The unofficial Shadow Defender Support Thread.

Discussion in 'sandboxing & virtualization' started by Cutting_Edgetech, Feb 14, 2011.

  1. Robin A.

    Robin A. Registered Member

    Joined:
    Feb 25, 2006
    Posts:
    2,546
    Same here.
     
  2. The Shadow

    The Shadow Registered Member

    Joined:
    Jan 24, 2012
    Posts:
    814
    Location:
    USA
    Re: Shadow defender

    The way SD presently functions, that's a bad idea. One of the (few) shortcomings of SD is that it requires administrator privileges to run. Because of this, your system would be vulnerable to spyware, keyloggers, and trojans while you are in Shadow Mode (any of which could execute because you are running with admin privileges)! So while any such malware will be discarded upon rebooting, your system is not actually secure during the time that you are in Shadow Mode without antivirus, anti-executable or HIPS software.

    To close this 'security hole' a few months ago I suggested an enhancement to the developer (Tony) which is discussed here and a ways back in this huge thread. ;)

    TS
     
  3. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    5,766
    Location:
    Nicaragua
    Me too.

    Bo
     
  4. ad18

    ad18 Registered Member

    Joined:
    Jan 19, 2013
    Posts:
    70
    Location:
    United States
    I noticed that someone said that Shadow Defender does protect the MBR. Does this mean that Shadow Defender does also protect the Track0? If this gets messed up I think the whole computer will be thrown off. Thanks for your opinions.
     
  5. The Shadow

    The Shadow Registered Member

    Joined:
    Jan 24, 2012
    Posts:
    814
    Location:
    USA
    Tony has said that 'the MBR will be protected' when Shadow Mode is enabled - this supposedly happens without virtualizing Track 0 or the MBR. You may want to read Wendi's thread here.

    TS
     
    Last edited: Jul 23, 2013
  6. CyberMan969

    CyberMan969 Registered Member

    Joined:
    Apr 21, 2011
    Posts:
    589
    Re: Shadow defender

    Hi Shadow :)

    Your suggestions (as well as pegr's, Wendi's, plus others) are really good. Tony is still researching ways to incorporate proactive security by blocking admin rights and low-level driver installs, as you suggested. In addition to that, I have also requested from Tony to find a way to also block application hooks, like Sandboxie does. I hope he finds a way to add all this. Of course such settings would be optional and disabled by default; so people who want to use SD the way it is now can still continue to do so.

    Future versions should be able to fully virtualize all the sectors of track zero. Another forthcoming change will be the ability to virtualize the 100mb hidden Windows partition, Tony said this is possible. To this I have also added a request to be able to virtualize the last unallocated 10mb at the end of a disk - so there will be no leftovers after SD gets rid of sophisticated infections like Sinowal.

    The future looks bright for SD, and I hope that more people around the world will get to learn about this unique software. I firmly believe that SD should not remain strictly within the domain of a core group of 'expert' fans. Mainstream users should be educated in regard to the benefits of light virtualization - and we can all help to further this goal.
     
  7. CyberMan969

    CyberMan969 Registered Member

    Joined:
    Apr 21, 2011
    Posts:
    589
    Latest from Tony:

    1) The next version of SD will include the 100mb hidden partition virtualization. This volume will not be visible in the list of volumes, but when C: is placed in Shadow Mode the hidden partition will now be included as well.

    2) The next version will also include full MBR and track0 virtualization (including ALL sectors of track0)

    3) Virtualizing the unallocated space at the end of the disk (10mb or so) is not easy apparently. Tony is still looking into that. The fact of the matter is that once the rootkit itself is undone by SD, those leftovers don't count - and they can be wiped clean easily with TDSSkiller or similar.

    4) Tony is still researching the proactive protection features that Shadow suggested, when he makes progress he will share.

    5) I had quite a few people asking me whether they should download the x32 or the x64 version. I know that for most people in this forum such basic knowledge is a given, but for many people it is not. As a result I have asked Tony to merge the two versions into one installer. The next version will now be a single installer. The installer will determine the kernel and install the appropriate version accordingly.

