Shut down troubles with SD !

Hi,

I'm on Vista Business 32 bits platform on my computer.

Since a few weeks, I'm experienced some troubles when shutting down my computer in a shadow mode. It takes so long time, that I have to leave the room. It takes more than half hour certainly and I have to force the shut down with my finger on the shut down button.


How can I fix this troubles, please ?


Thanks in advance,

 

What other programs you running?

Also, which version of SD are you using?

 

Hi Saraceno,


I have the 1.1.0.278 version.

I'm running also Sandboxie, Outpost Firewall Pro, Eset Nod 32 and Malwarebytes.

I've not troubles when shutting down in a normal mode. Troubles appears only when I'm in a shadow mode and I want to shut down my computer.

 

Which that much of softwares on it,its asking for trouble.
LOL Somebody hooks Somebody.
Serious best place to ask is Tony the developer of SD on their forum.

 

You are using an old version. Check out the newest version 1.1.0.320.

 

also go to safe mode and last known good configuration and reboot

 

You should try a shutdown and note the exact time when the system hangs.Then by looking in the Event Viewer logs (in Administrative Tools) you should be able to determine the source of the problem.

 

Sorry, I'm late to reply... I wasn't at home.

These are the error messages on the Event Viewer logs (from french):

NETBIOS on TCP/IP
Automatic settings Service WLAN (NPIS Usermode I/0 Protocol)
Windows Explorer
Computers Explorer
Spoolerwin32 SPL
Distributed DCOM

By the way, I got the latest SD version, 1.1.0.320 but troubles still remaining.


I'm under SUA and Admin account and under SRP policies.

Thanks for any good suggestions !

 

I gave up on Shadow defender for now.I had trouble entering shadow mode since windows7 . 9 times out of 10 it would be ok but sometimes it would freeze and had to shut down by off button

 

I don't know if it's SD or SB or any others programs or services.

For now, I can't restart or shut down my computer in a few minutes, it takes an half hour. It occurs even in normal mode (not shadow mode).

To give an example, for 10 shuts down, only 1 shut down in a few minutes.

I don't know what's happening and what to do.

I even restart with selective programs (trough msconfig) to identificate the culprit one by one.

 

Do you have any file/folder locations in the exclusion list?

I'd remove any exclusions, and just manually right-click and 'commit' any file you want to keep.

Say you have 'my documents' or another folder in the exclusion list, and large files are being saved/written to this location, might cause some slowdowns.

Just a thought. Might have to email Tony (developer) to take a look at what the problem could be.

 

Ashanta,

So with DefenderDaemon disabled in MSConfig,you still get no relief from
the slow shutdowns?

Those EventLog entries you submitted,I am pretty sure if you check their time stamp,you will see they do not conform to the shutdown time you noted when rebooting in ShadowMode.
They are almost certainly old entries from a non-Shadowed session,as event log entries do not survive reboot in ShadowMode.

Maybe you could post some of the latest entries obtained while rebooting with ShadowMode off,and some of the more knowledgeable members* here may see
a red flag that will help get at your problem.
Rat

*me, not being of course, in their number.

Saraceno said:


"Say you have 'my documents' or another folder in the exclusion list, and large files are being saved/written to this location, might cause some slowdowns".

Damn!!! That is so true!! ShadowDefenders Commit time is rather slow as compared to say, Returnil 2008,and if it is asked to commit what is apt to be a huge amount of data,such as "my documents" it will take a long while.

 

A shot in the dark: can you try to turn off UAC, and disable SRP (set the system to default). Does Outpost Firewall Pro have a HIPS module? I would also try to exclude SD in the exceptions of Nod32(-Commit-Defender-DefenderDaemon) Unfortunately in these situations, one should uninstall whatever is active, and see how SD behaves.

If you have a working image of your system, you could uninstall all security applications and see if SD works alone with Windows. From this point on if SD works with Windows, you can install every application one by one and see what happens.

 

Saraceno,

I remove all the files/folders locations in the SD's exclusion list : can't shut down neither restart Vista.

I'm in contact with Tony, but for now, there isn't not real solution. He's working on that. I'm still waiting for his reply email.

 

Dear Osaban,

I turn off my UAC (SUA in Vista) and disable SRP to the default one ( I removed all the exceptions rules). I make an exceptions to SD on AMON from Nod32.

Here are my results:

With blank SD exclusion list, UAC and SRP disabled and exception SD on AMON (NOD32) on shadow mode and Sandboxie enabled :

can't restart neither shut dow my computer.

With blank SD exclusion list, UAC and SRP disabled and exception SD on AMON (NOD32) on Normal mode and Sandboxie enabled :

Can restart and shut down properly



With blank SD exclusion list, UAC enabled and SRP disabled and exception SD on AMON (NOD32) on shadow mode and Sandboxie enabled :

can't restart neither shut dow my computer.


With blank SD exclusion list, UAC enabled and SRP disabled and exception SD on AMON (NOD32) on Normal mode and Sandboxie enabled :


Can restart and shut down properly


Yes, Outpost Pro Firewall has a HIP module. I noticed that under my UAC enable, when comitting with SD, OPF ask me to authorize this action


Thanks Ratwing for your reply,

I can recover saved files from my sandboxied internet brower in normal mode, not shadow mode.



I have also Zemana Antilogger, another HIP program running.

 

Dear Osaban,

I can suspect Outpost Firewall Pro.

See the attached file (sorry in french)

Which Sd module is responsible for beeing shadowing all drives ?

 

Hi Ashanta,

I also think that Outpost Pro might be responsible for your problems. Unfortunately I'm not even an amateur for firewalls rules. To make sure whether it is indeed Outpost, uninstall it (Windows firewall with Vista is excellent) and see if the problem disappears.

If that is the case, by reinstalling Outpost, it will probably create a rule for anything that is preinstalled on your computer.

I can read French, but I'm afraid it won't help my ignorance in firewall rules: one of the things that seems related to SD reading your screenshot is "Accès direct au disque" and "Arrêt du processus" I would also authorize anything related to DefenderDaemon.exe.

I hope this helps, the most important thing is to find out which application (if any) is responsible for the malfunctioning of SD.