Does anyone know how Shadow Defender is coming along?

Saraceno- According to Murderlove, placing the AV & AS in the exclusion folder is the accepted thing to do. As a new user, I did it based on this info and the same statement in the help folder. So far extension updates are current.

 

I only use SD for on Demand only for testing software not needing reboots or malware testing just in case.In my case its not pratical to shadow full time because I make changes very frequent from software or desktop appearance and the like besides the fact Sandboxie always when I browse.IMO a muliple user pc such as the family pc would benefit always on shadowmode and continue after reboot.Its great to have the choice on the fly or full time shadowmode.

 

Anything can be excluded, as long as you exclude the right folder(some trial and error is required, in order to find it). This is perhaps necessary if you like to stay in shadow mode for long periods (more than a day).

I personally think that applications like SAS and MBAM don't really need to be updated in shadow mode, because you are protected anyway. The AV is a different matter as it could stop malware targeting Shadow Defender itself (a very rare occurrence, if ever). I also think from experience that the effectiveness of these virtualizers resides in their ability to clean a system with a simple reboot, therefore frequent reboots (say every 2 hours) add to more security in terms of personal data being stolen. You could use these intervals between reboots to update your scanners.

I find the beauty of Shadow Defender (as with ShadowUser) not that much in the exclusion list but rather in the possibility to commit folders to disk in real time (With DeepFreeze for example it's not possible).

 

Well Deepfreeze can use the mapping tool which can dynamically change data in selected portions or specific folders in a frozen partition according to faronics.How to use the gash darn tool is another matter.Deepfreeze does not allow on the fly protection requires reboot to freeze or thaw making it not the ideal solution for many but it was more targeted for colleges and the like with administration control in mind.Back to topic, SD makes a perfect solution for most user even the newbie can handle it,No need to be a rocket scientist to work it.

 

True, but only with XP.

 

With other alternatives such as Returnil and Shadow Defender, I don't see why anyone would want to use DeepFreeze. Like you said, its mapping tool is quite confusing; the documentation with regards to it is scarce, so it wasn't easy to get it to work (btw, I didn't get it to work). And the fact that it can't enter shadow mode without a reboot is really disadvantageous (not to mention, inconvenient).

 

Ditto. As much i like Deep Freeze that Mapping Tool was terribly complex and IMO too risky given the meager directions, if you want to call them that, which was supposed to be of some benefit for that purpose.

Now i only use DF very sparingly, although it is a wonderful concept and to my surprise very stable and reliable, it's chiefly designed as it is for static systems only.

EASTER

 

Agree 100 percent and have way threw my trial was enough for me.

 

After trying many times, i have concluded that SD has having issues with exclusion and Twister. I even mailed Filseclab to make sure i was excluding the right folders. At reboot, after Twister updates, Twister shows "definitions out of date" and date of last definition update 1/1/1970 (!!!) and no matter if it tries to update, it remains disabled.

The updates are treated correctly though, if you put the same Twister folders under commit now.

At the end i decided that i will update Twister once a day, before entering Shadow Mode. No big deal. But just to show that the exclusion thing has its quirks.

I made a bug report.

 

Very impressed by support. In about 12 hours i got a reply from "Tony" saying that he will install Twister and if he finds anything (that i have missed), he will let me know.

 

I wish you luck ,but it's gonna be hard.I thought that i've found it with avira after i monitorized it's installation and excluded all it's paths in program files and sys 32,but still got failed updates after a couple of days.
It's possible that there are minor product updates in which case some files (drivers)in system 32 must be excluded.Also if it's a major product upgrade some new files can be added.It would be an ideea for the developer to create a whitelist with default installation for major av's ,but i 'm not sure this is what Shadow Defender was meant for.It's perfect for on demand,or standalone without an realtime antivirus IMO.

 

When the av updates many files (included in windows directory), it can be very hard to figure it out. The thing is, that fortunately, Twister is simple in this too. I checked it with Filseclab support. It only needs 2 folders in Program files to update. The Filseclab directory and mainly def folder and the filseclab folder in Common files. That's all Twister alters after an update.

I got today a second email from Tony:

"Thanks for your support and feedback.
The problem was reproduced in my environment.
and i am trying to resolve it."

Anyway, it's not that big deal for me. I update Twister once a day before entering shadow mode, i can live with that. Some other folders that i need to keep unshadowed (like firewall rules, video chapters from films interrupted, bookmarks), all work for me and that's the most important. I could use manual commit files (in this case Twister's updates work), but Twister has this problem, that if i forget to commit and reboot, it will be disabled. So i 'd rather not tempt my fate, because most likely i will forget to commit changes sooner or later. Better to update once a day.

Of course, if he does manage to fix this in a future release, i will be an even more happy camper. But i agree, the main idea behind these programs isn't being able to update antivirus definitions. So this will probably take time. If it was so easy to exclude directories without manual commit, i figure Returnil would have already done that too.

One thing i can say for sure, that SD support is quick to answer and i was surprised he even bothered to install Twister, given that it's an unknown antivirus. (Poor Tony, in his first mail, he wrote that he will try "Twister and Filseclab". Understandably, he was probably thinking they were 2 different products ).

Nice to know. I haven't done any such fancy tests with it yet, but i haven't found anything to complain yet (i consider Twister's issue a minor misfortune). It does its job, runs VERY light and the support cares for what you have to say. And of course it has lifetime license. This has all the characteristics to become a favourite of mine, next to Twister. It was money well spent.

 

I like Shadow Defender and I am using the latest version on Windows 2000
but occasionally I find that when I have been in a "shadowed" session that on re-boot to normal mode Nero says authentication has failed and it might be a virus etc and to re-install. It is not a virus as far as I know. This has happened on more than one occasion and I know users with other softwares have had the same thing happen. Tony knows about it.
I'm wondering (regarding exempted folders in Shadow mode for saving) if some of the problems are caused by something like unique per session linear continuity identifiers that have a registry setting that is not in the exempted shadow session folder and therefore not carried over.
Not that I know anything about it, I'm just wondering.

 

I verified that Threatfire's antivirus definitions can successfuly update while in Shadown mode, using excluded folders.

There is still hope.