The unofficial Shadow Defender Support Thread.

Discussion in 'sandboxing & virtualization' started by Cutting_Edgetech, Feb 14, 2011.

  1. Athas

    Athas Registered Member

    Joined:
    Jan 2, 2017
    Posts:
    21
    Location:
    CH
    I had a somewhat similar situation when I found out that (at least on WinXP) commiting a folder rewrites all files in it, including those that were present before entering shadow mode. I tried to commit my downloads-folder (around 40GB), after downloading one 10mb file. So, in this case the commit function is not feasible, you have to commit the new file itself (unless it's 350gb, that is :)). Well, since it was a system for testing SD anyway, i pressed "pause" and rebooted, just to see what would happen :) To my amazement, there were no corrupt files (except that the new, recently downloaded file was non-existant, as I expected).

    Also, the timestamp on the last successfully commited file showed the time of commiting, (both the "created" and "last modified" timestamps), not the original timestamp. Those do get preserved after successfully commiting files. So it seems that SD first copies the file to the "real" system, and then sets the timestamp. :)
     
  2. ichito

    ichito Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    1,773
    Location:
    Poland - Cracow
    @Athas
    Is it meant that you have folder for downloaded content on disk C (system)?...why?...why not on other disk?
     
  3. Athas

    Athas Registered Member

    Joined:
    Jan 2, 2017
    Posts:
    21
    Location:
    CH
    Well, I do have an archive of stuff i really need on another disk. Things I deem valuable from the downloads-folder go there. :) However, sometimes I'm lazy and the downloads folder gets cluttered with isos of distros i never use and such, and gets quite big. But there's certainly nothing there that would be irreplaceable.

    This behaviour download -> try -> move to archive stems from my Wondershare TimeFreeze days.

    Now i thought i could put all disks in shadow mode with SD and exclude the folders where i keep the important stuff...but the possibility of file corruption makes me feel queasy. Especially the fact that it does not seem to be easily reproducible... I'm trying hard right now to get corrupted files on the test system, and no success so far. :)
     
  4. Djigi

    Djigi Registered Member

    Joined:
    Aug 13, 2012
    Posts:
    554
    Location:
    Croatia
    How to set SD to use only the RAM?
    I don't see that options?
     
  5. marzametal

    marzametal Registered Member

    Joined:
    Mar 19, 2014
    Posts:
    766
    Mode Setting:
    Under the list of drives, you will see "RAM used as Write Cache"... enter a number which will be represented in MB.
     
  6. Djigi

    Djigi Registered Member

    Joined:
    Aug 13, 2012
    Posts:
    554
    Location:
    Croatia
    This:
    Capture.PNG

    Tnx :)
     
  7. Athas

    Athas Registered Member

    Joined:
    Jan 2, 2017
    Posts:
    21
    Location:
    CH
    The information below is still valid, but there's an easier way to test for data corruption, here

     
    Last edited: Jan 19, 2017
  8. sdmod

    sdmod Shadow Defender Expert

    Joined:
    Oct 28, 2010
    Posts:
    910
    Athas, Sorry I haven't logged in for a while and didn't see your post. I've emailed Tony and will post if/when I receive a reply.

    Patrick (sdmod)

     
  9. Athas

    Athas Registered Member

    Joined:
    Jan 2, 2017
    Posts:
    21
    Location:
    CH
    Okay, I have some updates about the data corruption issue with Shadow Defender, i now have a vague idea of what's happening.

    I seems now very likely that all of the problems discussed in this thread, missing icons, corrupt task planers, reset settings, etc. can be traced back to one single problem.

    And, it turns out there's a much easier and reliable way (it worked every single time) to reproduce data corruption, again meaning that it is likely very common, just not noticed most of the time.

    I again used a WinXP system as a client in VMWare Workstation.

    I initally thought that the corruption occured during the transfer of data from shadow mode to the real system, but that's not the case. At least it does not happen only then.

    It seems you only have to stress the driver with a lot of disk I/O operations, and corruption is guaranteed to happen.
    A simple folder copy operation is sufficient:
    It's preferrable to use a folder with a large amount of files in it. According to my tests file size is not important, so a folder with files in the range of 1 to 512KB works very well.
    I used a folder with around 1000 files, with a total size of 100MB.

