The unofficial Shadow Defender Support Thread.

Discussion in 'sandboxing & virtualization' started by Cutting_Edgetech, Feb 14, 2011.

  1. sdmod

    sdmod Shadow Defender Expert

    Joined:
    Oct 28, 2010
    Posts:
    905
    With fast boot, hiberboot, hybrid boot, or hybrid shutdown disabled?

    Patrick


    Another thought


    This might have been caused by indexing the disk files.

    I've read somewhere that people had similar problems with image files.

    my computer, right click on the drive and then properties. On the General tab, Uncheck the option "Allow files on this drive to have contents indexed

     
    Last edited: Oct 11, 2018
  2. lucidstorm

    lucidstorm Registered Member

    Joined:
    Aug 12, 2018
    Posts:
    41
    Location:
    Poland
    Patrick, indexing is disabled as it is generally recommended to disable for SSDs

    I have a question to dev or whoever it might concern, do you believe SD is shadowing the whole drive? since 2 default hidden partitions like UEFI/MSR appear not to be shadowed, despite drive C is shadowed, its best to unhide then shadow them too, otherwise in shadowed mode u can write new code, wipe or whatever u see fit on unshadowed partitions. U can also create new partitions or edit them unrestricted (I already destroyed my boot record under shadowed mode and could not boot at restart so unless you protect these partitions too u are not safe I believe)

    thanks
     
    Last edited: Oct 11, 2018
  3. ichito

    ichito Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    1,758
    Location:
    Poland - Cracow
    Hi...some questions:
    - how "mini tool" was launched...from virtualised disk (C) or from other local or external?
    - is it possible...maybe do you know some...wiping tool that can erase itself wile working?
    I've never read and heard about some feature of SD that can protect against wiping whole disk...I don't know any app that can survive erasing disk. That's why backup apps are creating/saving disk copy/snapshots on other than system disk.
     
  4. lucidstorm

    lucidstorm Registered Member

    Joined:
    Aug 12, 2018
    Posts:
    41
    Location:
    Poland
    hi not itself, I just erased MSR/UEFI, u can do that from C live but u won't boot. Mini tool ran from virtualized drive, mini tool ran not on system one C but another drive F (but I was/booted on C, however it doesn't matter from which drive it ran I know u can't wipe your own system drive) - all disks virtualized (the ones visible by default by SD). I don't see the point of using SD if u don't shadow everything. The point is not erasing/formatting or wiping but being able to persistently change data in the boot sector, what a bootkit would do, this is what I was thinking in this case since SD didn't shield the boot partition despite whole C being virtualized. There is workaround I think, u make I (MSR) and E (boot sector Uefi) visible and the SD can see them and virtualize them. The second sub-topic of my post was about bootkits - even some ransomware goes after it (that's why I was so curious), the first one about data corruption by SD, which unfortunately is not fixable according to atlas

    again, in the mini test I killed MSR and UEFI (apparently not protected by default) with mini tool and some part of C system files manually (not whole) when in shadowed mode. however for a test to be 100% true I would need to reproduce this several times.

    Allow me to disagree, u can protect against format/wiping with SD, if you wipe drive D: after reboot it is back to normal. The whole point of SD is file protection, erasing data is just one of the possible threats related to file protection. For instance when I use SD i erase 30% of the clutter on desktop to work better (I know it will be back) so why not have some fun deleting/destroying
     
    Last edited: Oct 13, 2018
  5. sdmod

    sdmod Shadow Defender Expert

    Joined:
    Oct 28, 2010
    Posts:
    905
    I use Shadow Mode to install unknown software for trial.
    I will also install software just in Shadow Mode, that I wouldn't use a lot, to edit images, sound and video, documents and conversion etc and just 'commit' the finished results and know that the program and all the unfinished or undesirable files will have gone on re-boot, reducing clutter.
    I run a lot of apps in shadowed session only, as I need them. I don't need to be as tidy or worry about it much in Shadow Mode. I just think about what I want to keep (files, folders, documents programs etc) and forget the rest
    Years ago people tested Shadow Defender by wrecking the system by deletion and found it would reboot like new. I've never tried this myself. As far as I know Shadow Defender is not effected by a crash. I suppose if you had intended to 'commit' something prior to this happening and didn't, then you might lose it.
    The thing to remember though is to be sure that you are in Shadow Mode before wrecking the system or being untidy. :)
    There speaks the voice of experience :)
    PS I have not heard anything from Tony yet.

    Patrick



    @lucidstorm

    'For instance when I use SD i erase 30% of the clutter on desktop to work better (I know it will be back) so why not have some fun deleting/destroying '
     
    Last edited: Oct 13, 2018
  6. lucidstorm

    lucidstorm Registered Member

    Joined:
    Aug 12, 2018
    Posts:
    41
    Location:
    Poland
    its complety safe to delete, wipe your file on all your drives with SD on . SD is rock solid on that. Never had issues with it and I do it often to tidy my stuff when I work on a single project. I hate clutter. Its like destroying your house with a hammer but with no consequences - quite satisfactory . The only exception seams to be using mini tool to wipe unshadowed stuff by default, like hidden uefi partition or any hidden drives that u don't thick the square next to it on. In my opinion SD should see and list all possible drives/partitions ( hidden, protected, especially UEFI) to shadow - it doesn't now - otherwise its a potential flaw. SD shadows only what u see in the "Computer" section

    to change subject, do you know how to commit a deletion of a file, do I have to click on a folder and thick "commit delete"?
     
