The unofficial Shadow Defender Support Thread.

CyberMan969

any news on the Sinowal backdoor?

and ive noticed when enabling commit in explorer right click menu that it messes with windows aero themes for the right click menu , i use 3rd party

themes could tony fix this , since any other app that adds right click menu entrys doesnt do this , and i got several CIS 6 included , that would be nice , then i wouldnt have to disable it and go into shadow defender menu every time i want to commit a change


btw ive tried out sbxie 30 day trial , would anyone recommend it or is it enough to use SD, since my CIS 6 already has an built in sandbox not sure

 

I've been using SD on xp and win7 with no problems for a long time but it is not so with win8.

Even with the latest version (370) things which should not happed do happen! Last night for example I changed the wallpaper under shadow mode only to find it back on the screen when I switch the pc back on the next day. Then, after the next boot, it was gone.
Today the firefox user profile could not be found.

Beware of trusting SD if you have win 8 ....

 

well win8 sux anyhow so no worries there , lols

 

It can't be as bad as Windows ME was! IMO.. that was the worst Windows OS ever by far! I believe the ME part must have stood for MANY ERRORS lol Windows 8 looks like it would be really nice for portable devices, but I don't have any desire to try it on a desktop yet.

 

Hey, the SBIE free version is not a 30 day trial, you can keep using it for as long as you want. After 30 days, you ll see a screen about purchasing SBIE. People that get the paid version get extra features that make SBIE do things automatically and makes sandboxing programs and files more comfortable.

I use both, SD and SBIE. I use SBIE for security and SD for trying other programs but I can tell you that both work great together and I definitevely recommend you keep using SBIE. If you do, it would grow on you.

Personally, I don't open anything in my computer out of the sandbox. If I do, I feel I made a mistake.

Bo

 

I fully agree. Shadow Defender has become a useless and very much a dangerous tool. When I pointed this out Mr. CyberMan969 got very angry. This thread is full of horror stories if one reads carefully.

Two members and I myself had problem with Shadow Defender destroying "Schedule Task" on more than one machine. I had similar experience on three brand new machines with Windows 7 x64. Mr. CyberMan969 thought it was OK.

Another experience I had on one of these three machines, that it has destroyed "System Restore" and I cannot turn it on. All these problems on brand new machines.

Best regards,

 

And I've been using the latest version of Shadow Defender without corruptions or problems. System Restore is working fine.

 

Not all machines are effected.

Best regards,

 

well i guess im one of the "few" lucky ones that havent gotten affected as well , w7 sp1 x64 over here ,lols, anyhow if you guys have these issues go and do a report to tony im sure hell gladly help out if its an error on his side


@bo elam

so you say keep it ey , technically shadow defender is like one huge sandbox , everythings virtualized in shadow mode no changes get written to the hdd sectors , its like turning your windows hdd install into a live cd, when you select ram as write cache , but i guess for when i have to do system wide updates and thus have to disable shadow defender for a sec, its good to have certain apps sandboxed while doing so hence sbxie being that little helper i guess , good to know about the 30 day trial period and extended use with nag screens lols , i think ill buy it ...who knows maybe it will grow onto me even thou CIS 6 has an integrated sandbox

and thus dont give that much of an incentive to buy a seperate sandboxing app , it might not be as granular but its pretty close , sure sandboxie is abit faster but how much better is it really , anybody have tested this


https://www.wilderssecurity.com/showthread.php?t=339661

 

Many of us have reported these problems to Tony but there is no sign of a fix so far. I reinstalled SD to give it another try a few days ago, but today I ended up with Chrome bookmarks lost again, following reboot. I'm going back to Returnil until there is a clear fix announced.

 

you mean while in shadow mode you bookmarked something and when rebooting into normal mode it was gone , this is normal , or have i missed something here

 

No, I mean that every one of my bookmarks was gone. Wiped. Vanished. SD must have corrupted the bookmarks file and chrome reset it to a default blank file.

 

very odd

 

see post #2075 This is a long standing problem for some, not all
and many of us are changing our pc system structure and infrastructure day by day.
1.1.0.325 seems to be the most stable version from what I can glean.
I believe Apps are clashing/conflicting at a kernel level and the winner of the fight doesn't allow the losers the full range of movement that they would expect in "normal" circumstances...so you can get anti virus reconnecting to base when you've told them not to when not in Shadow Mode, apps losing their settings like when Nero used to become un-registered when coming out of Shadow Mode ( just sometimes, not consistantly). As I understand it kernel level drivers become the "King" over a whole raft of stuff (that they deem to be) under them . So if you get one kernel level driver that "needs" to reign in a very particular way he'll try to be boss irrespective of the way the others have been programmed to operate ...Could it be that different kernel drivers take dominion at different times depending on changing circumstances?.

 

Unfortunately Tony couldn't test the sample I sent him because it wasn't an executable. I have now sent him a large collection of other potent malware with which I have tested SD on a real machine. As I mentioned before, I firmly believe that antimalware testing produces reliable results only when it takes place on a real system, and not within a VM.

