The unofficial Shadow Defender Support Thread.

I'd be much obliged if you would post that piece of information to The Official Shadow Defender Forum Wendi
Things are looking very promising at the moment

Patrick

 

Thanks Wendi

MBR/ Track0 virtualization is a real exciting expectation for everyone.

 

Although it is encouraging to hear that Wendi's suggested enhancement isn't too far off, I'm very disappointed to learn that Drop Rights & Prevent Driver Execution (The Shadow's suggestion) won't happen any time soon. Having to run SD with Admin privileges could lead to some rootkit or malware driver running within Shadow Mode, which may then be able to hide outside of Shadow Mode's container!

Cruise

 

I know it is can be quite frustrating waiting for these vital security issues to be fixed but Tony is on his own to do the research as well as coding and testing; fortunately we do seem to be moving forwards these days, albeit slowly.

 

Understood, but for whatever reason Tony seems to attach less urgency to pretty serious matters (unlike Sandboxie's Tzuk, imho an ideal developer who also spends lots of time on his forum)!

Cruise

 

Cruise,

While there's no arguing your comparison, I have never come across any developer as commited to his product and dedicated to its users as Tzuk (although it looks like Isso, developer of AX64 Time Machine, may achieve that status).

Wendi

 

re tzuk +1
Although Tony's modus operandi is hard to understand, he is the person who is in charge of the development of this software and he seems to prefer it that way. Shadow Defender is near to reaching it's optimum development and for Tony to spend this time researching and sorting out these final security problems correctly, it is probably best that he does it in his own way.
At this time I am simply happy that things are moving forward.

 

I have been doing some malware testing lately and I always put both drives in shadow mode before I start, now after I was finished and rebooted I always scan with hitmanpro and mbam and they showed 1 exe (random file name) as most malware is usually named it was in system volume information restore so my question is, did it slip through the cracks? cause it shouldn't show if SD was doing it's job right or wrong?

 

The detection is probably in an old SR point that had nothing to do with what you did an hour or two before you ran the scans.

Bo

 

No I have had no infections on that pc, it couldn't be that

 

Insufficient info. Which specific malware were you testing? How did you conduct the tests? When enabling Shadow Mode do you list any exclusions? Did you commit any files? Where is that exe (malware) file located?

TS

 

It doesn't install on my machine Win8 (64 bit). The installer proceeds normally for the first two steps, and then nothing, nada happens. After rebooting the system there is no sign of the program.

Not a big problem per se as I don't really need this version, but I thought you might like to report it to Tony. I used system restore to go back to the original configuration (System Restore in Win8 worked perfectly).

 

I downloaded a malware pack and was just clicking random exe's, ransomware and trojans mainly.
No I never commit any files, hitmanpro found it in c system volume/restore

 

Overkill,

I'm betting the file was there beforehand ...perhaps it took the latest HMP & MBAM signature updates to detect it. I very much doubt that it somehow 'penetrated' Shadow Mode. Why not send an email to Tony at support@shadowdefender.com (describing the incident in complete detail).

TS

 

Nope, I scan all the time and I never have infections...if it happens again i'll make screenshots and keep a backup of the malware I used.

 

If you create a restore point while in Shadow mode, it will disappear after you reboot. Or if you disable System restore while in SD, when you reboot, System restore will be back on. I have noticed in my XP (not on W7) that if I commit any file while in Shadow mode, System restore gets corrupted and it turns itself off. But after rebooting, SR is back to normal, like nothing happened. Thats why I believe what you saw has nothing to do with SD.

Dont worry about it, delete your restore points and create a new one after rebooting. It could even be a false positive.

Bo

 

I never use system restore

 

As a precaution after restoring my system for the failed SD 1.3.0.455 installation, I re-installed V 1.2.0.376 and surprisingly the installer could only be allowed to proceed in "Compatibility mode" which was not required in the past. Therefore I'm pretty sure that the new version might install properly after all, provided "compatibility mode" is active. Some Win 8 update might be responsible for this new behaviour.

 

CONFIRMED!

On my windows 8 x64 SD 455 update refuses to overwrite.

It exhibits the exact same results as reported above.

Regards Easter

 

Been happening to me for the last 2 upgrades. I posted in the SD forum but no-one was experiencing it at that time. I heard someone else suggest it had to do with DEP settings on Windows 8 but have not checked that out.

Cheers

 

Not using SD but found this during LV compatibility testing for AX64. This basic vulnerability exploitation needs physical access.

1. In SD settings, enable Shadow Mode on startup.
2. Reboot.
3. Get in Safe Mode. Tadaa!

Free to do as you like, add/delete/edit files, install anything, even uninstall Shadow Defender without error. Changes will be permanent and shown in Shadow Mode or not, or without your knowledge.

 

I see nothing wrong here. Safe Mode basically disable loading of drivers that are not necessary to run Windows.

 

Ok ic other LV like Deep Freeze configured in the same way, Safe Mode's protected if in Frozen state

 

I'd am interested to know what members think of Shadowed safe mode?
as discussed here ?
I like the idea of an access to safe mode if anything goes wrong. Maybe I'm not quite "getting" it, and without knowing much about it, I'd be afraid of getting stuck in some sort of loop or lockout.

Patrick

 

With 4.55 version am i to understand from the official shadow defender forums courtesy Patrick, that SD protection is been updated as per the first post "low level drive access"?

It was my understanding via Wendi that MBR/Track0 coverage was in process but not quite yet implimented.

And since some of us are using windows 8 GPT.disk as opposed to the commonly standard MBR boot disc, would that feature even work for those secure boot discs at all?

Trying to bring to the surface the impact if any that great new feature might offer if at all for these discs.

Thanks. EASTER