    First, of course you need to create hashes of the files. Next, enter shadow mode.
    Now, you just need to start making copies of that folder in the shadowed hard disk, using windows explorer, xcopy in command line mode, or any other tool really.
    On my virtual system, when i reached around 30 copies, i would find corruption every single time. Sometimes it was only one file, but with more file copy operations, more errors would appear, sometimes real salvos of dozens of broken files.
    I have to add that my system is relatively slow, so you may need to stress shadow defender's driver with more files.

    You do not have to use any commit operation and reboot, it happens while still in shadow mode. I have also observed (thanks to the type of files i used), that the file contents are indeed scrambled, contents of one file would end somewhere inside another. It's quite similar to what i have once seen a faulty hard disk controller do.

    There's another interesting thing when copying to a folder that has been added to the exclusion list. In this case, I have observed file system corruption, meaning that Windows showed an Event ID 55: Ntfs the file system structure on the disk is corrupt and unusable in the eventlog. Sometimes this would happen during the copy operation, sometimes when verifying the excluded folder. Paradoxically, it seems that the files in the exluded folder can end being okay after rebooting, despite Windows complaining of a corrupt filesystem while still in shadow mode. But as my first experiments with a chrome profile in the excluded folder showed, you really can't trust the integrity of any data passing through the driver.

    To me, Shadow Defender has the potential to be an essential tool on any system I use, but until this is solved (I really hope there's an easy way), I recommend being extremely cautious with any files created or modified in shadow mode.

    Oh, and it would be nice if someone in this thread could actually confirm this, so we can be sure it's not something like faulty RAM on my system (i did check it, though) :)
     
  10. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,065
    Hi Athas

    I am suspecting that what you are encountering may be a local situation. I routinely will Shadow all three of my internal drives, and then open a huge VM file with 5 different partitions. I add delete and copy between with no ill effects.

    On one occasion I even shadowed my desktop to test a piece of ransomware. It encrypted everything on 3 drives. Big job it had. Exited shadowmode and all was well. I've been using SD for quite a while and never have had any corruption.

    Pete
     
  11. Athas

    Athas Registered Member

    Joined:
    Jan 2, 2017
    Posts:
    21
    Location:
    CH
    Hi @Peter2150 ,

    I can confirm that Shadow Defender protects the shadowed drives well. I didn't go as far as to run ransomware on my system :), but i did delete critical system files and such. Also, destroying the MBR via HEX-edit in a virtual system was no problem for Shadow Defender.

    However, to be absolutely sure that you're not affected by the problem i described in my post (and it does only happen to me when in shadow mode), you really need to verify the integrity of the copied files. To me, everything seemed fine as well, until i checked the hashes.

    I think it's important that a larger number of people try what I described in my post, it's the only way to be sure about the scope of this phenomenon. As indicated by some posts in this thread, I suspect there are more cases out there. Based on the nature of Shadow Defender, I even think it possible that only certain hardware is affected.
     
  12. brighton

    brighton Registered Member

    Joined:
    Jan 18, 2017
    Posts:
    7
    Location:
    Wirral Peninsula
    Hi folks, new member here. I’ve signed up so I can ask you a question about Shadow Defender.

    I downloaded and installed v1.4.0.648 a couple of days ago, played about with it and all seemed well until I went downstairs to watch something on my TV.

    My setup includes a USB hard drive connected to my Windows 10 computer upstairs which is networked through my router, via ethernet using powerplugs, downstairs to my media player (Kodi) which is installed on my Sony Bravia TV’s Android platform. In this way I can access the hdd so long as the computer is switched on.

    I’ve discovered that installing Shadow Defender renders the network path to my media player downstairs unusable. The only way I’ve found to resolve the situation is to uninstall the SD software from my computer which clearly isn’t benign even in its state of rest, as I don’t even need to run it for the network to be lost, just installing it is enough.

    I don’t understand why this should happen and can’t I find any settings within SD to prevent it from happening. Prior to making this post I’ve just completed the following exercise, 7 steps to confusion:

    1. Viewed something downstairs using Kodi + hdd.
    2. Installed SD onto computer (did not run it)
    3. Went down and tried to view something downstairs by navigating to root of hdd
    Result = ‘Invalid argument... OK’
    4. Clicked OK, result = ‘Invalid Path or argument... OK’ and (very frustratingly) behind the error text it showed me the full root file structure of the hard drive! So it can see the drive but SD is somehow causing the invalid path or argument which prevents access.
    5. Clicked OK, result = the error message disappears but then returns each time I click on anything on the drive.
    6. Turned TV off and restarted. Same problem persists.
    7. Came back up to computer, uninstalled SD, went down again and all was 100% perfect again :thumbd:

    Interestingly the television was still able to broadcast uTube and iPlayer and other internet sourced media so SD wasn’t directly blocking my router, just the hdd.

