The unofficial Shadow Defender Support Thread.

Discussion in 'sandboxing & virtualization' started by Cutting_Edgetech, Feb 14, 2011.

  1. Shad0w99

    Shad0w99 Registered Member

    Joined:
    Apr 3, 2010
    Posts:
    3
    So I have been out of touch with the world at large for many years. Life!
    I'm finally getting a new laptop with windows 10. It's going to be here soon. The last computer I had windows XP :D

    In the past, I never used any antivirus software. I just pretty much used Shadow Defender and be fearless as possible and reboot.
    This new laptop would be used for work and home.
    Is Shadow Defender still king? Are there other alternatives these days worth considering or stick with SD?
    Thanks for any and all input.

    Thanks!
     
  2. aldist

    aldist Registered Member

    Joined:
    Nov 8, 2017
    Posts:
    226
    Location:
    Germany
  3. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    7,793
    Location:
    U.S.A. (South)
    Shadow Defender is still King of the Mountain on this end as always but since you'll be sporting Windows 10 this time around, the details in this thread is a must read to avoid those little curves that Microsoft slipped into it's latest platform :)

    Congrats! and enjoy.
     
  4. Azure Phoenix

    Azure Phoenix Registered Member

    Joined:
    Nov 22, 2014
    Posts:
    753
    @Shad0w99
    Only problem I can see with Shadow Defender and Windows 10 are the updates.

    Which is why I recommend using NoVirusThanks: WinUpdateStop.
    https://www.novirusthanks.org/products/win-update-stop/
    (Depending if you use it after or before Shadow Defender, you might have to remember to re-enable updates)

    Other than that, no issue.
     
  5. Jo Ann

    Jo Ann Registered Member

    Joined:
    Jan 6, 2007
    Posts:
    574
    Imho, that mostly depends on how you use SD. If you Enter Shadow Mode on Boot (except only when downloading program updates from a safe source) and avoid using Commits and Exclusions (which can provide a back-door for malware), then SD will remove any malware infection after a system restart. That said, be aware that Shadow Mode has no means for protecting against data (identity) theft, so an additional security layer to address that vulnerability is a good idea!
     
    Last edited: Sep 16, 2018
  6. dstexas

    dstexas Registered Member

    Joined:
    Aug 11, 2012
    Posts:
    15
    I tried to install latest SD, I get 7-zip error, what am I doing wrong?
     
  7. sdmod

    sdmod Shadow Defender Expert

    Joined:
    Oct 28, 2010
    Posts:
    904
    Hi dstexas
    Shadow Defender is not a 7-zip file, it is an exe download SD1.4.0.680_Setup.exe here



     
  8. Adric

    Adric Registered Member

    Joined:
    Feb 1, 2006
    Posts:
    1,094
    SD exe is in sfx format. I had this problem a while back on XP where SD was would throw this error. I can't recall now what I did to fix it.. You may have a downlevel 7-zip version installed. You can extract the files with 7zip or winrar.
     
    Last edited: Sep 26, 2018
  9. dstexas

    dstexas Registered Member

    Joined:
    Aug 11, 2012
    Posts:
    15
    I downloaded an older version, that one worked perfectly, thanks
     
  10. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,352
    Location:
    Oz
    Does SD protect you if you have it set to exit on reboot? Protecting track zero?
     
    Last edited by a moderator: Sep 29, 2018
  11. Hadron

    Hadron Registered Member

    Joined:
    Apr 1, 2014
    Posts:
    916
    Wow! That is an iconic photo of Lennon.
    I was a small boy when I heard on the radio that he had been shot dead. I still mourn his death to this day. The world lost a lot of potential great music that day.
     
  12. ichito

    ichito Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    1,734
    Location:
    Poland - Cracow
    Yes SD do this normaly including Track 0 and hidden boot partition...
     
  13. sdmod

    sdmod Shadow Defender Expert

    Joined:
    Oct 28, 2010
    Posts:
    904
    'Version 1.4.0.519 - April 25, 2014
    New: Track 0 virtualization.
    New: Hidden boot volume will be shadowed automatically when system volume is shadowed.
    Fixed: Some minor bugs.'

    @ichito 1.4.0.519 is the version that I use and have used for years on my XP sp3 86 32 bit and is the version that I like and have settled on, that suits my purposes and setup

    Patrick.
     