If you guys come across any new executable malware strains you can send them to Tony directly. Make sure you zip them with a password and include the file checksums. Keep the password simple (e.g. virus or infected). Also send him any malicious domain addresses that you may come across, in fact a lot of people get infected by browsing to such addresses rather than running an infected file.

Personally I use Sandboxie as well as SD for a more complete multi-layered protection. It's not overkill. A healthy degree of paranoia will come as standard, especially when you have seen as many people get burned as I have during my years as a tech support analyst. I haven't tested CIS6 Kiosk yet because I simply not need it. With the tried and tested Sandboxie and SD running I have no need for CIS 6 and its bells and whistles. I still run Avast free plus Comodo Firewall 5 which is still a great HIPS firewall and whose interface I like best. I don't see myself moving on to CIS6 anytime soon.

Regarding the problem you're having with Themes, it's probably best if you write to Tony directly. Give him as much info as you can about it, he may be able to fix it.

 

Try running portable versions of Firefox or Chrome from a different disk/partition that is not protected by SD. In my view there is no point installing anything on C: if it is also available in a standalone/portable format. The less stuff you have installed on C:, the least chances you'll get of an incompatibility occuring in the first place.

http://portableapps.com/apps/internet/firefox_portable

http://portableapps.com/apps/internet/google_chrome_portable

These versions update themselves easily and by having them on a different disk/partition means that you can keep C: always in shadow mode without having to commit anything when you update the programs themselves or when adding new bookmarks.

We must also understand that such problems are far from being widespread. Personally I have installed SD in 70+ machines of friends and clients during the last two years and I have only had one single SD failure on a Dell laptop which BSODed after the install. I service many of those machines on a regular basis and have experienced no loss of settings whatsoever with SD. This undeniable empirical evidence dictates to me that such problems are the small exception rather than the rule.

Consider this: Of the total number of users worldwide who install and use SD, how many would actually know of this forum, create an account, and then log in to report that SD works fine with them? The few people with problems are usually the most vocal ones, (and rightly so I may add). They are still a very small minority though, when compared to the total number of users worldwide who run SD without experiencing any such issues whatsoever. I understand that this is no comfort for the people who suffer from issues though.

 

This is irrelevant. Nobody seems to be reporting problems with the installation of SD. The problems come later, with the use of the program.

 

well as far as ive been able to test CIS 6 is excellent and its integrated sandbox is good enough for me not to require a more granular sandbox such as sbxie and it gets better with every update plus less clutter , this and a couple tweaks as the link ive posted too makes it pretty damn tight , about SD and themes ill go and report to tony asap , hope he can fix this minor issue , and hope he can get those mentioned issues from others fixed as well , its good to see him back in the game, hell ill go and invite him over to this thread

 

The incentive to use SBIE is that people that use it don't get infected. If its faster or not, it doesn't matter to me, all I care is knowing that when I delete and close my sandbox, my system remains intact. If you take a walk by the SBIE forum, you wont find people reporting infections. In my opinion, for new users like yourself, that's a good incentive to use SBIE.

Bo

 

says who? you? lol
If it doesn't work on all your "brand new" systems, move on, there's plenty of software to try with. There's a lot of people here who don't have a single complaint about SD.
It's just bad luck in your case, I guess.

 

Do you keep "c:" on shadow mode all the time? I don't know how to use shadow defender...

 

you have a point bo elam , thou i think ill stay with CIS 6s sandbox for a while and see how that turns out , since i currently dont have any issues with it the way kees set it up in his little CIS 6 tut that ive linked too , and from its functioning it does the same great job as sbxie currently sure it takes abit to get a hang of but sbxie has the same reuqirement , thou should it let me down in any way that a more granular sandbox would not do , then ill most certainly go back to sbxie , cheers and thanks for the informative feedback

 

its ok really , ive even contacted tony about these widespread issues some people are having here and told him about my little issue with aero as well , hell i even invited him over to wilders , we shall see how his time permits it , and hope we can get this excellent program even better , feedback is always good to polish programs

depends on if you have to do a system wide update then of course not but for every other instance , yes , and remember you can either set folders you want excluded from shadow mode to retain the data or use on demand exclusions called commits, i also suggest to use ram as writecache and enable encryption for write cache in options, almost like running a live cd , no sector changes except once you access those folders on your exception list or commit a change

 

So if I disable shadow defender to do a windows updade, all the changes in the system i have made before will disappear?

 

ummm... all changes you make while in shadow mode wont stick unless YOU yourself explicitly allow them to do so per commit or exclusions list as already mentioned this goes for windows update as well logically , meaning if you have to do a system wide update disable shadow mode , reboot then make sure its booted into normal mode and update and change whatever settings you must then reactivate shadow mode , that easy ...unless i missed something


i usually set it to shadow mode on boot when i plan on using shadow mode to make sure everythings 100% virtualized from boot , same goes for when i plan on using non shadow mode , i reboot , since this option is non optional you cant really decide , but the first one is optional aka as soon as you choose shadow mode on a non shadowed volume itll automatically set it to shadow mode meaning everything from that point on will be virtualized , thou since i dont completely trust it or better said completely grasp every detail of shadow defenders workings , i make sure to set it to shadow mode on boot and only then can i be 100% sure that everythings virtualized, if im wrong please do correct me