    Having now learned about SD I would like to be able to use it, but the cost of not being able to access my hard drive is too high a price and, surely, this problem can somehow be avoided?

    I was also surprised to find that, having uninstalled SD the first time, a couple of my Firefox addons required me to sign in again and a VPN shortcut in my Windows Start menu (that I’d edited the name of via its properties) had reverted back to its original name. These things didn’t happen just now during the exercise, but it did previously after I’d used shadow mode and browsed the internet etc.. I was puzzled and a little disturbed by this, probably because I don’t fully understand what Shadow Defender is actually doing to my Dell. If it makes no changes and returns the OS to an identical state then why did it log me out of Firefox addons and change a shortcut name, things that I wouldn’t even have thought it would have any particular involvement with?

    By the way I didn’t change the shortcut whilst in Shadow Mode, I changed it months ago, and the addons have rarely (if ever since first install) behaved as if I’ve never logged in to them before.

    Anyway thank you for reading this. I apologise for its length but I enjoy solving puzzles and long ago discovered that the better the initial information, the greater chance there should be in finding a path to solving a problem. But this problem requires technical knowledge/understanding that I do not have so I hope I’ve provided sufficient information to help you SD aficionados here to hopefully help me to be able to use Shadow Defender AND use my hard drive to feed my media player.

    Thanks!! :)

    ps I emailed support@shadowdefender.com a couple of days ago but no reply as yet... hence this post
     
  13. Athas

    Athas Registered Member

    Joined:
    Jan 2, 2017
    Posts:
    21
    Location:
    CH
    Hi @brighton ,

    You might be suffering from the same problem I described 3 posts above yours :)

    Did I understand correctly that you did enter Shadow Mode previously, just not immediately before the problem appeared?
    If so, did you use the "commit all changes" function when rebooting/shutting down Windows?


     
  14. brighton

    brighton Registered Member

    Joined:
    Jan 18, 2017
    Posts:
    7
    Location:
    Wirral Peninsula
    Hi Athas and thanks for replying.

    My major 'problem' began the second I installed Shadow Defender onto my computer. Before I even used it... just being installed it had already messed with my network path.

    When I first installed the software I played about, visited a few sites, deleted files from a protected drive to see if they reappeared and stuff. I didn't commit anything. I didn't want or need to. That's why I was so surprised to find that using the software had affected the Firefox addons and that shortcut, because I was under the impression that it should have left everything exactly as it was before
     
  15. Athas

    Athas Registered Member

    Joined:
    Jan 2, 2017
    Posts:
    21
    Location:
    CH
    HI @brighton ,


    The type of problems you describe could be exactly the result of corrupt files. Firefox addons store their configuration in files files that are sometimes written to while Firefox is running even if the user doesn't change their settings. The same applies to shortcuts, because AFAIK Windows itself sometimes rewrites them.

    The problem with your network could also be explained with corrupt files, however, once corrupted, they should not be able to revert to the correct state on their own, even with Shadow Defender uninstalled :)

    But I have to admit that so far I haven't been able to reproduce data corruption with shadow mode deactivated.

    If I were you, I certainly wouldn't let Shadow Defender back on my real system (only to check if your network connection would go bad again) until this is properly investigated, but maybe you could do what I described a couple of posts earlier. If you have Virtualbox, VMWare or any "total" virtualization software installed, run Shadow Defender there and see if you can confirm my findings in posts #4932 and/or #4934.


     
  16. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,065
    Hi Athas

    You are correct about the possiblities. First I don't run Win 10, but also I don't run Dells. My point was testing Ransomware, you are getting a lot of file activity, and I saw no corruption. It's a puzzle.
     
  17. co22

    co22 Registered Member

    Joined:
    Nov 22, 2011
    Posts:
    354
    Location:
    router
    Hi Athas
    will you check your hdd with HDD Regenerator for bad sector?
    i have sd firefox problems changed my hdd that have bad sector and everything normal now.
     
  18. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    7,974
    Location:
    U.S.A. (South)
    @Athas- Sorry if I missed it someplace but "exactly" what is YOUR version number where you are experiencing those issues.

    I continue to never seen or experienced a single problem frankly with anything SD related like you indicated or any other however my PREFERRED version remains Version: 1.4.0.578 so I am several releases behind which is usual for me.
     
