The unofficial Shadow Defender Support Thread.

Discussion in 'sandboxing & virtualization' started by Cutting_Edgetech, Feb 14, 2011.

  1. huntnyc

    huntnyc Registered Member

    Joined:
    Nov 10, 2004
    Posts:
    1,014
    Location:
    Brooklyn, USA
    I briefly tried the newest version but have the same trouble that i have had with all versions after 519 which I still use. Even after I have upgraded my laptop to a new machine, the same trouble exists running Windows 7 Pro 64 bit using EasyBCD to edit BCD. If I try to edit BCD when C is in Shadow Mode, all goes well and there is no change to BCD. Then, exit Shadow mode, try to edit BCD by deleting a boot item. Reboot and then the item still shows in BCD bootup screen, click on the item and it says that it cannot be found or some sort of message like that. This happenes when no shadow mode is involved. Reported this to Tony a long time ago but no solution. Maybe it is user error, but with 519, I have no such problems with this type of actions related to BCD editing. Anyway, I will stay with 519. Not trashing the program because it is one of my favorites. Just reporting what I am seeing here and any help is always appreciated.
     
  2. Robin A.

    Robin A. Registered Member

    Joined:
    Feb 25, 2006
    Posts:
    2,547
    What is the point of using EasyBCD in Shadow Mode? To test any change made with it, you need to reboot.
     
  3. huntnyc

    huntnyc Registered Member

    Joined:
    Nov 10, 2004
    Posts:
    1,014
    Location:
    Brooklyn, USA
    My point is, it is not about EasyBCD, that is my program of choice to use to edit my BCD in Windows 7. The point is, the behavior of 519 and any later versions are not the same even across two different hardware systems.

    519 behavior when C is in shadow mode, any edits to BCD are not retained on restart as is expected. When you take C out of shadow mode, all edits to BCD are retained on restart as expected.

    591 behavior and any version after 519. When place C in shadow mode, all edits to BCD are not reatined as expected. When you take C out of shadow mode, edits to BCD do not function correctly, entry that is deleted is still shown but when clicked cannot lauch the program it is associated with.

    I find this strange behavior for a program that is supposed to guarantees the system will not change in shadow mode and should revert things back to normal when out of shadow mode. It does in 519 but not in later versions. Now that I have seen this on two different mahcines, I believe somehting has changed in later versions that cause this. Again, have communicated with Tony extensively but did not find anything to solve this that I could do on my end. Thanks again for all input. Still happy for now with 519 although if ever going to Windows 10, this could be challenging.
     
  4. sdmod

    sdmod Shadow Defender Expert

    Joined:
    Oct 28, 2010
    Posts:
    1,097
    I've emailed Tony about your post 12 Oct 2015. I will let you know if I hear anything.
    Patrick (Admin) The Official Shadow Defender Forum


     
  5. huntnyc

    huntnyc Registered Member

    Joined:
    Nov 10, 2004
    Posts:
    1,014
    Location:
    Brooklyn, USA
    Thank you Patrick. Again, I lvoe this program but every time I have tried to upgrade, I just see the idifference in behavior between 519 and later versions. Hope tony can find why the difference is there and what is the meaning of it.
     
  6. n8chavez

    n8chavez Registered Member

    Joined:
    Jul 19, 2003
    Posts:
    3,000
    Location:
    Location Unknown
    I'm using Shadow Defender Version: 1.4.0.591. I'm using Windows 10 64-bit. I have been experiencing a weird issue; even though shadow defender is set up to automatically start with Windows the actual executable processes do not watch when they are supposed to. It just seemed that shadow mode works correctly, because I tested it out making changes to the shadowed drive that were no longer present upon restart. However, the application icon was missing from the taskbar, and no executable processes were found in memory.

    Does anyone else have this issue?
     
  7. hjlbx

    hjlbx Guest

    @sdmod

    In version 591 on 64 bit, I am seeing random system changes that are being retained on system after exit Shadow Mode reboot.

    For example, when testing malwares - such changes as hijack of browser home page. That's a registry entry... so some changes to system while is Shadow Mode are not reverting to pre-Shadow Mode state.

    Been using SD for a while... have seen this sort of thing before, but it is more prevalent in latest two versions...
     
  8. Wallofasgard

    Wallofasgard Registered Member

    Joined:
    Oct 9, 2015
    Posts:
    11
    @hjlbx

    You mean, right after you test some hijacker (while in shadowed mode) you directly Exit Shadow Mode without restarting your PC first?

