.com
>> Subject: Re: re empty folders
>>
>> Hi Patrick,
>>
>> Yes, an empty folder can be committed.
>>
>> Best regards,
>> Tony
>>
>> On 2013-02-27 23:00, Patrick wrote:
>>> Sorry Tony, I just noticed that I _can_ commit empty sub folders ,
>>> maybe I was thinking about new single named folders that I made in
>>> Shadow mode that didn't commit
>>>
>>> best wishes
>>>
>>> Patrick



Patrick

me@xxx.ccom

To support@shadowdefender.com
Hi Tony,
Is possible that we could make Shadow Defender commit empty folders? Sometimes folders in a structure happen to be empty and we may want to keep them.

best wishes

Patrick

 

me@xxx.com ? That's one sexy e-mail address Patrick

On a more serious note, good stuff about the empty folder issue.

 

Thanks CM...yes I didn't think of the xxx bit

maybe should have used foo@foobar.com and kept away from using pink