The unofficial Shadow Defender Support Thread.

I vaguely remember reading this somewhere before, possibly way back in this thread but not sure.

 

@Frib004, so when you keep your system in Shadow Mode for a few days (i.e., you have not performed a 'true' Shutdown for a few days) Windows bootup takes an additional 15 seconds, likely due to SD performing its 'housekeeping'. If your system and SD are otherwise functioning normally, it seems to me you are "making a mountain out of a molehill".

 

I didn't know that. As far as I remember, SD never slowed down the boot time on my old W7 machine.

I have fast boot disabled. I don't let my PC on for days.

 

Then how is your system remaining "in Shadow Mode for a few days"?

 

I mean that if I put the system in SM using the "enter Shadow Mode on boot" and leaving it in SM for a few days (even performing the full shutdown/restart) the boot time gets slower, but I noticed that it happens regardless I let the PC in SM for days or hours, so I might use "exit Shadow Mode on shutdown" and activate it every time I use my PC, which doesn't bother me, but is quite strange that it only happens to me.
Sorry for some ortography errors if I made. English isn't my native language . And many thanks for the support!

 

If you select 'Enter Shadow Mode on boot' the shadowed volumes will exit Shadow Mode automatically when Windows is rebooted or shutdown and when you next boot into windows the volumes you designated will enter Shadow Mode automatically. So if you are doing a 'true' shutdown every day, you really are never in Shadow Mode for more than a day.

 

Likely unrelated to how most use Shadow Defender (or OP) but i ALWAYS (just me) enter shadow mode while in an unprotected session. An hour or what have you, i manually click the tray icon and proceed to go into Shadow Mode on-the-fly even when testing malwares/file infectors/ransomware for the first time. Or when testing a program that i want to see how it behaves with the rest of my security defenses.

Then either by forced hard reset (nasty Sality file infector is rough) or simply rebooting, since i select that Option, Exit Shadow Mode On Reboot/Shutdown.

Nothing and i do mean nothing has ever circumvented or evaded it's Virtual System after a dump session.

I found in my usage of it in testing malware works best for me because heaven's forbid if i carried those bugs going forward if the system would even reboot.

On Sality file infector that crud even muffed the Shadow Defender files (ALL OF THEM) and i thought that i was toast. However a power plug pull/Hard Shutdown and on reboot you wouldn't even notice anything ever happened at all.

A complete wipe out of malware//no traces- System returned to complete normalcy again.

That's one major example among others why i continue to hold super high confidence in Shadow Defender to this very day.
Even an older version!

 

Alright, but when I choose to enter SM on boot, for some reason the next boot is 2x slower than when I choose to exit SM on shutdown. It's strange that it only happens to me. Is like when it enters SM on boot, the SSD "stop" reading and then "continue" looking at the disk's LED's.
I found "Shadow Defender command line parameters" but I don't know how to use it. Maybe I can automatically put C: in Shadow Mode after the system boots up?

 

So, after a few days of tests, I noticed that the problem was with Windows itself, so I reinstalled and everything is working fine now (including Shadow Defender v.726) .

 

Yes. SD does a really good job not only protecting, but keeping the system untouched at every boot. I think the only malwares that bypasses it is the ones that infect the BIOS/UEFI, which aren't commom.

 

Thanks @Chuck57,
Thanks for the information.
I can't remember if it was Power Shadow that I was referring to. It was a program that popped up when Tony was absent and people were hungry for news and progress. I don't think it was by StorageCraft (which was known to be legitimate).
StorageCraft made ShadowUser pro,ShadowServer, ShadowSurfer and other patented products
It was along time ago.
I was happy with StorageCraft programs as being legitimate and reliable so it makes me think it was something that stood out and alarmed me,as a possible hack or fake at the time. It came up with not much background info and no mention of Tony (Shadow Defender developer) who had been absent for years, which made people suspicious at the time because it was similar to Shadow Defender and Storagcraft Shadow programs.
My memory is poor and it was probably the program that you are referring to. I'll dig back and look through the thread that you mention when I get time.
I've always been curious and I wish that I knew what the link was between all these programs that were sort of Storagecraft 'clones'. Was there was something underhand going on or were the others sort of 'forks'?.
They were all so similar (particularly the GUI style and content) as to be made by the same person or organization. I'm guessing that the original for all these was a StorageCraft Shadow program.

I still have a copy of PowerShadow.2.6.0511 install file

 

8/2/23 will ring in the 3rd year's anniversary with no updates for this stellar app. A true pity.

 

If it is running without any problems, then there's no reason to update.

 

Hello.
Back in 2015 I asked Tony if he would enhance SD to protect Windows EFI partition. He agreed to do that and I believe it was introduced in build 591 (when the system volume is in Shadow Mode).