  19. Athas

    Athas Registered Member

    Joined:
    Jan 2, 2017
    Posts:
    21
    Location:
    CH
    @co22

    I haven't used HDD Regenerator, but did a full scan with chkdsk (which would also detect bad sectors and mark them as not to be used by ntfs), also i initiated a long S.M.A.R.T self-test with smartmontools. No errors.

    @EASTER

    I'm also usually behind on releases of most software :), but since it's my first time using Shadow Defender the current official version, 1.4.0.648, downloaded about a week ago from http://www.shadowdefender.com/ is the only one I could get. :)

    I remember there was an "unofficial" version, 1.4.0.653 that is listed on some download sites around the web, like majorgeeks. I made sure to not use that one. It seems like the official webpage has removed it anyway, as the version string of the files from the official site now says 1.4.0.648.

    You mention never having experienced a problem with SD. I'm not sure I would have noticed problems on my system either, and even if I did, i might not have linked them to SD.
    But reading about cases of data corruption in this thread made me decide to actively go look for trouble. :)

    And given my experience, that's what I'm now encouraging other users of SD to do as well. :) It's the only way to know whether there's some widespread underlying issue. SD is "special", in that it offers functionality no other similar software (to my knowledge) provides, like the options to commit and exclude folders. I think that if those were easy to implement, all other light virtualization software would probably offer them as well. Thus, despite being a mature product, there might still be hard to detect problems hiding inside.

    Anyway, it's really easy to do the test, like I said in post #4932.

     
  20. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,065
    Hi Athas

    But as far as trying your test, when I read install chromium, I stop and go no further. If I am to test I need a test with out installing anything chrome or chromium related.

    Pete
     
  21. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    7,974
    Location:
    U.S.A. (South)
    Likewise I don't use and refuse to use Chrome but instead go the portable route with alternatives but never Chrome. Too much is made of that browser and trying to set up fort knox for securing it.

    But I will test about the commit to folders/files and log timestamps just to see if anything strange arouses my interest for concern.
     
  22. Athas

    Athas Registered Member

    Joined:
    Jan 2, 2017
    Posts:
    21
    Location:
    CH
    @Peter2150

    I initially used chromium only because someone in the thread mentioned that he lost his chrome bookmarks, so i decided to stay as close to the original scenario. I don't actually like chromium :)

    But it turns out you need no other software, well, except a hashing tool and a folder with many small files in it.

    In my case, there was always corruption when the total number of copied files was close to 20'000. I copied the same folder with 1000 files 20 times to a subfolder, but 2 copies of a folder with 10'000 files work work as well, i guess.

    On my old system for testing software, this took a minute (maybe the amount of time Shadow Defender's driver is under maximum load matters). So you might need to make even more copies until you notice corruption....or maybe, it won't ever happen on your system. ;)

    For testing for corruption with SD, I found checksum to be the best hashing tool http://corz.org/windows/software/checksum/

    It works via explorer folder context menu. Right click on source folder -> create, make many copies of it, right click on the target folder -> verify.

    You can do all of it while in Shadow Mode, so there won't be any traces of the checksum tool, created hashes / folders, etc.



     
  23. brighton

    brighton Registered Member

    Joined:
    Jan 18, 2017
    Posts:
    7
    Location:
    Wirral Peninsula

    Thanks again Athas.

    Your issues appear to specifically involve data corruption after manipulating files etc., whereas my #1 problem is that simply installing Shadow Defender causes my network path to become un-usable.

    I don't even have to run it, SD is changing something during its installation and I've no idea what or how to prevent it from happening.

    Uninstalling SD immediately makes everything fine again.

    So basically I can't use SD unless I can find a way to stop it interfering with my network.

    I just don't understand why this should be :(

    Can anybody can shed any light please?
     
  24. Athas

    Athas Registered Member

    Joined:
    Jan 2, 2017
    Posts:
    21
    Location:
    CH
    So you did install it again, and the same problem reappeared?

     
  25. brighton

    brighton Registered Member

    Joined:
    Jan 18, 2017
    Posts:
    7
    Location:
    Wirral Peninsula
    Yes... I've repeated the steps I put in my first post a few times, often enough to be certain it isn't a glitch. SD is definitely making my network visible to my media player but not usable. I've never seen anything like this before and am surprised nobody else has been similarly affected. It's a puzzle for sure.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.