The unofficial Shadow Defender Support Thread.

Hi stapp & sdmod

Thank u both very much for your responses. Having read Tony's answer to the question "Q : Why Shadow Mode works only if I restart the computer, If I shut down the computer, all changes remain after reboot. " I realise that my initial post was sloppily phrased. I said shut down when actually I meant pressing reboot.

So, to be clear, when I navigate through the several menu items and am offered the opportunity to reboot. I press reboot and then the process of shutting down takes place. BUT reboot does not occur. Instead I have a black screen on my monitor which has gone into standby mode whilst the computer remains running but effectively hung until hard shut down.

Hope this clearer, apologies for incorrectly stating the problem.

Any further advice?

thanks

Terry

 

I asked earlier if you can re-boot using Windows safe mode?

Which operating system are you using?

I take it that prior to getting the black screen you were in Shadow Mode or had Shadow Defender installed and had expectations
that, on re-boot you would either go into 'normal Windows, Shadow Defender installed but (unshadowed mode)' or into Shadow Mode in Shadow Defender.

As I understand it Windows safe mode has changed in recent versions of Windows 8 and 10

In older versions of windows getting into safe mode was pressing F8 on boot

This mode of windows allows you to tinker in a bare bones fashion.

In this mode , having access to Windows you can uninstall Shadow Defender where currently you cannot (if I'm understanding correctly) .

What I am saying is that if you can run Windows in safe mode. Then you can uninstall Shadow Defender.
After re-boot or re-start and without conflict you should be able to boot into normal Windows mode with no Shadow Defender.
Then if you turn off fast boot hiberboot, hybrid boot, or hybrid shutdown. (They are all names for the same thing ) (which many recommend (for various reasons including Tony the developer of Shadow Defender).


After doing that, reboot or shut down and re start

You can then install Shadow Defender clean without hindrance from Hybrid Boot Fast Start.

If I am getting the wrong end of the stick please give me as detailed information as possible about your system and what you have done up to now.

Patrick

 

Hi sdmod

When the problem occurs:

1) I have SD installed

2) I am in Shadow Mode (Unshadowed on reboot)

3) Selecting discard/don't save and reboot, via SD GUI, the computer starts the process of rebooting and does not complete. It enters a black screen with standby mode on the monitor. The computer has not re booted nor has it shut down.The computer blue on off light is lit.

4) After waiting a long time the only way to move forward is a hard shut down. Then I reboot and the computer is effectively OK with all the installations made in shadow mode deleted. One caveat to this, the hard shut down on one occasion caused some problems which I had to rectify using the internet ie could not type in search bar.

5) At this moment everything is running OK BUT I have not used Shadow Defender since the last hard shutdown. SD GUI opens fine and appears to be working OK

6) There is no problem using safe mode nor is there a problem uninstalling SD in Normal Mode

7) I have unticked fast boot. I am just waiting to use SD again.

Answers to questions

SDMOD

A) I asked earlier if you can re-boot using Windows safe mode?

Answer: Yes

B) Which operating system are you using?

Answer: Windows 10 x64 version 1803


C) "I take it that prior to getting the black screen you were in Shadow Mode or had Shadow Defender installed and had expectations
that, on re-boot you would either go into 'normal Windows, Shadow Defender installed but (unshadowed mode)' or into Shadow Mode in Shadow Defender."

Answer:- Yes and I expected to go into UNSHADOWED mode.

SDMOD I hope this is clearer for you.

I am going to try and use SD again and install something to see if unticking FastBoot helps


Any comments gratefully received and thanks for your help

Terry

 

Hi stapp

Thanks for helping.

1) "Do you always select reboot from the SD GUI?" - Answer - Almost Always

2) "Do you ever (or rather did you ever) just select restart from the Windows start flag?" - Possibly once max twice a long time ago. More by accident than design.

ps. Tried SD again and installed the same piece of software as yesterday when it failed to Reboot. This time perfect operation. HOWEVER, this has happened previously amongst the failures. This time the difference is I have unticked fast boot. I suppose I will have to suck it and see for some time to determine whether the fastboot removal has worked

Thanks

Terry

 

Hi Terry Wood and stapp,
My hunch is , that now Fast Startup/Fast Boot is turned off everything will be fine for Terry.
Please let us know how you get on with it in the coming weeks.
Now that you have turned Fast Startup off, as far as I know you shouldn't have any problem with an ordinary reboot after a Shadowed 'session'. I hardly ever do a full shutdown and I haven't noticed problems.
I believe that shadow Defender can even recover on reboot even if you've deleted half your OS system files or have a nasty sudden system crash...Don't quote me on it though. I remember discussions from the distant past.

Patrick

As a secondary benefit of turning off Fast Boot you should not have those problems with Encryption software etc that Fast Boot can cause.


Check out post sdmod, May 5, 2016 #4556 and surrounding posts
stapp, myself and Tony were discussing it back then

 

Hi sdmod & stapp

Thanks for the help and giving me something to work with (fastboot) I certainly wasn't aware about Tony's comments re not using fastboot.

Will let u know in due course if I have a problem.

Terry

 

Hi sdmod & stapp

Tried SD again, installed software, rebooted then got blue screen. Error message K Mode exception not handled. What failed ntfs.sys.

Getting it cranked up again was a trial and it automatically went into scanning disk.

Terry

 

@TerryWood
Hi...what else security apps you have in that machine? Are they properly configured (I mean allowing, exceptions. etc.)?

 

Hi Ichito

Thanks for your input.