    Patrick, please share these news with the users of the SD forum :)
     
    Last edited: Jul 23, 2013
  8. sdmod

    sdmod Shadow Defender Expert

    Joined:
    Oct 28, 2010
    Posts:
    1,035
    I must ask you for one last time CyberMan969, to not contact me in any way, shape or form, again. If Tony wants to communicate with me or the members of The Official Shadow Defender Forum he can do that himself.
    (As I've already said) you are banned from The Official Shadow Defender Forum permanently.

    Patrick

     
  9. CyberMan969

    CyberMan969 Registered Member

    Joined:
    Apr 21, 2011
    Posts:
    589
    We have already established that Tony is not willing to contact any forum directly, for reasons that only he knows about. This is a given. Still, the SD users need to know what's coming next, even if it is 'by proxy'.

    I will not address you again, but this situation is no good for anyone involved.
     
    Last edited: Jul 23, 2013
  10. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    8,743
    Location:
    U.S.A. (South)
    I thought SD already had some MBR protection properties back on version 3.025 i think. Maybe not? That was on XP which i been removed from since windows 8 this January.

    At any rate such a feature is welcome of course. I don't know though how that feature applies to x64 EFI/GPT disks and likely doesn't?

    And what is happened if anything on the idea of adding a driver blocking feature like the tool AVZ and some HIPS used to provide. On newer x64 systems Patchguard pretty much already eliminates any driver loading not digitally endorsed and signed by the O/S vendor.MS.

    In fact the AVZ driver cannot and does not load on my windows 8 at all. And that's their latest version. I run into this with a few commercial security vendors too. It looks like Microsoft is being very selective on it's new 8 system just who can or cannot add in their respective drivers.

    However by contrast, PC Hunter (free) not only loads it's driver but reveals a huge treasure Trove of windows 8 inner/ hidden workings and areas of operation.

    Sorry to roll off topic a bit but many of us are curious for a response to these interests.in light of Tony's absence to directly address them publicly.

    Thanks Easter
     
  11. CyberMan969

    CyberMan969 Registered Member

    Joined:
    Apr 21, 2011
    Posts:
    589
    already mentioned:

    4) Tony is still researching the proactive protection features that Shadow suggested, when he makes progress he will share.

    Regarding x64 EFI/GPT disks I am not sure, good question! I'll have to come back to you on this :)
     
    Last edited: Jul 24, 2013
  12. AMD

    AMD Registered Member

    Joined:
    Jul 9, 2012
    Posts:
    92
    Location:
    UK
    Hi, slightly changing the topic and busting in but i have just installed SD and wanted to know if there are any specific files/folders i should have in the exclusions section like Anti-virus folders etc ?

    Any help appreciated

    Andy
     
  13. merisi

    merisi Registered Member

    Joined:
    Dec 17, 2012
    Posts:
    316
    It just depends how you're going to use Shadow Defender. If you use it on demand then their's no need to mess around with folder commit or exclusions. If you're looking to boot into Shadow Mode then you might want to commit updates. I see from your sig that you have quite a lot of security on your system including Sandboxie so there's probably not a great urgency for you to be in Shadow Mode all the time unless you wish to.

    I use Shadow Defender on demand and I've not messed around with the setting apart from encrypting write cache and also writing to RAM.

    Hope this helps.
     
  14. safeguy

    safeguy Registered Member

    Joined:
    Jun 14, 2010
    Posts:
    1,794
    Re: Shadow defender

    I can't help but to post this...

    Although you do need admin rights to access the GUI and change settings, SD itself runs fine under limited/standard user accounts. All this is possible due to DefenderDaemon.exe service.

    While it's good advise/reminder about the system being vulnerable while in Shadow Mode and that the risk/damage is higher while running as admin, malware can still execute while in LUA/SUA. No need admin rights for that :p
     
  15. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    5,766
    Location:
    Nicaragua
    Hi Andy, in my opinion it is best not to use the Exclusion settings much. If I was using an antivirus or any other security program that constantly updates, I would definitively not exclude any of its folders. Updates would be done out of Shadow mode.

    As of this moment, the only exclusion that I use in SD is for my Firefox bookmarks. You can also exclude your download folder but is really not necessary as SD gives you the option to right click on a file that you downloaded and Commit to the hard drive.

