Shadow Defender Questions

Discussion in 'sandboxing & virtualization' started by Wendi, Oct 25, 2010.

Thread Status:
Not open for further replies.
  1. Wendi

    Wendi Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    522
    Location:
    NY, USA
    I just downloaded and installed Shadow Defender (trial) and as there doesn't appear to be a user-guide, I would appreciate answers to the following questions (along with any tips you care to share):

    Where does SD place its Shadow Mode file? - can I specify a partition other than C: ?

    Which types of programs/folders should be placed in the Exclusion list ?

    With multi-partitions, is it best to just protect the system partition ?

    Is it best to set SD to go directly into Shadow Mode upon startup/restarting ?

    Should I install a new program by exiting Shadow Mode or should I install it in Shadow Mode and then commit it ?

    Thanks!
     
  2. Osaban

    Osaban Registered Member

    Joined:
    Apr 11, 2005
    Posts:
    4,222
    Open the main GUI on the top right there's a help tab.

    No, I don't think you can have access to the shadow volume, if Windows detected it, so would malware.

    It is really rather personal, but usually the antivirus updater (I have Windows Calendar, and a file where I keep interesting links) Keep in mind that the more you exclude, the more you weaken the system while in shadow mode. I prefer to commit files.

    Maximum protection is achieved by shadowing all partitions.

    Again it is a matter of circumstances and personal choices. I don't think it makes any difference. Some people might choose schedule not to forget to switch to shadow mode.

    If the program doesn't require a reboot, you can test it in shadow mode. If you are happy with it you can commit the installer, reboot and install for good. IMO it is very difficult and time consuming to commit a program already installed in shadow mode
     
    Last edited: Oct 25, 2010
  3. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    If we could locate the Shadow Mode container/file & then be able to use a secure delete app on it after a session, this would be a bonus :thumb:

    I've asked before about both these things, and nobody seemed to know the answers :(

    @ Wendi

    I've created an excluded folder on my desktop, but it could be Anywhere, including another partition and/or USB stick/drive etc. In here i keep a .txt file that i use to compose things i want to post/email etc, and where i save interesting links and info etc i find to later maybe save. I also temp save screenies for posting in there, and delete these and anything else i don't want after a reboot, or sometimes before. This folder is also very handy for storing anything i may have DL'd whilst in an SD session. I've never had any problems with this method :)
     
  4. Wendi

    Wendi Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    522
    Location:
    NY, USA
    Thank you for the feedback. Btw, I'm a heavy user of MS Outlook for Email, Appointments, etc. Should that be in my exclusion list (and for that matter, how about My Documents folder)?
     
  5. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,047
    Hi Wendi

    Unless you really understand where Outlook stuffs everything it is dangerous to run it shadowed. I would never do that. I use Sandboxie to protect Outlook.

    Pete
     
  6. aladdin

    aladdin Registered Member

    Joined:
    Jan 9, 2006
    Posts:
    2,986
    Location:
    Oman
    Hi there,

    MS Outlook keeps all the user data such as email, appointment in a .pst file. Usually, outlook.pst.

    I keep this file in a different partition, so that I won't lose my data when coming out of the Shadow mode.
     
  7. Wendi

    Wendi Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    522
    Location:
    NY, USA
    Don't you have the same issue with Sandboxie?
     
  8. Wendi

    Wendi Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    522
    Location:
    NY, USA
    Hi back atcha,

    I am aware of the folder which store my Outlook data, but if I keep it in another partition to prevent losing current Outlook data, then I can't protect that partition (which goes to the 3rd question in my op)!

    Wouldn't it make more sense to simply add Outlook to the Exclusion list (or is there a problem in doing that)?

    Using SD is more convoluted than I thought it would be. :doubt:
     
    Last edited: Oct 26, 2010
  9. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,057
    Location:
    North Carolina
    would not excluding emails, poke a hole in the defense of what SD does ? I used to stay in shadow mode for a week before coming out. With emails I have found having a web based email program is best with SD. It really isnt hard to use. The point is you are creating a virtual PC and anything that isnt "virtual" defeats the purpose.
     
  10. Wendi

    Wendi Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    522
    Location:
    NY, USA
    Hi trjam,

    I understand where you are coming from, but I won't give up Outlook - it's much easier (for me) to give up SD!
     