In answer to your questions:- Bitdefender Free, NVT ERP Pro 4, NVT OS Armor, Windows Firewall Control, KeyScrambler.

A couple of on demand scanners MBytes. and Hitman Pro.

As far as I am aware they are setup currectly. Only recently that I started having problems. Possible Win 10 Update problem?

Terry

 

@TerryWood

Making a post as i did have problems with Bitdefender (paid) and Shadow Defender about 12 months ago.(no shut down or reboot) Had to hard shut down.

As i do not use NVT ERP but use NVT OS Armor are there any "Logs" blocking anything?

Of the top of my head I'm not sure if Bitdefender uses ELAM but could be a problem.

https://docs.microsoft.com/en-us/windows-hardware/drivers/install/early-launch-antimalware

Have you tried disabling or uninstaling your security programs (God Forbid) to see if "SD" will work without them?

As I'm not using "Shadow Defender" on any system at the moment i cannot test this.

Regards

 

SD while enabling Shadow Mode creates file called diskpt0.sys...it's the standalone file and you should find it directly on disk C:


I suppose that some settings of your security apps...especialy ERP or OSA...can block creating such file so in effect you can't enter virtualisation. Try to find command/option like "creating file on system disk" and disable it to check is the issue roselved or not.

 

Things that I remember from the past causing problems with Shadow Defender were System Safety Monitor and Zemana.
Some software with a deep access, kernel level, almost with the same status as your operating system, on your system is 'sheepdogging' the files and won't allow the fluid movement of your system and locking things up
Sorry for the layman's language and non technical perspective.
The sort of things are live monitoring softwares something that jumps into action claiming ownership.
Over the years there have been very few of these sorts of problems with Shadow Defender.

I would just like to ask

When you turned off fast start did you do a clean shutdown and boot before installing Shadow Defender again fresh?
Was Shadow Defender off your system before this operation?

My sequence would be

Uninstall Shadow Defender in safe mode (or if you have access, in ordinary mode)
shutdown pc
clean boot
turn off fast start
shutdown pc
clean boot
Install Shadow Defender from scratch.

I'd maybe shutdown once again before use of Shadow Defender

If that didn't help then I think it is some sort of kernel level power conflict. as I mentioned above.

We used to get these sorts of problems with two anti virus programs running in monitoring mode
They would lock horns over ownership and freeze the system or drag it to a sluggish level where it wouldn't operate freely.

Sorry if I've covered things here that has been already covered.

Patrick

 

Can you make exclusions for SD on Bitdefender Free? Try that. If that doesn't work, then temporarily uninstall Bitdefender. And see if Shadow Defender works properly now.

 

OK but it depends on enabled features...i think about such like that which can be enabled to harden system

I don't remember how is in ERP but I can imagine that we can find something important option of blocking unknown drivers...unsigned files...unknown child processes.

 

Same on Windows 8.1 here.

 

Haha...marked action it's not the diagnose but only the hipotese...an example It can be also e.g. disabled or set "on demand" SD service...blocked by some modules needed action...I don't know becasue I dont know existed settings in others security apps. I think the best method is uninstall other apps and check step by step how is SD behaviour in each one case...or make exclusion if it's possible.

 

Hi @ Wilders

Thanks to the many people who are contributing suggestions. It is much appreciated.

The problem is that the myriad of of suggestions will take ages to work through in a methodical way.

A little more information to everyone:

Prior to the last several weeks (in which SD or something else has not been behaving) SD has worked as it should do. That is why I wondered in a previous post if it could be a Windows update issue. I also know (now) that SD does not like FastStartup, which I have now disabled. Since then I have had further issues with SD and ended up with a blue screen as described above.

On further reflection and research on the internet about "KMode exception - Not Handled" (which was the cause of the Blue Screen) I found the the cause can be dodgy drivers.

I was testing TinyWall in SD at the time of the blue screen (I tried to install it) but the systray icon was greyed out. I did not know at the time that Tinywall has a problem its driver is unsigned in Win 10 so it will not work. Others have produced a modified version which apparently does work.

So my question to SDMOD and other knowledgeable guys @ Wilders could this issue with TinyWall have been the problem that set off the blue screen?

Finally, I have used SD twice since the blue screen with apparent success. (Not with TinyWall)

Thanks

Terry

 

Hi Terry,
If you have identified and it has been documented that the particular version of TinyWall has a driver problem and TinyWall is now removed from your system and you are now not having problems with Shadow Defender, I would give your system a little bit of time to see how it operates in the coming weeks.
If everything is well in the coming weeks then, if you are brave anough and still want TinyWall, then you could try using one of the versions that doesn't have a driver problem.
This is just the sort of program that has caused problems in the past but rarely, I might add. It sounds like a glitchy piece of software and probably runs at a deep level being a firewall.
I am no expert but these are my thoughts at the moment.

I think that, (based on no real empirical evidence) that this particular TinyWall driver might have caused your bluescreen.

Maybe you got that grey out when trying to install TinyWall in Shadow Mode because Shadow Defender wouldn't allow the driver to run at a deeper level than itself.
That's just a hunch based on nothing but conjecture.

Patrick

 

Hi @ SD Support Thread

I said I would return and let the thread know how I was getting on after my problems with SD detailed earlier.

Since my Blue Screen I have used SD a number of times without incident, including directly shutting down as opposed to using the SD interface.

Thanks to everyone for their help.

terry

 

That's great news Terry and thanks for letting us know.

Patrick

 

Excellent

Glad that it got sorted out to your satisfaction. It's an awesome program.