The unofficial Shadow Defender Support Thread.

My wife uses a very old laptop (13 years old) on her treadmill, which runs on XP SP3 and always in shadow mode. There are no anti malware applications installed, only SD (1.4.0.60, and she had no problems whatsoever for the last 5 years, although this machine is never used for banking or purchases online...

 

Sorry for the delay in Reply Wendi, I've just noticed your post.

Yes Wendi, In answer to to your question, I suppose that I do.
I never run in anything but Shadow Mode these days.
When in Shadow Mode I'm running Sandboxie for my browsers and Tor client. I also use Keyscrambler Premium . I've lways continued to use anti virus Avast Pro to check downloaded files and Malwarebytes only on demand. I only use 'Commit by Shadow Defender' after checking downloaded files that I want to keep to my real system.
I suppose that when in Shadow Mode if I inadevertantly allowed/gave access to something malignant it might get to know something, somehow about my real system/network structure but as far as I know, I've never done that. If I feel anything untoward I immediately re-boot to real system. Then go into Shadow Mode again clean.
I also use Sygate Pro 5.5 Firewall which has served me well over the years. I have lifetime licences for Shadow Defender and Sandboxie but I use versions that suit my needs and system. I don't upgrade software automatically, I like to have the sense of control over my system. I'm not entirely sure how real this is as I have a limited knowledge of the numerous components that make up my system. Rightly or wrongly, I use 'feel' and intuition a lot to gauge if my system is ok. I've not gone with the more modern versions of Windows bacause I don't like to be connected umbilically and automatically and like the sense that I have control about what is coming in and going out from my pc.
Even with all it's shortcomings I liked Windows 2000 Pro as it seemed to me more businesslike and respectful of users. I use XP sp3 becauseI don't want to have to fight with an operating system that I run about who has the priority rights.

Patrick

 

If you always run in Shadow Mode (for all online disk volumes) without commits or exclusions, then any infection will be completely removed upon the next system startup/restart. Of course there's always potential vulnerability if and when you use SD's commit or exclusion functions!

The "chink in SD's armor" is that it doesn't protect against information leaks (data/identity theft) during a Shadow Mode session.

 

Pete, I'm not sure what it is that I misunderstood and I'm completely confused by your last statement ..."From a security point of view I don't see any point in running in Shadow Mode all the time". As I indicated in my prior post, running in Shadow Mode (no exclusions/commits) does provide absolute protection against system infections.

 

That's a real stretch Pete.

 

@sdmod, thanks for feedback. Concurrent use of SD and SBIE seems redundant to me, but I guess it can't hurt.

 

That's an interesting statement Pete. In essence take nothing for granted. I will have to study this further. Thanks for the mention.

 

Malware only need to launch Cmdtool.exe to commit files/a directory (setting of a password should mitigate it).
For example:

Code:

Commit of a directory:
CmdTool.exe /commit:"C:\Test"

Commit of a single file:
CmdTool.exe /commit:"C:\Test\test.txt"

 

Hasn't there been malware capable of bypassing VMs? If they can do that, then I would guess Shadow Defender would be walk in the park for them

 

I set NVT ERP to ask when Commit.exe is launched, that is Commit.exe is not whitelisted.

 

It's useful then to Deny/Default Powershell/ISE then. Or at the very least Alerted on the moment when it's engaged even from safe whitelisted processes.

 

If you don't use the commit function (I don't), simply delete (or 'Rem') both CmdTool.exe and Commit.exe inside your Shadow Defender folder. Also enable SD's password-protection.

 

With all due respect Pete, if you or anyone else thinks they can create a Powershell script that circumvents Shadow Mode I will eagerly put it to the test and if it does what you suggest can be done I will 'eat crow'. Until then I remain skeptical.

 

I should know this, but I can't remember. Exactly how do you REM something??

 

In that case all of this is strictly academic and not worth any concern...

 

maybe, Rename....for example ... "CmdTool.exe.old" ... "Commit.exe.old"

 

Yep!! As I said, I should have known that, but it's been so long it escaped me. Thank you.