The unofficial Shadow Defender Support Thread.

Ok, first of all I presume you meant v1.2.0.376 (if not, you should use .376 as it's the latest build and noticeably better than .370). SD does not sandbox apps (as does Sandboxie); SD is a light virtualiztion program that virtualizes entire volumes; therefore it has nothing similar to Sandboxie's Recovery methods. As you have noticed, SD does have the ability to add files/folders to an exclusion list (before hand) and also to commit any changed that occurred in Shadow Mode that you are aware of (before shutting down/restarting)!

I can't comment on any issues re Acronis or Macrium, but I can tell you that there are no SD issues with Drive Snapshot or Image For Windows. However, SD does conflict (unfortunately) with the new AX64!

Hth,
Cruise

 

That is exacly how I use it Bo

 

When I use the right click method for commit I get the following error



Anyone have any ideas as to why?

 

I don't know why you get this

Maybe a complete uninstall and re-install might clear it.
I take it that you are using the 64 bit version?
If that does not work you could try the latest beta 1.2.0.383
here

Patrick

The Official Shadow Defender Forum

 

If you still receive this error after following Patrick's suggestion, you might try disabling MR (it may conflict with SD)!

Wendi

 

Thanks sdmod and Wendi for the tips and which will taken into consideration. The version of SD is the Giveaway version and so an uninstall and reinstall is not possible. Down the road I will decide whether to update to a newer version. Thanks again all.

 

I got 2 questions, 1:So I want to know if I use Shadow Defender(and I will use the all sector virtualization) and all the new options in Shadow Defender when those options are avalible in future versions) Should I just install steam and stuff like that(mostly video games) on a external Hard disk? That way i can be fully vertualized?

2: Is my privacy concealed in Shadow Mode, or do i need to use something like AdMuncher to block trackers?

Note: I am taking these questions into consideration because when i get my new windows 8 Laptop I am gonna install Shadow Defender right when it boots up.

 

If the future options are implemented as planned, then you could enable ALLSector, put all critical attached disks in Shadow Mode, then use an non-shadowed drive for temporary storage while the main disks are in Shadow Mode. You'll have to allow Admin Rights and also allow low level driver access for Steam to install with that future SD version.

Regarding privacy, SD won't protect, it's not its role to do this in your system. Multi-layered security is always the best option. For full protection you'll also need a hips firewall with antiexecution functions, antimalware, plus antikeylogging/privacy software alongside SD, as it is now. Also use firefox, there are tons of good privacy add-ons for that one. I've also used AdMuncher in the past, it's a good choice for people who are still sticking with IE.

 

Can I use a partition from C: drive like 5 GB to store the data on and then still have C: drive in ALLSector virtulization?

 

There's an old saying, "you can't have your cake and eat it too", and that applies to your question.

Cruise

 

What does the option in Shadow Defender do ''Ram used as write cache''?
Also if I got windows 8 and I use Windows Firewall+Windows 8 Windows Defender+UAC/SmartScreen Filter(max settings)+Shadow Defender(Enter Shadow Mode on boot, no exclusions set) good enough or do I need to add something like Keyscrambler?

Note: This is going to be on a new system so while in shadow mode every time I reboot it will be like a new system because I am gonna store all my programs on a external hard drive.

 

The ability to use RAM as a write cache (instead of the HDD/SSD) is a very recent enhancement which further 'hardens' SD's Shadow Mode. Think of the cache as a temporary storage space (a sandbox) where everything new that's occurring while in Shadow Mode is written. We would like to believe that everything we do while in Shadow Mode will be undone upon shutdown-restart. While SD's write cache is deleted upon restart, using volatile RAM further ensures a complete cleansing. Also, using RAM for Shadow Mode's write cache makes for faster operation.

I have no experience with W8 (W7 does it for me), but be aware that at the present time SD's Shadow Mode offers little protection until your system is restarted (i.e., it wouldn't be difficult for certain malware/spyware to run while you are in Shadow Mode), so it definitely is advisable to use a policy of layered security.

TS

Ps. Quite a bit of SD-related security discussions/ideas can be found on The Official Shadow Defender Forum.

 

Anyone using Shadow Defender + Webroot? Any incompatibility?

 

Isn't it just about time for an updated next shadow defender release? Or should we expect to be prepared for another long drawled out delay again?

