The unofficial Shadow Defender Support Thread.

Robin, I don't profess to be very knowledgeable in this matter, but I believe that track 0 would consist of the first 63 sectors regardless of sector size. If that's correct, virtualizing track 0 (first 63 sectors) should also work with '4k' drives.

TS

 

I hope no one will mind a simple question or two. (I did try to search the thread first but without finding a direct answer.)

I'm using version ".325" with XP and up until now have only been using it from time to time to test software or when I get a wild hair.

I've decided to experiment with using it for several days at a time before rebooting and updating (Firefox, Thunderbird and the apps in my signature).

I realize that defragging in "shadow mode" is either not recommended or an unsafe practice and will not do so.

So, does the same apply to running CCleaner to either "empty" the recycle bin or following a browsing session? Is there a danger in doing so or is it just pointless?

Also, can one make a system image on Drive Snapshot or Macrium Reflect while in Shadow Mode? (My thought was no but wanted to hear from folks who know better than I do.)

Thanks in advance for assisting with these basic questions.

 

Hi Blues, I think that the only point in using crap cleaner in Shadow Mode would be as a test to see what immediate effects of running Ccleaner might have had on your system during that session. Otherwise I would run Ccleaner outside Shadow mode because on reboot all changes made in shadow mode would be reverted.

The reason it is not advisable to run defrag in Shadow Mode is that it is time consuming and pointless because on reboot it would be reverted to previous state. I defrag frequently outside Shadow Mode though, as normal.

I don't have a definitive answer to your system image drive snapshot question but I don't think that it would be a good idea for the reasons given above.
Maybe other members have tried and can give you a good answer to the last question.

Patrick

 

I am not so sure that a defrag would be "reverted" after a reboot. I think deeper problems may arise.

I think an image should never be created in shadow mode, but I don´t have specific reasons to support this view in the case of SD.

From my previous use of Returnil, I recall that these operations were automatically disabled if attempted in virtual mode.

 

Thanks, Patrick and Robin. I'll be interested in hearing other thoughts as well.

So, putting defrag and creating images to the side...are there any negatives that running CCleaner can bring on if employed while within Shadow Mode?

Again, my thanks for both the info and the patience.

 

Hi guys,

I was using SD in my x32 system with Avast IS + KyescramblerPro as realtime (XP SP3) and there was no issue at all. I kinda liked it so having a spare license I went on to install in my spare partition x64 system (different pc) with NOD32 AV ver6 + OA Premium ver6. The install went good but SD would not start. I have this error, (please see details of the error taken from NirSoft AppCrash).

I was thinking on using this partition with MBAMPro + OA Premium(or Comodo firewall) and SD only. But since I have this issue I have uninstalled SD for now. I used the x64 installer "SD1.3.0.455_Setup(x64) 1609kb" I downloaded from the SD site. I plan to use this partition for light games as when the kids are around and want to use the pc they will nbot ruin the work partitions I have. This is on a triple boot with:

Partition 1
OS - Win7 Ultimate SP1 x64
Emsisoft IS
MBAM Pro + HMP + SBIE(free) on demand
Acronis True Image 2011 w/Plus Pack

Partition 2
OS - Win7 Ultimate SP1 x64
NOD32 + Online Armor Premium as realtime
MBAM Pro + HMP + SBIE(free) on demand
Macrium Reflect free

Partition 3 ***** with SD issue*****
OS - Win7 Ultimate SP1 x64
NOD32 + Online Armor Premium as realtime
MBAM Pro + HMP + SBIE(free) on demand
Macrium Reflect free (will replace with Parago HDM 12 when I am done testing)
Paragon Hard Disk Manager Suite 12

I did an sfc.exe check but there was no error. Can you assist me guys please? Is there anything that I can check further? Image of error is below.

http://imgur.com/nhpx7un

 

Jason you could try version 1.3.0.457 from here

Patrick

 

Hi innerpeace,
It happened again, and this time there is no 'if' or 'maybe'. Last night I shut down the computer normally meaning not using SD's GUI, this morning my computer started in shadow mode, and after 2 more shut downs it remained in shadow mode. It exits shadow mode if I 'restart' instead of 'shut down'.