    Bo
     
  16. atomomega

    atomomega Registered Member

    Joined:
    Jul 27, 2010
    Posts:
    1,292
    I totally agree. Shadow Defender IS NOT meant to be a 'try-and-decide' type of software. I does protect you from unwanted changes made by malware aka malware infection.
    But, you know, some people blindly think it can even make your breakfast... oh well... :rolleyes:
     
  17. sdmod

    sdmod Shadow Defender Expert

    Joined:
    Oct 28, 2010
    Posts:
    1,035
    I agree bo I don't think in all the time that I've been using Shadow Defender that I've used anything other than right click in Explorer to "Commit"
    I've never excluded anything. I prefer all software updates to be manual so I just leave Shadow Mode when it's time to do that.


     
  18. Robin A.

    Robin A. Registered Member

    Joined:
    Feb 25, 2006
    Posts:
    2,546
    I do the same. But there are exceptions.

    Example: yesterday, while in shadow mode, WinPatrol reported that an update had been scheduled to run after next reboot. The program in question doesn´t permit manual updates, so I could reboot and wait for an unknown amount of time until the update was scheduled again, or just commit and reboot. I did the latter.
     
  19. sdmod

    sdmod Shadow Defender Expert

    Joined:
    Oct 28, 2010
    Posts:
    1,035
    Yes Robin, whatever way suits the individual users needs (within the constraints and limitations of the software itself) is valid, as far as I'm concerned. I'm always interested to see how others are using it. We all have our own little idiosyncratic habits and preferences.

    Patrick :)

     
  20. AMD

    AMD Registered Member

    Joined:
    Jul 9, 2012
    Posts:
    92
    Location:
    UK
    Thank you for the replies to my question.

    Many Thanks

    Andy
     
  21. belramus

    belramus Registered Member

    Joined:
    Jul 26, 2013
    Posts:
    2
    Hello Guys,

    My friend and I have this problem with his SD, He installed SD ver. 1.2.0.355 and currently his Drive C: is still in shadow and can't switch it to normal mode. We ticked Drive C: then exit shadow mode then it requires a reboot, so it rebooted his PC then when everything starts up again, Drive C: is still in shadow mode.

    I don't what we did wrong or maybe just we're noobs using SD. Help would be really be appreciated. :)

    He's currently using Windows Ulti x64, and he has avast...
    We also tried disabling it then rebooting to normal mode but still same results...
     
  22. sdmod

    sdmod Shadow Defender Expert

    Joined:
    Oct 28, 2010
    Posts:
    1,035
    Make sure first that you have not got any boxes ticked to re-start in Shadow Mode


    Try putting your pc into safe mode then doing the exit from shadow Mode

    If you overcome this problem maybe best to uninstall completely then install the latest version
    download
    here

    Patrick

     
  23. The Shadow

    The Shadow Registered Member

    Joined:
    Jan 24, 2012
    Posts:
    814
    Location:
    USA
    Hi there,

    Is your friend running Windows 8 by chance? There was a reported conflict with build 355 and W8, in which case upgrading is definitely advisable.

    Other than Patrick's worthy suggestions, checkout your friend's startups and disable the Shadow Defender Daemon (as it's probably enabled).

    Furthermore, your friend may just have a corrupted install, so why not simply remove build 355 and install build 376 or later (as Patrick also suggested)! ;)

    Good luck and keep us posted.

    TS
     
    Last edited: Jul 26, 2013
  24. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    5,766
    Location:
    Nicaragua
    Perhaps this will help: Go to Mode setting in the Shadow defender interface and click on Schedule. There, pick the option to "Exit Shadow Mode on Shutdown" and reboot. Make sure all volumes are ticked before rebooting.

    Bo
     
  25. belramus

    belramus Registered Member

    Joined:
    Jul 26, 2013
    Posts:
    2
    @Patrick, The Shadow & Bo

    I tried doing a restart while in shadow mode, I got to safe mode then opened Shadow defender and now it's in Normal mode but scheduled for shadow mode, that's when I took the advice of Bo to tick it and change schedule to Normal Mode on next reboot, I rebooted it then sadly it wasn't in normal mode, Drive C: was still in shadow mode. So I thought of a different by doing the process again by going to safe while its in normal mode then install latest version, i did download it in safe mode with networking. Sadly didn't work either when it asked a restart after installation.

    Please tell if i did something wrong in the process.

    @Shadow - Its windows 7 ultimate
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.