  14. ichito

    ichito Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    1,734
    Location:
    Poland - Cracow
    I'm on Vista still with version x.672...I don't find any profits to install the newest build :)
     
  15. lucidstorm

    lucidstorm Registered Member

    Joined:
    Aug 12, 2018
    Posts:
    30
    Location:
    Poland
    So SD basically corrupts anything the more u use the software without rebooting and the more tasks u perform, it is able to corrupt programs (antivirus included) but also (which is funny) images, they will appear cut in half or unreadable (ofc they will be back to normal after u reboot). It will behave fine if u don't do complicated tasks but for instance browsing, writing. The corruption is live but also happens on committing. I believe though this happens more often if the drives are under some heavy load (like copy paste files + committing, or running rendering software). This only occurs in shadowed mode so my system is OK. Windows 7 here and I have many TB of data and disk drives (maybe SD can't handle it).
    I love SD but the aforementioned problems makes me search for another VM - if u have suggestions plz let me know

    Also not sure how much ram to allocate to writing, I have alot of ram so not sure how much of it to commit for SD, 1 or 2 or perhaps more is necessary. Giving it 1 gig of ram helped with how fast SD commits files.
     
    Last edited: Oct 10, 2018
  16. sdmod

    sdmod Shadow Defender Expert

    Joined:
    Oct 28, 2010
    Posts:
    904
    Hi lucidstorm,
    Extensive corruption caused by Shadow Defender is not something that I've experienced over the years or seen mentioned on any of the forums. I install uninstall a lot of software to try it and, lots of copying pasting and working with multiple images of various types and stay in Shadow mode for days and I don't see what you are seeing.
    Which version of Shadow Defender are you using? Could you tell us as much as you can about your system setup, file system etc (ntfs or whatever)?
    Do you know that the harddrive is in good condition? What sort of hardrive is it? Is your ram ok
    How is your system without Shadow Defender installed currently?
    How much room is available on your drive
    Which antivirus is it that you mention?
    Can you list the programs that are being corrupted?

    sdmod





     
    Last edited: Oct 11, 2018
  17. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    7,793
    Location:
    U.S.A. (South)
    I'm part of that group. Been stopped on version x.578 and since it's On-Demand Only, does what's expected as expected and can't ask for more that that for the usage it see's here. Happy Camper
     
  18. lucidstorm

    lucidstorm Registered Member

    Joined:
    Aug 12, 2018
    Posts:
    30
    Location:
    Poland
    Hi
    @sdmod
    you know SD is not well documented (unfortunately most of security software isn't), so I might not be the only one, there might be tons of quirks with this software that ppl are not aware of

    As I said my system is running fine when not in shadowed mode, which for me automatically excludes drive corruption or memory problems. Drive usage is 30%, I have 32 gig of ram, the system is on intel 750 nvme. Shadows up to 7tb of data (tons of raw photos since I do outdoor photography as a passion or cgi sculpts, these files are huge - gigantic - and contain plenty of info that maybe SD can't handle I dunno). OC is the one recommended by the hardware producer, I didn't force anything. All done according to manual (so for example trim instead of prefetch/super p.) Problems arise when u connect a device drive which was not previously shadowed and that device is huge (like connecting unshadowed 6tb drive via usb). Also when using photo editing software (u name it, doesn't matter which brand) or rendering/cgi/photogrammetry. This is more strain that average Joe PC usage. Corruption is random, must be careful when committing new files since u risk to save corrupted versions (but there are obvious workarounds to this). All runs fine under normal conditions. Might be permissions or some security measure I adopted on for the drives themselves (ie no $ admin shares, restriction of file paths changing and so on). I am following these simple guides from hackernoon on pentest hardening to a tee (link address: hackernoon.com/the-2017-pentester-guide-to-windows-10-privacy-security-cf734c510b8d) + hardenwindows10forsecurity_com and many others. Despite adopting these I have zero issues whatsoever with anything (apart SD perhaps).
    All is brand new and tested hardware. Have tested SD also on 2 different laptops and different configs/AVs (both win 7 and 10 and can't escape this problem). hmm
     
    Last edited: Oct 11, 2018
  19. sdmod

    sdmod Shadow Defender Expert

    Joined:
    Oct 28, 2010
    Posts:
    904
    Hi lucidstorm,
    I've emailed Tony about your problem with a link to this page and our dialogue and will post here if/when I receive a reply.

    I mentioned that you are working with large files.

    One thing that I forgot to ask you was do you have Fast Startup/Fast Boot turned off?

    Also known as fast boot, hiberboot, hybrid boot, or hybrid shutdown

    This is something that has caused problems recently for Windows 10 Shadow Defender users and probably not to do with your issues but I thought that I'd mention it anyway.

    Tony (the Shadow Defender developer) recomends that Fast Startup/Fast Boot is turned off.

    Thanks for all the info about your situation.

    Patrick


    ..........................

     
    Last edited: Oct 11, 2018
  20. lucidstorm

    lucidstorm Registered Member

    Joined:
    Aug 12, 2018
    Posts:
    30
    Location:
    Poland
    Hi
    I enabled fast boot on ram only recently (2 days ago), have had problems of same type before and without fast boot technology. Not sure about hibernation. SD has had "enable hibernation compatibility" turned "on" as safety precaution (read below).

