The unofficial Shadow Defender Support Thread.

Discussion in 'sandboxing & virtualization' started by Cutting_Edgetech, Feb 14, 2011.

  1. sdmod

    sdmod Shadow Defender Expert

    Joined:
    Oct 28, 2010
    Posts:
    1,109
    I'd be much obliged if you would post that piece of information to The Official Shadow Defender Forum Wendi
    Things are looking very promising at the moment :)

    Patrick

     
  2. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    9,868
    Location:
    U.S.A. (South)
    Thanks Wendi

    MBR/ Track0 virtualization is a real exciting expectation for everyone.
     
  3. Cruise

    Cruise Registered Member

    Joined:
    Jun 10, 2010
    Posts:
    1,232
    Location:
    USA
    Although it is encouraging to hear that Wendi's suggested enhancement isn't too far off, I'm very disappointed to learn that Drop Rights & Prevent Driver Execution (The Shadow's suggestion) won't happen any time soon. Having to run SD with Admin privileges could lead to some rootkit or malware driver running within Shadow Mode, which may then be able to hide outside of Shadow Mode's container!

    Cruise
     
    Last edited: Aug 16, 2013
  4. sdmod

    sdmod Shadow Defender Expert

    Joined:
    Oct 28, 2010
    Posts:
    1,109
    I know it is can be quite frustrating waiting for these vital security issues to be fixed but Tony is on his own to do the research as well as coding and testing; fortunately we do seem to be moving forwards these days, albeit slowly. :)

     
  5. Cruise

    Cruise Registered Member

    Joined:
    Jun 10, 2010
    Posts:
    1,232
    Location:
    USA
    Understood, but for whatever reason Tony seems to attach less urgency to pretty serious matters (unlike Sandboxie's Tzuk, imho an ideal developer who also spends lots of time on his forum)!

    Cruise
     
  6. Wendi

    Wendi Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    634
    Location:
    USA
    Cruise,

    While there's no arguing your comparison, I have never come across any developer as commited to his product and dedicated to its users as Tzuk (although it looks like Isso, developer of AX64 Time Machine, may achieve that status).

    Wendi
     
  7. sdmod

    sdmod Shadow Defender Expert

    Joined:
    Oct 28, 2010
    Posts:
    1,109
    re tzuk +1 :thumb:
    Although Tony's modus operandi is hard to understand, he is the person who is in charge of the development of this software and he seems to prefer it that way. Shadow Defender is near to reaching it's optimum development and for Tony to spend this time researching and sorting out these final security problems correctly, it is probably best that he does it in his own way.
    At this time I am simply happy that things are moving forward. :)


     
    Last edited: Aug 17, 2013
  8. Overkill

    Overkill Registered Member

    Joined:
    Mar 16, 2012
    Posts:
    2,343
    Location:
    USA
    I have been doing some malware testing lately and I always put both drives in shadow mode before I start, now after I was finished and rebooted I always scan with hitmanpro and mbam and they showed 1 exe (random file name) as most malware is usually named it was in system volume information restore so my question is, did it slip through the cracks? cause it shouldn't show if SD was doing it's job right or wrong?
     
  9. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    6,062
    Location:
    Nicaragua
    The detection is probably in an old SR point that had nothing to do with what you did an hour or two before you ran the scans.

    Bo
     
  10. Overkill

    Overkill Registered Member

    Joined:
    Mar 16, 2012
    Posts:
    2,343
    Location:
    USA
    No I have had no infections on that pc, it couldn't be that
     
  11. The Shadow

    The Shadow Registered Member

    Joined:
    Jan 24, 2012
    Posts:
    814
    Location:
    USA
    Insufficient info. Which specific malware were you testing? How did you conduct the tests? When enabling Shadow Mode do you list any exclusions? Did you commit any files? Where is that exe (malware) file located?

    TS
     
  12. Osaban

    Osaban Registered Member

    Joined:
    Apr 11, 2005
    Posts:
    5,438
    Location:
    Milan and Seoul
    It doesn't install on my machine Win8 (64 bit). The installer proceeds normally for the first two steps, and then nothing, nada happens. After rebooting the system there is no sign of the program.

    Not a big problem per se as I don't really need this version, but I thought you might like to report it to Tony. I used system restore to go back to the original configuration (System Restore in Win8 worked perfectly).
     