  11. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,057
    Location:
    North Carolina
    ok, what the hell, exclude it. Maybe install MBAM to run a scan of it before exiting out of Shadow Mode would be the easiest way to do it. You wont know until you try. You should be able to just exclude the main program. Forget the .pst crap as that is not a concern for what you are wanting to do, just the Outlook folders.
     
  12. Wendi

    Wendi Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    522
    Location:
    NY, USA
    I'm sorry, but I don't understand that (the pst file contains my personal Outlook email/calendar data, so doing what you suggest would prevent it from getting updated). o_O
     
  13. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,057
    Location:
    North Carolina
    would not just excluding your main program recitify that. I know it will as I use to do it a couple of years ago with SD.
     
  14. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,057
    Location:
    North Carolina
    C:\Windows\Application Data\Microsoft\Outlook\Outlook.pst
     
  15. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,047
    No. The biggest threat for me is what might be in an email, that could run, or attachments, that I might have to run.(I get voicemails as email attachments.)

    I run outlook sandboxed but give it direct access to the real files. (This could be the same as setting an SD exclusion)

    There are several advantages to Sandboxie though.

    1. Anything that might run like an attachment, also runs sandboxed
    2. Access to my personal folders and d: drive are blocked.
    3. Only Outlook, and Firefox can access the internet.

    Note that once out of Outlook, anything bad is contained in the pst file.

    Pete
     
  16. aladdin

    aladdin Registered Member

    Joined:
    Jan 9, 2006
    Posts:
    2,986
    Location:
    Oman
    Hi there,

    The .pst data file itself is not dangerous. Of course, MS Outlook and related stuff would still be running under the Shadow Mode.

    When you open MS Outlook, Microsoft brings the .pst data file in memory and locks the actual .pst data file on disk. When you close MS Outlook, after a minute or so the .pst data file is released from lock.

    So, if you open an infected email and trigger a virus, which was bypassed by you AV and other on demand security, the virus will be still contained in the Shadow mode.

    All my user data is under Z:\Dropbox and syncs to my other PCs.
     
  17. aladdin

    aladdin Registered Member

    Joined:
    Jan 9, 2006
    Posts:
    2,986
    Location:
    Oman
    This is what behind Returnil, which gives you a virtual disk as Z for saving your data on coming out of Shadow mode.
     
  18. crofttk

    crofttk Registered Member

    Joined:
    May 15, 2004
    Posts:
    1,976
    Location:
    Eastern PA, USA
    Unless one has changed the default it would be in the "C:\Documents and Settings\user_id\Local Settings\Application Data\Microsoft\Outlook" folder.
     
  19. Wendi

    Wendi Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    522
    Location:
    NY, USA
    Pete/KoR,

    As I'm just 'trialing' SD (haven't purchased it yet) - would I be better off with Sandboxie/Returnil/[something else] than SD (considering my daily use of MS Outlook)? :doubt:

    PS. My only other security software is Norton Internet Security 2011.
     
    Last edited: Oct 26, 2010
  20. Boost

    Boost Registered Member

    Joined:
    Feb 2, 2007
    Posts:
    1,293
    Returnil is very simliar to SD,so that being the case...
    For your case,I'd say give sandboxie a try,it wont mess with your MS Outlook at all.
     
  21. arran

    arran Registered Member

    Joined:
    Feb 5, 2008
    Posts:
    1,139
    anything you want for example I have Browser book marks, log ons and MD rules.

    For FF users if you want to save Book Marks navigate to the file "places.sqlite"
    located in ff profiles and add that to Exclusion list . If you want to save FF user password log ons navigate to the file "signons.sqlite"

    with the Tempory shadow volume being the one in use malware would have access to it anyway because you are using it, its location is irrelevant.

    When running in shadow mode I think a lot of it is actually running in memory.
     
  22. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,047
    I love and use SD, but I'd be cautious about a purchase at this time, given the developer Tony seems to be missing.

    Pete
     
  23. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,057
    Location:
    North Carolina
    I thought that was what I typed.;)
     
  24. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,047
    Removed two posts re license exchanges.

    Pete
     
  25. Wendi

    Wendi Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    522
    Location:
    NY, USA
    Thank you for the offer, but I'm an IE7 user. ;)
     
Loading...
Thread Status:
Not open for further replies.