    I was curious if SD can protect against bootkit type of malware. Running mini tool partition wizzard in shadowed mode and doing changes (like wiping entire drive) and SD was not able to roll back (black screen on reboot). Basically I killed MSR and boot record partition with mini tool under "shadowed mode". OK I reckon that is because MSR and UEFI partition drives were not listed as protected by SD in the list of drives. I believe mini tool can wreck SD under shadowed mode. I do believe SD is not shielding whole C along its partitions? I need to unhide UEFI drive and then shield it? if a partition tool can wipe MSR/UEFI it can also store new code. its easy to test, just wipe your UEFI now in shadowed mode and u won't boot.

    EDIT: ok now hiberfil.sys is properly disabled since after reboot hyberfil.sys is not showing up anymore. I will retest without hibernation. Also my pagefile is set to 512mb minimum/1024mb maximum. I still have pending question about the "allocate ram to write cache". I am not sure what to make of this setting, I could potentially allocate as much as I could but leave 22+ gig to myself, ie give 10 to SD. Not sure which values makes sense or is a placebo, some users on this forum have put just 1 gig.
     
    Last edited: Oct 11, 2018
  21. sdmod

    sdmod Shadow Defender Expert

    Joined:
    Oct 28, 2010
    Posts:
    904
    Hi lucidstorm,
    Black screen on reboot was one of the things that people had when fast boot, hiberboot, hybrid boot, or hybrid shutdown was enabled. As far as I know Shadow Defender has not ben defeated by bootkit type malware . Other members might know more...I'm just going from memory.
    Yes, always good to have backups with or without Shadow Defender..

    I think th people who have just put 1gb to the cache do that because they have not got as much ram as you.

    I think the way it works is that it runs on that until it runs out then reverts to ordinary operation. I don't know that it is even necessary. I never use it but I have an old system with less ram than most.

    Patrick

     
    Last edited: Oct 11, 2018
  22. Athas

    Athas Registered Member

    Joined:
    Jan 2, 2017
    Posts:
    19
    Location:
    CH
    Hi, @lucidstorm

    I'm pretty sure that the problem will unfortunately persist, no matter how you change the configuration of SD and/or Windows.

    I've noticed the same behavior on my system last year, and subsequently confirmed it on 3 separate physical systems (Win7 and Win10), each with thouroughly tested hardware, and no additional software (except drivers) installed.

    It is a problem in SD itself and the way it interacts with the VSS drivers (used to redirect writes to temporary space) in Windows.

    There's a little script here to test for corruption, but something like copying about 100mb of pics to a shadowed volume is often enough to immediately spot corruption, looking through them.

    I'm not sure whether high disk usage exacarbates the problem, as I've also seen corrupt files when disk I/O was low, but it's certainly a possibility.

    I've send a mail with the description how to reproduce the problem to the developer a while ago, but have so far not heard back from him.
    As much I would like to use the product, manually verifying the integrity of every single file before commiting it to the real system (and this would be advisable to anyone IMHO) is too bothersome for me, so i'm not using SD anymore, until this is fixed...and the radio-silence from the dev is unfortunately not promising. :(


     
  23. lucidstorm

    lucidstorm Registered Member

    Joined:
    Aug 12, 2018
    Posts:
    30
    Location:
    Poland
    after 1 hour of sustained strain on system (CPU/GPU/disk) for instance after using rendering or photogrammetry I have a whole folder corrupted of jpeg images and some random software dies too so I am afraid it can't be a coincidence. I always know it will happen 100% so I take precautions

    yes but in this case I had all of that off and just wiped uefi/msr + main drive C with mini tool partition wizzard free under shadowed mode and after reboot there was black screen (could not find valid windows installation if I recall correctly). The only option to recover was a system image recovery and SD didn't protect or was not supposed to. I think SD can't protect against format/wiping and diskpart changes (not against minitool at least). To be tested more


    nevermind the flaws it still is a great software
     
    Last edited: Oct 11, 2018
  24. sdmod

    sdmod Shadow Defender Expert

    Joined:
    Oct 28, 2010
    Posts:
    904
    Personally and without empirical evidence, I would maybe try again without using that ram cache function.

    Maybe in changing horses midstream problems might occur.

    What I mean is when your allocated ram runs out it reverts to normal operation and possibly could be the transition from one mode of operation to the other that is causing this. Just a thought.

    My hunch is that it's not the size of the files per se but the need for uninterrupted processing in certain circumstances.
    My understanding is that the ram cache is just so that things can be processed faster. I imagine that it is supposed to be seamless transition but maybe...

    Patrick


     
    Last edited: Oct 11, 2018
  25. lucidstorm

    lucidstorm Registered Member

    Joined:
    Aug 12, 2018
    Posts:
    30
    Location:
    Poland
    I have had these problems with ram cache function disabled, I am trying now with the function and different ram settings to see if I can alleviate the problem somewhat
     
    Last edited: Oct 11, 2018
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.