Just curious because the time interval from the last updated version to now is beginning to grow again.

 

Hi Easter, Received yesterday

Hi Patrick,

Thank you.
But i have no news to post.

Best regards,
Tony

On 2013-05-26 14:42, Patrick wrote:
> Hi Tony,
> Do you have any news about Shadow Defender? The forum is getting
> very quiet and it helps when you post because more people will come to
> the forum. I hope that everything is going well for you and that life
> is good.
>
> best wishes
>
> Patrick

 

Thanks for the reply.

I am using ver.370. I will update to ver.376. Is it advisable to so an install over..?

On the "commit" it would be that you need to search for anything that you have made or anything that may have changed that you might need and "commit" it via the Commit Tab.

How do you guys(users) monitor that effectively? I mean, (this is my scenario thus far) when the partition with SD boots it's in "normal mode". I only use SD (for now) when I surf he net.

I excluded the AV folder (which is Avira IS), Malwarebytes, KeyscramblerPro.

My download folder is still My Documents>Downloads. Whatever I download I scan and then I move (manually) to a "SD folder" I made located in another partition.

Whatever I print in .pdf like this topic I save in the desktop and then transfer it to the "SD folder".

I reboot to return to normal mode and negate whatever "bad" I got from the previous.

My main objective is to go without a firewall and just retain an AV with partition always in SD mode. But for no this is what I do to familiarize myself with it.

Might you give some tips how to use SD better..?

Thanks for the patience

 

You can also commit files by right clicking on them and clicking commit.

I don't have SD start with Windows so after rebooting if I don't see the SD icon by the clock in the taskbar, then I know that I am out of shadow mode. Also, if the SD icon is blue it means you are in shadow mode, yellow means you are not in shadow mode.

Bo

 

By MR do you mean Macrium Reflect? If so, your claim about a possible conflict is it based on your own experience? Just curious...

 

I see one daunting weakness in Shadow Defender; cracking it's password. How hard would this be if, a hijacker uploaded the entire disc by wifi exploit and spent whatever time was needed to break the password at leisure, then planted whatever files he chose to plant on the copy, then downloaded the copied drives back to the original hard drive in a second hack.

Technically possible? Perish the thought.

Or, hacker uploads disk contents, breaks password, victim has no idea. In possession of the password hacker may Commit files to disc at will.

Also, if the "Need password when committing file via shell context menu" box is not checked, hacker has an easy time of it.

 

"Shadow Mode" bar position is not virtualized (v. 376, Windows 7 x64).

I have noticed that when I change the position of the "Shadow Mode" (or "desktop tip") floating bar, the new position remains after I reboot, open SD and enter shadow mode again.

For example, if the bar is in the top center of the screen and I move it to the right lower corner and reboot, it appears in this position when I enter shadow mode again.

This is unexpected. Shouldn´t this position, being part of SD configuration, be virtualized?

 

at least there should be something like "Reset Desktop tip to Default Position"

 

Actually, it seems that, in general, changes made to the SD configuration in shadow mode remain after rebooting. I enabled "Start with Windows" in shadow mode. The setting appeared checked after rebooting, and Defender Daemon.exe was running.

 

Hi Bo, SD by default starts with Windows, any specific reasons for changing the setting?

 

Say the hard disk is in shadow mode but removable drives are not. Rebooting into Normal Mode then exposes the HD to unprotected removables if contaminated. A USB hub with built-in manual on/off switches would help a bit. When leaving Shadow Mode a routine to automatically turn them off would be nice, and a crimson screen and klaxon warnings, why not. It's very easy to forget about external drives and they should disengaged by default when exiting Shadow Mode.

A manual timer between the router and the power outlet reduces exposure when away from one's desk for long periods. It seems to me the targeted attack presents the greatest danger, when the hacker prefers the victim to be away from his computer for an hour or two to make his adjustments. Thank you Mr. Manual Timer. I'm leaning toward the idea of total protection of the disk inc MBR, floating bar and every other entry point of which we have no knowledge. A hole is a hole is a hole.

 

In my case I use it this way too. As far as I can see, Shadow Defender Daemon autostarts with Windows, but not not the GUI nor the tray icon.

I have it setup this way because I like to startup as clean as possible.