  13. Overkill

    Overkill Registered Member

    Joined:
    Mar 16, 2012
    Posts:
    2,343
    Location:
    USA
    I downloaded a malware pack and was just clicking random exe's, ransomware and trojans mainly.
    No I never commit any files, hitmanpro found it in c system volume/restore
     
  14. The Shadow

    The Shadow Registered Member

    Joined:
    Jan 24, 2012
    Posts:
    814
    Location:
    USA
    Overkill,

    I'm betting the file was there beforehand ...perhaps it took the latest HMP & MBAM signature updates to detect it. I very much doubt that it somehow 'penetrated' Shadow Mode. Why not send an email to Tony at support@shadowdefender.com (describing the incident in complete detail).

    TS
     
    Last edited: Aug 16, 2013
  15. Overkill

    Overkill Registered Member

    Joined:
    Mar 16, 2012
    Posts:
    2,343
    Location:
    USA
    Nope, I scan all the time and I never have infections...if it happens again i'll make screenshots and keep a backup of the malware I used.
     
  16. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    6,062
    Location:
    Nicaragua
    If you create a restore point while in Shadow mode, it will disappear after you reboot. Or if you disable System restore while in SD, when you reboot, System restore will be back on. I have noticed in my XP (not on W7) that if I commit any file while in Shadow mode, System restore gets corrupted and it turns itself off. But after rebooting, SR is back to normal, like nothing happened. Thats why I believe what you saw has nothing to do with SD.

    Dont worry about it, delete your restore points and create a new one after rebooting. It could even be a false positive.:)

    Bo
     
  17. Overkill

    Overkill Registered Member

    Joined:
    Mar 16, 2012
    Posts:
    2,343
    Location:
    USA
    o_O I never use system restore
     
  18. Osaban

    Osaban Registered Member

    Joined:
    Apr 11, 2005
    Posts:
    5,438
    Location:
    Milan and Seoul
    As a precaution after restoring my system for the failed SD 1.3.0.455 installation, I re-installed V 1.2.0.376 and surprisingly the installer could only be allowed to proceed in "Compatibility mode" which was not required in the past. Therefore I'm pretty sure that the new version might install properly after all, provided "compatibility mode" is active. Some Win 8 update might be responsible for this new behaviour.
     
  19. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    9,868
    Location:
    U.S.A. (South)
    CONFIRMED!

    On my windows 8 x64 SD 455 update refuses to overwrite.

    It exhibits the exact same results as reported above.

    Regards Easter
     
  20. chris1341

    chris1341 Guest

    Been happening to me for the last 2 upgrades. I posted in the SD forum but no-one was experiencing it at that time. I heard someone else suggest it had to do with DEP settings on Windows 8 but have not checked that out.

    Cheers
     
  21. coffeetime

    coffeetime Registered Member

    Joined:
    Aug 26, 2012
    Posts:
    55
    Not using SD but found this during LV compatibility testing for AX64. This basic vulnerability exploitation needs physical access.

    1. In SD settings, enable Shadow Mode on startup.
    2. Reboot.
    3. Get in Safe Mode. Tadaa! :D :shifty:

    Free to do as you like, add/delete/edit files, install anything, even uninstall Shadow Defender without error. Changes will be permanent and shown in Shadow Mode or not, or without your knowledge.
     
  22. kupo

    kupo Registered Member

    Joined:
    Jan 25, 2011
    Posts:
    1,121
    I see nothing wrong here. Safe Mode basically disable loading of drivers that are not necessary to run Windows.
     
  23. coffeetime

    coffeetime Registered Member

    Joined:
    Aug 26, 2012
    Posts:
    55
    Ok ic other LV like Deep Freeze configured in the same way, Safe Mode's protected if in Frozen state
     
  24. sdmod

    sdmod Shadow Defender Expert

    Joined:
    Oct 28, 2010
    Posts:
    1,109
    I'd am interested to know what members think of Shadowed safe mode?
    as discussed here ?
    I like the idea of an access to safe mode if anything goes wrong. Maybe I'm not quite "getting" it, and without knowing much about it, I'd be afraid of getting stuck in some sort of loop or lockout.

    Patrick
     
  25. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    9,868
    Location:
    U.S.A. (South)
    With 4.55 version am i to understand from the official shadow defender forums courtesy Patrick, that SD protection is been updated as per the first post "low level drive access"?

    It was my understanding via Wendi that MBR/Track0 coverage was in process but not quite yet implimented.

    And since some of us are using windows 8 GPT.disk as opposed to the commonly standard MBR boot disc, would that feature even work for those secure boot discs at all?

    Trying to bring to the surface the impact if any that great new feature might offer if at all for these discs.

    Thanks. EASTER
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.