    But if you are to restart your PC after testing those hijackers (without exiting shadow mode) NO changes are retained after successful restart,right?
     
  9. hjlbx

    hjlbx Guest

    Changes made in Shadow Mode are retained on system after system reboot... only minor stuff, like home URL changes etc. Not really a bypass - but could be potentially serious. I have not looked into further changes - for example, by using a snapshot soft to see what has changed.

    This sort of thing has happened to varying degrees throughout the history of Shadow Defender.

    @sdmod - please let Tony know...

    Best Regards,

    HJLBX
     
  10. TerryWood

    TerryWood Registered Member

    Joined:
    Jan 14, 2006
    Posts:
    962
    Hi @ Shadow Defender Thread

    Strange thing happened today. Installed CD Burner XP Portable in Shadow Mode, then committed it. On reboot it hung at a black screen. Shut it it down and rebooted. It appeared OK. This morning on first boot up PC goes into a shortened version of ChkDsk say that one of my disks needed checking. It did a 3 point check and corrected a number of issues. Now appears to be working OK. I have had this issue (as described above) several times before after "Committing" in Shadow Defender.

    Anyone experienced this? Any suggestions to rectify?

    Win 7 64Bit fully updated + v 519 of Shadow Defender

    Thanks

    Terry
     
  11. Robin A.

    Robin A. Registered Member

    Joined:
    Feb 25, 2006
    Posts:
    2,547
    I have found problems when using the "Commit all changes" function in Windows 7 X64. For example, the system hangs and it´s necessary to shut it down. But in all cases the changes have been correctly applied and a chkdsk has never been necessary. I tend to avoid the use of this function now.
     
  12. TerryWood

    TerryWood Registered Member

    Joined:
    Jan 14, 2006
    Posts:
    962
    Hi Robin A

    Thanks for that it takes the pressure off me.

    Terry
     
  13. sdmod

    sdmod Shadow Defender Expert

    Joined:
    Oct 28, 2010
    Posts:
    1,097
    I've emailed Tony asking that he look at this page and I will post if I hear anything.

    Patrick




     
  14. TerryWood

    TerryWood Registered Member

    Joined:
    Jan 14, 2006
    Posts:
    962
    Hi Patrick

    Thanks for that.

    Terry
     
  15. sdmod

    sdmod Shadow Defender Expert

    Joined:
    Oct 28, 2010
    Posts:
    1,097
  16. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    4,056
    Location:
    Mexico
    Thank you, awesome response from both of you. You are ones of the best.
     
  17. t3ster

    t3ster Registered Member

    Joined:
    Nov 7, 2012
    Posts:
    37
    When using rollback RX and SD
    When SD is installed after a snapshot is taken, Is it safe to rollback to an earlier snapshot which also removes SD.
    I read somehwere (can not find the topic anymore), that you first have to uninstall SD and after uninstalling SD you can safely rollback.
    OS: Windows 7 64bit ENG.
    SD: 1.4.0 591
    Rollback: 10.2 build 2699483149
     
  18. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    4,056
    Location:
    Mexico
    I'm having an issue with NVT Exe Radar Pro and Shadow Defender under Windows 7 SP1 Pro x86. This is an intermittent/random issue although it happens quite often.

    First off I want to note that NVT ERP works fine in Normal Mode (starting and/or restarting in Normal Mode n times). The problem arise when running the machine in Shadow Mode and reboot in Shadow Mode in such a way that WhiteList and CommandLineWhiteListProtectedProcesses .DB files are cleared or emptied, i.e. all data is deleted.
    The DB files themselves are not deleted from C:\ProgramData\NoVirusThanks\EXE Radar Pro\Data directory but just the whitelists within them.

    C:\ProgramData\NoVirusThanks\EXE Radar Pro\ and [HKEY_CURRENT_USER\Software\NoVirusThanks\EXERadarPro] key are already in their respective Exclusion List.

    Tested on SD versions 1.4.0.578, 1.4.0.588, 1.4.0.591

    DL NVT ERP:
    http://downloads.novirusthanks.org/files/EXERadar_Pro_x86_x64_v3.1_15052015_BUILD1.exe
     
    Last edited: Nov 4, 2015
  19. Overkill

    Overkill Registered Member

    Joined:
    Mar 16, 2012
    Posts:
    2,343
    Location:
    USA
    Sometimes my chrome bookmarks disappear when in shadow mode or after rebooting out of shadow mode
     
  20. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,654
    Location:
    USA
    It will be best to report this directly to Tony the developer. support@shadowdefender.com
     
  21. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,654
    Location:
    USA
    It will be best to report this directly to Tony the developer if you have not already done so. support@shadowdefender.com
     
  22. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,104
    Location:
    .
    I stopped using SD because I never knew what part(s) of Firefox would be corrupted.
    I exchanged a few emails with the developer.
    I know SD users swear no issues.
    Hoping you sort Chrome bookmarks.
     
