The unofficial Shadow Defender Support Thread.

hehe running Win7 x64 here

also watched some reviews for defense wall seems to be quiet decent application...But generally speaking some hips application would probably make sense wouldn't it? defense wall is firewall/hips hybrid I guess. Any other solution due to running a x64 based system?

 

AppGuard, you can then easily make its MBRGuard feature inactive if you want

 

ok took a look into it.

Since I am running shadow defender + router I need something that blocks unknown applications from establishing an outgoing internet connection. A firewall for outgoing traffic only I suppose. Because those two solution were not free I also took a closer look at the win7 firewall but figured out very quickly that it does not trigger messages for outgoing traffic. Instead it blocks just everything silently. You would have to make a rule for every single app that you want to get through. I would like to have it trigger a popup asking me about outgoing connection and when I click allow it should make the rule automatically....

 

Well, I think there is not much outgoing only kinda firewall that work on 7x64 for now. But there are many good free 2-way firewalls that you could maybe configure to work out only (Private FW, Online Armor, Comodo...). I use and like Look 'n' Stop and there is a subforum here at wilders dedicated to it, minus are that it's not free and the future development is uncertain.

Any ways, we are going off subject fast here and it would probably be better to discuss this more in the firewall subforum, imho

 

Thanks a lot, ruinebabine.

 

What's the dif. between Exclusion List & Commit Now?

 

Exclusion List is a list of file and folders you don't want SD to protect.

Commit Now commits to the real system *everything* you have done since entering Shadow Mode.

 

And a big thankYou to LoneWolf for putting me onto this program. So simple but effective.

Any useful tips for new users from what you guys have gleaned?

 

some people use Exclusion List.
i used to track the changes i made in a text file, then re-booted and applied those changes.
of course, don't forget to Commit that file.

it's a really simple program really, there isn't much tips than can be learned.

 

--------------------------------
edit:

i remember that you can commit single file, folder etc...

you can also Commit all changes since entering Shadow Mode.
i don't have SD installed atm, so i'm using my memory.

which is not what it used to be.

 

It is true, it is so simple and effective that it is a shame to see it abandoned intentionally/unintentionally by its programmers.

Useful tips? All virtualizers seem to work faster with well defragmented harddisks, particularly when these are more than 50% full. Another issue to remember is about keyloggers and generally malware calling home, credit card numbers and private information are not protected at all, you ought to have some other layer for that.

There is a technique I often use and it is about rebooting straight after the use of a credit card, so that any malware wouldn't have time to organize any leak (I know it's not full-proof but one wants to make life as hard as possible for malware).

 

My setup is LnS, SBiE, MWBfree, KeyScrambler Prem. Snapshot Drive Imaging & now Shadow Defender. I tried spyshelter but uninstalled it. I developed a hatred for noisy HiPS constantly seeking attention and unfortunately SpyShelter exhibited some of these annoyances and was shown the door.

 

I completely agree. Although virtualization software shortens the time to removal and ensures perfect clean-up, it is still important to try and prevent malware from running in the virtual system in the first place, and also to prevent identity/data theft from occurring if malware does get onto the virtual system.

The kind of additional system-wide security layer that handles both of these tasks well tends to fall into the policy-restriction category. AppGuard, DefenseWall, and GeSWall, for example, are all highly effective applications that work well in conjunction with Shadow Defender (I use AppGuard).

Assuming that you normally run the PC in Shadow Mode, why not reboot just prior to online banking or shopping? Providing you are reasonably sure you had a clean system before entering Shadow Mode, any malware that may have been running in the virtual system will have already been wiped out before you start.

 

You are perfectly right, as a matter of fact that's what I do when I use my credit card. If one installs SD on a clean system it would be highly unlikely for malware to survive a reboot, and there's also spyware that needs a reboot to install properly, therefore it is a good technique to avoid unpleasant surprises.

 

I agree with you HIPS are a real pain if one is not interested in computer processes, you seem to be well equipped against outbound malicious connections.

 

Someone just said that you can commit everything that has changed on the system. How would you do that? It would make my life a lot easier. Instead of trying to make the change, then remembering that I can't, then rebooting and making the change and then going back into shadow mode. I recently started to use shadow defender as realtime instead of on demand. I also ditched my AV. Once I started using it, I was trying to perform things like adding bookmarks, changing around icons, deleting files, then remembered that everything would be changed on reboot. Then I sent it back to on demand. I don't mind sacraficing convience for security but if I can commit all changes that would help a lot.

 

Never tried that, but wouldn't this work?
(Might take a long time to commit though)

 

Good point. I guess that would work, wouldn't it? Since the host drive has everything on it. I'm sure I have to be sure that I don't have any infections or malware running. I think when I said that I was ready to ditch my AV, that was kind of premature.

 

I've been using Shadow Defender ever since LoneWolf put me onto it. So I'm an expert since I've had it operational on my PC for all of 24hrs now.

I think this is all there is to it.........

http://img718.imageshack.us/img718/8004/commitnow.png

(Yiiii. LoneWolf was too quick for me. Snuck in while I was editing my post.)

 

Oh man you are an expert. 24 whole hours? Thanks for the link. Unfortunately I'm in work so that link is blocked. I've been using shadow defender for a couple of years now but only when needed. I never thought to use it real time. Too much work. Hopefully I can find a nice balance and use it in realtime and keep my sanity.

 

Ok I was able to check that image out on my phone. Yeah I could add each of those when I need to update certain things. It's a good idea.

 

Work on Win7 x64 ?

 

Similar sort of concept to Sandboxie in a way. Just as long as you remember to save work to certain designated folders.

The hassle comes in when you do changes inside the op. system. e.g.

HiPS: "Such & such program is trying to execute a particular function that I'm not familiar with. Should I allow or deny sir?"
Me: "Allow permanently and don't ever ask me about it again."
HiPs: "Yes sir."
Re-boot
HiPS: "Such & such program is trying to execute a particular function that I'm not familiar with. Should I allow or deny sir?"
Me: Didn't I tell you never to ask me about that process again?"
HiPs: "Hang on, I'll check my records. No sir, this is the first time this incident has ever occurred in living memory."

 

Yeah I'm familar with both of there workings. Thats the issue is that I'm so used to being able to make changes without having to reboot. The less things I have to remember the better. Sandboxie is easier to configure and allow changes. Shadow defender requires you to turn it off and have a reboot. I'm sure once I get used to it, it will get easier.

 

There is a standard way to do this on exit from Shadow Mode, which is how I suspect the developer intended it to be done. Commit Now from within Shadow Mode is useful for committing specific file and folder changes that don't involve Windows system files such as the Registry, etc.

To commit all changes on exit from Shadow Mode, do the following: -

• Open the GUI
• Click on Mode Setting
• Make sure the checkbox against the system volume is checked
• Click on Exit Shadow Mode (NOT Exit All Shadow Modes)
• From the dialog box, choose the option to Commit all changes and check the Force dismount volume checkbox if required

The changes will be physically committed to the disk during the reboot, outside of Windows, before Windows starts.