I don't know what to make of it, I suppose that when it happens there are no dire consequences except having to reboot to exit shadow mode. I'll probably test the latest SD as my version is 1.2.0.376

 

Possible cause already explained in post #2895 above.

 

I must have skipped that post thanks, it makes a lot of sense...

 

I'm using version 1.3.0.455 with Fast Startup disabled (as suggested by iibao and kupo) and SD seems to be behaving. I haven't tried shutting down or rebooting with Windows though. I always use Shadow Defenders GUI to exit shadow mode.

 

Isn't this version recommended? I mean the newest upgrades are supposed to perform better then the previous? Or am I missing something here with these versions.

In addition I completely understand SD has user's from XP all the way to x64 Windows 8 Platform to spread across in distribution.

Regards Easter

 

Yes Easter, the latest is the one to try

Minimum System Requirements

Operating System

Windows 2000 professional
Windows XP Home
Windows XP Professional
Windows Vista (32-bit)
Windows 7 (32-bit and 64-bit)
Windows 8 (32-bit and 64-bit)

CPU

Pentium 133 MHz or faster

RAM

128 MB or above

SPACE

Hard drive space requirements are 3 MB for program files
and 10M or more free space for each partiton in Shadow Mode

 

I kinda thought so but for me it always makes things better to hear it/read it directly from you Patrick. Reaffirms my sense of security on these matters.

Thanks Easter

 

Thanks will be downloading it and will report here.

 

1.3.0.457 Does not, repeat, does not install on my Windows 8 x64.

I thought a full SD uninstall was unnecessary to update it, maybe it is required?

 

I would just like to ask if any other members are experiencing this Shadow Defender 1.3.0.457 installation problem for Windows 8 64?
I will email Tony if this is the case.

Easter.
Could you let me know if you have success with a clean installation of 1.3.0.457

Patrick

 

I installed 457 on Windows 8 (Dell laptop, UEFI mode), no problem and works well. It was the first installation of SD on this computer.

 

Someone mentioned before that there are at least 11 forms of malware that bypass SD. Am I correct in assuming that these malware are able to bypass SD because the entire disk is not virtualized? And, is there still a plan to virtualize the whole disk? That's what I would like to see.

 

I think is not realistic to expect that SD will provide 100% protection against malware any time soon, no matter what part of the disk is virtualized.

Virtualization of track 0 and some of the special partitions in GPT disks have already been announced for a forthcoming version, and this is an improvement of an already very good program.

 

First of all, those were 'off the wall' statements - without a shread of evidence!!! Secondly, even if there is malware capable of penetrating SD virtualizing the entire disk is not a solution - virtualizing space that is unused by Windows is of little security value because even if those sectors became infected the malware would be in a 'dormant state' until it invaded the sectors used by Windows (most of which can now be virtualized). What is very important to further harden SD is full virtualization of Track 0 (as suggested by Wendi) and my suggested SD option to Drop Rights and Prevent Driver Execution!]!

TS

 

Hi TS, Tony has said that Track 0 virtualization will be included in next version.

 

Hey Patrick,

That is very good news (I sure hope the my suggested enhancements are also in his queue)! Although it's a terrific program I would be the first to admit that atm SD is not perfect, but it really riles me up when someone says they've performed tests where malware has gotten through SD's virtualization without backing-up their statements with even a shread of evidence!

TS

 

Although caspian is not the source of that 'hearsay information', as a journalist I consider it irresponsible for anyone to spread that kind of BS. Doing so, the hearsay is assumed as factual (without any substantiation whatsoever)!

Cruise

 

Hey Cruise, I am sure most SD users know that his statements were totally baseless.

Bo