 

But in the case of malwares (even though rarely) that infects the BIOS/UEFI SD can't protect, right?
I also remember one test that Sinowal could infect a machine in Shadow Mode: https://www.youtube.com/watch?v=VTLuTjufQkU
Maybe it was patched with v.591 or 519 that virtualizes track0?

 

That exposure was remedied when Tony implemented MBR-Track0 virtualization (at my request) in build 519. As I can best recall, virtualization of the EFI partition was introduced with Track0 virtualization, but it didn't work properly until build 591. SD has no way of protecting system firmware (reported cases of infected firmware are extremely rare).

 

Yep, that's I expected .

 

Just read the recent posts. I've posted elsewhere that I have been a user of SD for many years and for the last 7 months been using the 'latest' version on a W11 system with the usual solid results.

Interesting to hear that SD may in fact have been a clone of another company's software. This makes sense and would explain why the 'developer' has been so elusive over the years. If you've nicked the software in the first place, you are definitely going to keep a low profile. I think it was pointed out somewhere in this thread, that SD cannot be totally abandoned as it is still being sold and someone is taking the money for new sales, renewing the website certificates and dealing with Avangate.
It also explains why there are so few updates, just enough to make it work with the latest versions of Windows (as long as you comply with the quirks like not using Fast Start).

Until proved otherwise, I am happy enough with this explanation and it beats any other conspiracy theories out there!

 

Under what conditions would a user remain in Shadow Mode 'excessively' (which implies multiple days of system operation without performing a full shutdown or restart)?

 

Up through v1.4.0.680, the registered publisher of Shadow Defender was "Yang Ping". Curiously, the last release of SD (in 2020), v1.5.0.726, reported the registered publisher of Shadow Defender to be "Beijing YiChengWeiLai Culture-Tech Co., Ltd.", so it's difficult (at best) to know or even guess what's going on.

Tony is a 'westernized' pseudonym for Yang Ping (the original developer of Shadow Defender), residing in mainland China with very little command of the English language. Over the years, whenever he did reply to my questions/suggestions his remarks were extremely brief. Also keep in mind that communications to and from the western world are filtered by the Great Firewall of China! Imho those are (more than likely) the reasons for his 'elusiveness'.

Regardless, I don't find remarks and suggestions to the effect that Tony probably plagiarized some other light-virtualization product to be factual, fair or proper (until proven otherwise).

 

My posts were meant as more of an observation and this is something that I have been curious about over the years rather than an accusation. The programs were so similar in language (textual description of function), gui and style.
ShadowUser Pro Version 2.5
Version 3 – January, 2006
by
Copyright  2004 StorageCraft Technology Corporation™
'ShadowStor'
and Shadow Server both had
'ShadowMode' 'enabled' etc
'Exclusion List'
'Auto Commit'
'Commit from the Context Menu'
and although not direct clones, both look extremely like Shadow Defender or Shadow Defender looks like them.
I could put the images here for (to illustrate the comparison) but they are copyrighted.
I'm convinced that there is some connection between all of these programs, not necessarily anything 'underhand'

 

Yesterday got an BSOD
SD v1.5.0.726
Windows 10 21H2 build 19044.2604 x64 Education

Code:

00 ffff8580`79ff5e18 fffff802`55894b70 nt!KeBugCheckEx
01 ffff8580`79ff5e20 fffff802`55728333 nt!memset+0x85470
02 ffff8580`79ff5e80 fffff802`55727e1a nt!KeClockInterruptNotify+0x453
03 ffff8580`79ff5f30 fffff802`55673e05 nt!KeInsertQueueDpc+0x183a
04 ffff8580`79ff5f60 fffff802`557fc02a nt!RtlLengthSid+0x135
05 ffff8580`79ff5fb0 fffff802`557fc7f7 nt!KeSynchronizeExecution+0x9ba
06 fffff20f`eee37190 fffff802`5803f269 nt!KeSynchronizeExecution+0x1187
07 fffff20f`eee37320 ffff998e`8f367000 diskpt+0x1f269
08 fffff20f`eee37328 00000000`00000000 0xffff998e`8f367000

Spoiler: dmp file

https://www.upload.ee/files/15075081/033123-4734-01.rar.html
Pass: 15&#gwqi3Vctlt2RH66e^H

 

LOL many things, sandboxed instances of Chrome (different user profiles), sandboxed Thunderbird instances, FLStudio (son working on a project), etc etc.
As soon as I clicked on a minimized sandboxed chrome instance which have been dormant for 3 hrs to maximized the window, mouse pointer froze for around 15 secs then poof!

Yes, many times many sessions.

 

Forgive me if I'm in the wrong place. I'm trying to find out if Shadow Defender is still in business? It comes highly recommended. I've noticed on SD's website, the latest version is from 2020. I need this type of product for a specific client's open-area PC. I'm concerned if it is still supported. Otherwise I am looking at Reboot Restore Rx Pro. I'd appreciate any input plus advice on where to post if I'm in the wrong location.
Thank you.