The unofficial Shadow Defender Support Thread.

Hi,

Everything is going smooth with Windows 8.1.1 X64 Bits Operating System.
I un-install Malwarebtye Anti-Exploit and Aguard from my setup on the PC's!

I had a problem booting the older PC that only has 3 GB of Ram. And it is Windows
X86 Bits Operating. This current twice until, I ran repair with the Windows 8.1 CD

Let see what happen today! Both Sandboxie and Shadow Defender are working well
with another.

Still waiting on insight to this question below:

Question,please! How often is Shadow Defender updated? And is the development on going? Can you explain or give me
more detail?

http://www.shadowdefender.com/images/new.gif2014.4.25
Version 1.4.0.519 is released.

http://www.shadowdefender.com/images/old.gif2013.9.13

Seem to be a big gap with this time period. If a professional had a gap like this on his resume. He/she
be not working or on unemployment. Can you explain? And give one better insight into this,please?

 

Quick question, please! Does it matter which one you start first? Sandboxie and then Shadow Defender?
Or Shadow Defender and then Sandboxie?

Thanks!

 

Yes, development is still going on but the answer to why software updates aren't as frequent as, say Sandboxie, is because Shadow Defender is already a mature product that only really needs updating to add new features (recent examples include support for SSD, allocating memory to the write cache, track0 virtualization, etc) and for bug fixes to reported issues.

It relates to what I said previously: Because Shadow Defender operates at the disk sector level, beneath the Windows file system, other applications are unaware of its existence. That's why compatibility issues with other applications rarely arise, and why it doesn't need to be kept up to date to cope with software updates to other applications. This is also why Shadow Defender is compatible with Sandboxie because Sandboxie is just another application that is unaware of what is taking place below it at the disk sector level when Shadow Defender is in Shadow Mode. Of course, things like operating system version changes will have an impact, and Shadow Defender does get updated for this.

Whilst the technical implementation is undoubtedly complex, light virtualization programs that work by redirecting disk sector writes to a temporary cache offer a robust, elegant, and conceptually simple solution to managing system change.

 

pegr,

Many thanks,for going into detail!

Next question,please!

The longer you are in Shadow Mode and the more System Changes occur the more space the Shadow Volume will consume?

What are your thoughts on this?

Kind regards

 

*hangs himself*

 

That is right. If you open SD's GUI and click 'Administration' 'Notify me with low free space on the protected volume' should be ticked. In practice nowadays most computers have huge hard drives, and it would take probably months of usage before reaching this critical state. I also think that it is safer not to stay too long in shadow mode (a day at the most), so that if malware finds its way in, it would be neutralized by rebooting. I usually reboot after an average of 2-3 hours...

 

I should think Shadow Defender first, so that Sandboxie would be started within a shadow session...

 

marzametal,

*hangs himself*

Not sure of what you are saying? Open ended with could be anything?
Explain with detail, please?

 

Osaban,

Thanks! For giving me more detail, in which help me learn quicker about this Shadow Defender.
So,that I can put what I had learn in everyday practice with using this information. Again, many
thanks!

Kind regards,

 

The preferred route would be to enter Shadow Mode before starting Sandboxie, as Osaban said.

If you start Sandboxie first, all file writes redirected by Sandboxie into the sandbox container folder prior to enabling Shadow Mode will persist until the sandbox is emptied. After Shadow Mode has been enabled, all further file writes by Sandboxie into the sandbox container folder will also be redirected by Shadow Defender into the disk sector write cache and will not persist. After exiting Shadow Mode without first empting the sandbox, the sandbox container will be in an inconsistent, partial state until it is next emptied, which may or may not matter depending on what the sandbox is being used for.

The key thing to understand is that running Sandboxie and Shadow Defender together involves both file system redirection and disk sector redirection, respectively. The performance overhead of the double redirection is negligible though. Even though I have a 10-year old PC running Windows XP, I have never noticed any performance impact as a result. If it is desired to avoid this, the sandbox container folder can be added to Shadow Defender's File Exclusion List. Alternatively, the sandbox container folder can be relocated onto a non-shadowed drive. (RAM disks are particularly effective for sandboxes used for web browsing.)

 

To add to what Osaban said, Shadow Defender does not copy entire files in the way that Sandboxie does, but only copies changed disk sectors within files. Even though my system has been running in Shadow Mode for a couple of days now without a reboot, the space used by SD is still only 634 MB. The only time this is likely to become an issue is if there are a large number of changes to disk sectors taking place while Shadow Mode is enabled. For this reason, you should not defragment the disk while Shadow Defender is enabled. It would fill up the disk sector cache much quicker and there wouldn't be any point, as all changes would be lost when rebooting to exit Shadow Mode.

A disk sector cache is created for each shadowed volume within the free space on that volume. If there is enough spare RAM, some can be allocated to the write cache. Shadow Defender will first use any allocated RAM before automatically switching to using free space on the volume. Running virtualization caches from RAM is a great idea, both from a performance and a privacy perspective. The same thing can be done with Sandboxie using a RAM disk. I found SoftPerfect RAM Disk (free) to be a perfect complement to Sandboxie for web browsing.

 

pegr,

Wow! A lot of nice information being sent my way. I am going to read over a few times to digest completely.
Keep it coming! Again, many thanks! And I really appreciate the details and amount being sent to my questions.

Just try to install SoftPerfect RAM Disk? On Windows 8.1.1 X64 Bits Operating System.
On install it give a error. So, I cancel and rollback the chances. I think it only for Windows
XP, 7, 8. But not Windows 8.1.1. Anyway Thanks!

