The unofficial Shadow Defender Support Thread.

Mentioning that its working great on Windows XP sp3, tempts me to use it.. Had let go SD coz of the system freezes that I experienced.. Is there any now?

 

Shadow Defender 1.4.0.519 seems to be running well on my system and I've not heard of any system freezes from members. This seems like a good version and I've been using it myself since it's release on my x86 32 bit xp sp3 ntfs and it's running well.

Patrick

 

I, too, had some problems with previous versions on my XP SP3 system, but so far, 1.4.0.519 is working fine.

 

any known conflict between SD and drive snapshot ? should i be out of "shadow mode" when i backup my c:\ drive?

10x!

 

I'm currently not using RollbackRX or EazFix but I don't remeber any conflicts between them and SD...it's the same in combo SD and Keriver 1-Click.
If you save backup files on drive C: is not wise to be in "shadow mode"...you will have not any saved files after restarting system If you save backup files on other disk - it depends of your needs but I don't see any reason to have copy of virtualised system. For me is reasonable to be on real system when we make backup of system.

 

I think you got mix up mate , drive snapshot isnt RollbackRX or its kind software .... its just full image one with diff option only
you can refresh your memory here -> http://www.drivesnapshot.de/en/


10x!

 

I haven't found any conflict between SD and DS - but if you backup a shadowed volume, what you see is what you get.

 

Ok , another question , did u see any system performance decrease using SD ?

 

Not to where it was obvious, but I guess that depends on your PC's resources. Although I have created DS 'snapshots' a few times while in Shadow Mode, that's not my normal way of operating. Since I always use SD on demand and I usually know when I should backup, I typically run DS before enabling Shadow Mode.

Note: Be aware that if you run DS while in Shadow Mode you will also capture SD's write cache (if on disk) and all other disk usage by SD. That may make your image-file appreciably larger than what it would have been if taken out of Shadow Mode!

Cruise

 

That's good to hear because I also had the problem that sometimes SD caused a freezing of my system (both with Windows XP and later with Windows 7). (Although with version 1.3.0.457 it happened by far more seldom than with previous versions.) So I am looking forward to install and test 1.4.0.519.

 

I installed the new version of SD and a while later I got this pop-up.

http://i.imgur.com/tBjQYsZ.jpg

Also, when I enabled it just now I noticed a quick pop-up. It went by fast and disappeared. I think it said something like "System Z". Does that make any sense?

 

Caspian,

I don't believe that pop-up has anything to do with SD (rather, it seems to imply that your copy of Windows may not be legit)! Did you get that popup before or after placing your system volume into shadow mode? Has it happened more than once?

TS

 

It happened several minutes after I enabled the new SD for the first time. And so far it hasn't happened again since. This is an HP laptop and Windows 7 is pre-installed. Seems kind of weird, huh?

 

It probably was a fluke. Fwiw, I have an HP Pavilion laptop with W7-SP1 (x64) and it has been running perfectly (with SD of course).

 

Or just malware. More probable than a "fluke".

 

I ran a scan with Malwarebytes and Hitman Pro and I have Eset installed. Also, I always enable SD when I start my computer except for doing updates or installing or uninstalling software.

But recently I have been trying some different antiviruses. I was using AVG but I got tired of all of the po-ups trying to get me to buy something. So I tried Avaira and another one. But now I'm trying Eset. And I also added a trial of antilogger from Zemana. And I did have an ISO image of Windows 7 that I copied into a truecrypt folder when I created a portable VirtualBox in Truecrypt (works like a charm!). I just now deleted it and ran a couple of cleaners. So maybe it was that. I initially thought that it might be the new SD because I had just installed it.

I also wanted to ask about making snapshots to save me from having to reinstall if something bad happens. What is the best way to create a snapshot? Does using a snapshot and taking the computer back to that moment completely get rid of *everything* and replace it with an exact copy of what was there during the snapshot? If my computer is infected with something, can it possibly remain if I take everything back to an earlier setting with a snapshot? Or is this process 100%?

 

First, let's get something straight - SD is not a 'snapshot' program (if that's what you are getting at). Upon restarting your PC, SD reverts your 'shadowed volumes' (less any committed/excluded items) to the state they were in before entering shadow mode (no snapshot is retained).

It's very unlikely that any malware which found its way onto your drive (with your system volume in shadow mode) would survive after a restart. However, even though the latest build goes a long way in further 'hardening SD's armor' I don't believe the process is 100% failsafe, and that's why I asked Tony to consider implementing a Drop Rights & Prevent Driver Execution option (like that provided by SBIE).

Even then, in the end the last line of defense are image-backups!

TS

 

Yes of course, I understand that SD does not create snapshots. And I understand that it reverts everything back to where it was before enabled. And I am not so much worried about malware but maybe having a problem caused by software. Maybe some kind of flaw or incompatibility. That would be my interest in learning how to create a snapshot.

 

If that flaw, incompatibility, or whatever, occured while you were in shadow mode then a simple system restart remedies the problem. But if the disk volume in question was not shadowed, then backups are your best solution, preferably image-backups (the most reliable 'snapshots' you can create)!

 

Hi TS,

Why do you think that's necessary for Shadow Defender (I've been under the impression that diligent use of Shadow Mode protects against all malware intrusions)?

JA

 

Hi Jo Ann,

Simply put, in order to start SD you must have administrator access and running as an administrator provides the bad guys with 'keys to the kingdom'.

If you were to sustain a malware infection with your system volume in shadow mode and if that malware runs in Windows' user mode then I'm quite certain your impression would prove correct. However, if the malware is able to inject a kernel mode driver, I don't believe that shadow mode could contain it.

Windows XP and prior versions are especially vulnerable in this regard because MS is no longer patching security 'holes' that are found in the kernel. Also, starting with Windows Vista, MS introduced User Account Control which would alert users in the latter situation (above) - unless the user or the bad guys have disabled UAC!

I don't want this to imply anything other than my suggesting that although SD is already very good at what it does (especially with its latest build), I believe it's security-protection can be improved even further.

Hth,
TS

 

Shadow, thanks for that insightful reply. So would I be correct in concluding that I should complement Shadow Defender with another anti-malware program?

 

If this is true, it seems like a simple solution might be the addition of either AppGuard or NVT DRP. And, both are pretty low on resource usage.

 

Absolutely; as can be seen in my sig, I run NIS all of the time. Think of it this way, even if shadow mode is capable of containing any kernel driver (i.e., it would no longer exist after a restart), there is nothing in SD to protect your identity and privacy while operating in shadow mode!

TS

 

Right you are Tom - I know of a few SD users who also use AG.

TS