  23. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,654
    Location:
    USA
    I experienced a problem with firefox last year trying to restore my bookmarks with places.sqlite. It had nothing to do with Shadow Defender though. I was not running in Shadow Mode at the time. I had been saving a copy of places.sqlite for years to backup my bookmarks. I tried using the places.sqlite file I had saved for backup to restore my bookmarks, and it failed to restore them. I think firefox may have made some changes to the browser that caused this. Well getting to the point ...a long time ago I excluded places.sqlite in Shadow Defender so I could save my bookmarks. I had my bookmarks get corrupted a few times, and i'm pretty sure it was due to firefox instead of Shadow Defender. I think firefox must occasionally update more files than places.sqlite that it relies on to maintain it's profile, settings, and bookmarks. I haven't excluded places.sqlite in years, and I have never experienced this issue since.

    I had the same thing happen to NOD 32 once before. It became corrupted, and would not update. I had excluded the only files I thought needed excluded for NOD 32 virus signature updates, and NOD 32 said it could not update shortly after that. I don't remember the exact message given to me by NOD 32. Apparently NOD 32 needed to update other files than the virus signatures, and the other files I had excluded. NOD 32 became corrupted so I had to uninstall NOD 32, and install it again. I think many times it's the application at fault, or the user does not exclude all the needed exclusions for an application to update.

    Please report all these problems to Tony though. It helps insure the quality of Shadow Defender for everyone. There could very well be a bug. I always report any problems I have to Tony just in case there is a bug. I want to help do my part to make sure Shadow Defender is the best light virtualization product available. It is in my opinion anyways. I have not experienced any issues with SD for a long time now, but I do not use any exclusions. I don't want to leave any possible holes for malware to get through since I use SD most of the time for testing malware instead of a full virtual machine. VM aware malware want remain dormant then. It's much more convenient for me as well. I don't test malware anymore on a full virtual machine unless i'm sure I need to reboot to check for persistence.
     
  24. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    4,056
    Location:
    Mexico
    @Cutting_Edgetech
    Thanks for your advice. As for the malware testing I would never use my main personal HDD no, I use to swap it with an spare one ex profeso malware testing LOL.

    I may think ERP could be the culprit in this SD/ERP mix instead of Shadow Defender. That's why I posted a link for Tony to see it, download ERP and do proper testing.
     
  25. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    6,003
    Location:
    Nicaragua
    The first time I experienced a bookmarks corruption in Firefox after getting out of Shadow mode, I couldn't figure what happened. But then, sometime later while helping bjm trying to figure out the problem (kind of similar to yours) he described, I reproduced the problem.

    This is what I found. To reproduce the Firefox profile corruption, it involved three programs (Shadow defender, Sandboxie and Firefox). If only Firefox and Shadow defender were used in shadow mode, there was no corruption to Firefox bookmarks, settings, etc. If Firefox ran under Sandboxie in Shadow mode and you allow direct access and excluded places.sqlite in Shadow defender, all works well and it does not cause corruption to the Firefox profile.

    But when I ran Firefox in a sandbox where I allow access to prefs.js and exclude prefs.js in Shadow defender, the Firefox profile got corrupted after getting out of Shadow mode. To me that made it clear that allowing THIS changes out of the sandbox and out of shadow mode at the same time, conflicts somehow. I normally don't allow this kind of changes out of shadow mode or the sandbox at the same time and its not likely many people do, so I don't think this is a big issue. But its good to be aware of what might cause it.

    You don't even have to make changes is Firefox settings or addons to get the profile corrupted. Just running the browser in a sandbox were you allow and exclude prefs.js in shadow mode messed up my Firefox profile. I do have a sandbox were I allow changes in prefs.js out of the sandbox but that's not the sandbox that I usually run Firefox in the rare occasions when I run the sandboxed Firefox in Shadow mode. So, Overkill, since you are a SBIE user, what I just described might give you an idea of why you lost your Chrome bookmarks.

    Bo
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.