Kind regards,

 

Great information and very well put

Patrick

 

Again, thanks for a concise and readable information about Shadow Defender pegr.

I'm replying to both of your posts so that they can be found in one spot. Well, two spots actually, but adjoining
I'd be happy (if you get the time) if you would post those posts to the Official Shadow Defender Forum. I'll sticky them if you do.


Patrick, Admin, The Official Shadow Defender Forum

 

I just thought I'd add my 2-cents worth to the subject of using Sandboxie together with Shadow Defender. I realize that some people are using SBIE for system security and SD for trying new apps, changes, etc., but (imho) SD serves both purposes, so I just don't see how running both of these great apps at the same time makes much sense!

Cruise

 

Cruise, I almost agree with you, but I still have some reservation about SD's ability to prevent infection of Windows' kernel. That was one of my concerns which led to my suggesting (over a year ago) a drop-rights option for shadow mode, plus preventing driver execution (under all circumstances). These important security features are provided in SBIE.

Based on direct communication received from Tony, my suggestion is very difficult to implement and will likely be a long time coming. SD (especially in its latest version) can provide strong protection, but imho a good (real time) anti-malware app should be used with it.

TS

 

Hi Cruise, I think using both programs at the same time can be beneficial if the user is using Sandboxies free version since the ability to use multiple sandboxes at the same time or force programs to run sandboxed automatically is not possible but for someone using Sandboxies paid version, I think its best to use Sandboxie for security and Shadow defender for testing programs or changes in the system. Thats how I use this programs and both work great for me.

But I guess ultra paranoid persons can use them both for security at the same time even if you have a Sandboxie license. There is no harm doing that, I know it can be done since they don't conflict with each other.

Bo

 

I somewhat share that concern of SD's potential vulnerability for Windows kernel infections, so in that regard it may make sense to use SBIE (free) and SD together for security purposes. SBIE does not allow driver execution and by enabling its drop rights option I don't see how any malware delivery mechanism could execute!

Wendi

 

So if you use them together, which do you launch first and which do you exit first?

 

Shadow Defender by itself does not prevent the system from becoming temporarily infected while in Shadow Mode. It is important to prevent the damage that active malware may do in terms of data and identity theft until the system is restored to a clean state at the next reboot. Sandboxie's rich set of policy restriction features that can be applied to sandboxed applications is one of many ways of achieving that.

Shadow Defender is about more than protection against permanent malware infection and software testing though. It also provides an easy way of keeping the system in a known, stable state during normal day-to-day operation, allowing system change to be managed. For these reasons, some people may choose to run Shadow Defender and Sandboxie together.

Although, I have a paid lifetime Sandboxie license, obtained before the Invincea buyout, I prefer using AppGuard alongside Shadow Defender, but that's just me. My system is permanently in Shadow Mode, except for a regular maintenance slot where I apply software updates.

 

Thanks for the kind words, Patrick.

I'll try and find time to post these into the Official Shadow Defender Forum, sometime over the weekend.

Regards
pegr

 

See post #3385 above.

 

Thank you Pegr, guess I missed that.

By the way, if you are permanently in Shadow Mode, do you use the RAM option or disk option?

And how do you handle the ever changing data issue on your system? As one example, I process lots of email every day with a local email client and I need to retain copies of just about everything. How would I do that?

 

Hi Tom,

I use the disk option because I only have 1GB of RAM on my 10-year old Windows XP machine. I'm going to buy a new machine when Windows 9 is launched next year, and I will make sure it has lots of RAM so I can start using the RAM option.

The best way to handle changing user data is to have an additional volume that holds all user data, which is kept in Normal (non-shadowed) Mode. This could be a 2nd internal hard disk or, with only one internal hard disk, by partitioning the disk. The alternative to a separate data partition is to make permanent SD exclusions for folders containing user data on the system partition. A separate data partition is superior though for two reasons: -

1. If you want to engage in a high risk activity, you can quickly lockdown the entire system by temporarily putting the data partition into Shadow Mode. Obviously, you would not be trying to make changes to user data while doing this; or at the very least, you would have to remember to manually commit any changes you made to user data while in Shadow Mode.

2. The task of using imaging software to backup the system partition is simplified if the system partition does not contain user data. The images will be smaller, so backing up and restoring images will be quicker. (Even if using Shadow Defender, it is still important to backup the system and data in order to be able to recover from a hard disk failure.)

For your email, you need to make sure that your email folders are excluded from virtualization. I use Thunderbird and I used the Thunderbird Profile Manager to move the Thunderbird profile folder (containing emails, settings, add-ons, etc) to the data partition. The Thunderbird program itself, remains installed on the system partition - it's only the profile folder that has been moved. An additional benefit is that when restoring a system image, the email profile folder remains intact after the system has been restored.

I did the same thing with Firefox, using the Firefox profile manager to move the Firefox profile to the data partition. Finally, I relocated the My Documents folder, containing all my personal files, onto the data partition. If you don't have a separate data partition, or you are using applications that don't allow you to relocate their user data folders, you will need to add all folders containing user data on the system partition to SD's File Exclusion List.

BTW, while I think of it: Don't make SD file exclusions for program data. Changes to program data while applications are running are often accompanied by registry changes that won't be saved when you exit Shadow Mode. As well as being less secure, the risk is that an application, or even the entire system, could become unstable as a result. For that reason, I suggest not making exclusions for anti-virus definition updates. Just let them get automatically reapplied when the system is rebooted. The only exclusions you should make are for user data: emails, personal files, etc, if not held on a separate non-shadowed data partition.

Regards
pegr

 

Thanks, Pegr, very valuable and helpful info.