The unofficial Shadow Defender Support Thread.

Never happened to me either. What sometimes happens, if I shut down the computer in shadow mode without using SD's commands it will remain in shadow mode on the next re-start, almost like hibernating the machine in shadow mode. I've also noticed that on Win 10, if I exclude anything using SD's GUI, the program at times will reboot out of shadow mode with something missing (excluding bookmarks in Chrome might delete them upon rebooting)... As a result I use SD in default configuration on Win 10.

 

(dumb) Question - What's the difference between using Shadow Defender and using Sandboxie to run Windows Explorer?

also...
Does SD conflict with Rollback Rx ?

 

I think the main difference has to do with restrictions. Sandboxies environment is more restricted than Shadow defenders, even without applying any restriction via Sandbox settings. Depending on what you are doing, this can be good or bad, from Sandboxies point of view, good because programs running under Sandboxie can do less, they are allowed to do less, if they are malicious, chances of you or the system being harmed are lower. But bad because a lesser amount of programs can be successfully tested under SBIE. So, in my opinion, there's room for using both programs, you can use them for different purposes, Thats what I did for a long time. I used SD for testing programs or changes in the system and Sandboxie for security. I am not using SD now, the reasons being because I hardly ever test new programs and most of what I want to test (doing changes in the system, to see the behavior in the system afterward), can be done using SBIE. Also, I want to keep W10 as light as possible regarding the amount of installed programs.

Another difference is the time that takes you to open up a sandboxed version of Windows explorer, do what you want to do, and delete changes. It can be seconds, minutes. You dont have to reboot or stop whatever else you are doing to get rid of changes as you must do with programs like Shadow defender.

Bo

 

Shadow Defender protects entire partitions whereas Sandboxie protects individual (specified) apps. Used properly, both are great apps.

I can't imagine why you would even consider using SD with RBRx (or vice versa)? Based on my experiences with both of them I have found SD to be a safe and very useful security app, whereas RBRx is a potentially dangerous app - capable of destroying your OS (several years ago it destroyed my Win7 system)!

 

Basically Shadow Defender Virtualizes your entire C Drive, and any other drive you select in the settings. Sandboxie only Virtualizes which ever Vulnerable Application you choose to run in the sandbox. Sandboxie also uses software restriction policies to force applications running in the sandbox to run with limited rights. Shadow Defender uses no software restrictions policies at all, any changes made to your computer while in Shadow Mode are discarded when you reboot your computer. That's a very simplified description of how they work anyway.

 

I'm currently running Sandboxie inside Shadow Defender whilst I surf the web. Afterwards, do you recommend that I "delete" the contents of Sandboxie first - and then do my reboot after that?

Many thanks!

 

It doesn't really matter as a reboot will automatically delete any change (including the sandbox) that occurred in shadow mode. I'd say it is useful to run Sandboxie in shadow mode if it is configured with tight restrictions, therefore it would afford protection against personal data theft, which is not within Shadow Defender's security umbrella.

 

Using an anti-logger with SD is more appropriate than a sandbox.

 

Thank you

 

Hi guest,

I must say I've never heard of anti-logger, what is the purpose behind it?

Cheers

 

@n13
This is the good explanation and example how it works
https://www.spyshelter.com/what-is-a-keylogger/
SpyShelter is currently the best anti-logger with a lot of basic and additional features.

 

ichito it looks like good software, do you use it personally?

 

Yes...SpyShelter and Shadow Defender are from years the base of my combos on 3 machines - with XP, Vista and 8.1. Actually I don't need anything else. You should try them both and than see what the precious you have

 

Ok might give SpyShelter a try then. Is it reasonably easy to use straight after install- or is there any complex configuration that needs to be carried out first?

Thanks

 

Spyshelter is a HIPS. If you have a difficult time with it, you are probably better off with either Zemana Antilogger or KeyScrambler.

 

Hi Azure Phoenix,

I've had a browse through them, and I've noticed that the KeyScrambler software you mentioned has a "free version". perhaps I'll test this one first

Thanks also

 

KeyScrambler is an excellent product, but not if you use MS Edge (as it blocks all keyboard entries)! They are supposedly working on a solution.

 

@n13

You're welcome. Hope you find something that fits your need.

 

Anti-logger (anti-keylogger) = spyshelter, zemana AL, etc...

 

That's a good question.
I always empty/delete my sandbox whilst in Shadow Mode before re-booting. The reason that I do that is because in the distant past I have noticed that a sandboxed (Sandboxie) session ignored Shadow Defender settings and when I rebooted from Shadow Mode was there after re-boot. I haven't noticed this in many years but it did happen and more than once and that's why I take extra care with this.
I think that many years ago in Shadow Defender's infancy Tzuk and Tony got together to sort this particular problem of kernel level dominance out.
I tend to think that many of the current problems that occur with Shadow Defender are related to the architecture of Windows 10. As I recall, Tony recommended that we should not use Windows 10 fastboot/hibernate with Shadow Defender because with that setting on Windows doesn't completely close.

Patrick

 

I have had problems in the past with Zemana and System Safety Monitor conflicting with other security programs including Shadow Defender.
I don't let any kernel level monitor programs run whilst in Shadow Defender Shadow Mode. I also have virus programs running as 'on demand' only. My reasoning is that there is less chance of a conflict over control of kernel levels which might lock the system.
I have a deep suspicion of all deep level monitoring programs that run live and also I never allow chkdsk, (for me) it has always caused more harm than good.
I'm no expert and only go by what I feel is good for me.
My own personal usage experience of all these matters is with XP only.

Patrick

 

Appreciate your added input, sdmod.

 

Maybe your issue with SSM was the same/similar to those I've mentioned years ago in this thread
https://www.wilderssecurity.com/threads/system-safety-monitor-and-shadow-defender.326415/
At present using SpyShelter is probably not possible to reproduce such behaviour of Shadow Mode because SS stores own config files on system disk so every time when it is virtualised everything that belongs to SS is virtualised also. SS and other aps I'm using in combo with SD e.g. Online Armor, Outpost, Jetico, Kerio, ERP install kernel drivers and I've never noticed conflicts because of it...it's interresting what you wrote.

 

With all due respect XP is an operating system that is no longer supported and therefore it should not be used as a source for experiences related to SD. As far as I'm concerned with Windows 10 in all of its past iterations, I've never ever experienced one single item surviving a reboot out of shadow mode, including a sandbox from Sandboxie. If that had been the case, I would have dropped SD on the spot.

@ n13 About anti-loggers, they certainly are specifically designed to stop information theft, but it is another layer, and effective if you don't have Sandboxie.

Sandboxie can be configured to allow access to the Internet to specific programs of your choosing. Likewise it can be configured to allow only specific programs to start and run in the sandbox. If malware cannot start, run, and connect to the Internet, how are they going to steal your personal data? Nothing can be 100% safe with very talented hackers, but the average user is not a target in most cases...

 

The XP POSReady 2009 is still supported. I receive monthly security updates as well. Using SD there. Windows Update Catalog