    Last edited: Oct 14, 2018
  7. ichito

    ichito Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    1,758
    Location:
    Poland - Cracow
    @lucidstorm
    Your post confirmed my assumptions so...I can't agree with you. SD is not designed to protect disks against erasing data from system drive...why?...in my opinion SD needs or even demands something like "attachment point" in system disk and for me it's driver called diskpt0.sys that is created while entering Shadow Mode. It's created no matter if memory buffer is on HD or in RAM so:
    - diskpt0.sys can't be normaly deleted because is protected by system and SD...I think that there is no malware in real world that can do this but we can just wipe whole disk to remove/destroy it what you proved us
    - next thing - there is no malware that can block/delete/modify each kind of files placed on system disk...malware can do this on specific file extentions only
    - there is no malware that can act on so large files that can be located on system disk because such action can be easily detected by security apps (RAM/CPU usage) and than blocked
    - SD never was recommended as the only one single security solution/layer of protection in system because it has limitation in its protection features...it means it's protected by others mechanism also
    At the end...by your way we could say that every security can be baypassed using simple method - erasing whole disk with installed app...but such thinking is tricky for me :)
     
  8. lucidstorm

    lucidstorm Registered Member

    Joined:
    Aug 12, 2018
    Posts:
    41
    Location:
    Poland
    @ichito
    so you don't see any issue that SD won't shadow system/Uefi partition, ok cool.
    Also I did not delete drive on which u are on, its impossible. IF diskpt0.sys is on c I didn't delete it
    that said, good info on the diskpt0 and good info overall thanks now I understand SD a little bit better
    so data corruption is the big deal then, this software is nightmare with intense read/write: moving big data, playing games, making games, editing photos/movies, saving image files and so on so forth
    now I was asking myself this question, what If I make a ramdisk, will SD shield it? I see no option to shield ramdisk, usually I would not have to but this one is somewhat persistent with asus rog and junction to temp/software folders. I guess its still cool since junction must originate from original drive which is the one shielded
     
    Last edited: Oct 23, 2018
  9. ichito

    ichito Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    1,758
    Location:
    Poland - Cracow
    @lucidstorm
    OK...I understand you have some problems with SD but they are based on your specific usage of system and data...I think. My opinion is bulided according to my experiance and opinions that I know from forums like this or others similar and I've never said that I'm "oracle"...I have still a big amount of humility to feel myself an ignorant in some situatons :)
    We should wait for someone who can help us to explain and maybe resolve mentioned issues.
     
  10. Athas

    Athas Registered Member

    Joined:
    Jan 2, 2017
    Posts:
    21
    Location:
    CH
    @lucidstorm

    I don't use SD anymore because of the data corruption problem, so I can't try it...but it's possible it would work, if the Ramdisk is presented to Windows (and SD) as a regular, formatted volume with a drive letter...you could try it. However, I don't see any other point in doing so besides testing, as Ramdisks of course have a "built-in" Shadow Mode. :)

    I'm still using MBR disks on my system, so I'm not affected by unshadowed EFI partitions, however the corruption problem is super-annoying for me...and it's been around for a long time, with at least one new version of SD released after the dev was informed about it. It still isn't fixed. There is other, similar software, without having all of SD's functionality, like committing files, but also without data corruption problems...so it definitely should be fixable.

    If a new version without this problem is released (and auto-shadowed EFI partitions without users haven to disable the hidden flag), SD would immediately win me back as a user. :)
     
  11. lucidstorm

    lucidstorm Registered Member

    Joined:
    Aug 12, 2018
    Posts:
    41
    Location:
    Poland
    thanks fort your answers guys, I also feel better that I am not alone in corruption problem

    I am also having a BSOD error (not always, happens 1 out of 3 times) when I put PC to sleep when in shadow mode (hybrid on or off doesn't matter)

    can't see what is causing the BSOD since the dump file is made on the shadowed partition.. however this might be case specific
     
  12. Athas

    Athas Registered Member

    Joined:
    Jan 2, 2017
    Posts:
    21
    Location:
    CH
    Yes, it plausible that SD is the cause for the BSOD. Any data that passes through Shadow Defender's driver is susceptible to corruption. I've also seen NTFS Event ID 55 errors while extensively testing SD, meaning that metadata is affected, as well.
    So any type of hibernation file would appear to be okay while being written to the disk, but when restarting the system, you would basically end up with the equivalent of bad RAM. I personally would not use any type of hibernation with Shadow Defender. Imagine the scenario where the work done since entering Shadow Mode would become inaccessible, since every reboot would inevitably lead to a BSOD.
     
  13. ExtremeGamerBR

    ExtremeGamerBR Registered Member

    Joined:
    Aug 3, 2010
    Posts:
    1,331
    SD works with Secure Boot?
     
  14. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    8,805
    It should work, the driver is co-signed by Microsoft.
     
  15. Osaban

    Osaban Registered Member

    Joined:
    Apr 11, 2005
    Posts:
    4,659
    Yes, it does on my Win 10 v.1809...
     
  16. Overkill

    Overkill Registered Member

    Joined:
    Mar 16, 2012
    Posts:
    2,295
    Location:
    USA
    Here's a video explaining my problem and I am using v.665
     
  17. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    3,409
    Location:
    Mexico
    Watched video. Did you set some folder/files exclusions, reg exclusions pointing to Malwarebytes stuff?
    I know this sounds obvious but I had to ask.
     
  18. Overkill

    Overkill Registered Member

    Joined:
    Mar 16, 2012
    Posts:
    2,295
    Location:
    USA
    No, none at all
     
  19. Djigi

    Djigi Registered Member

    Joined:
    Aug 13, 2012
    Posts:
    554
    Location:
    Croatia
    Is there somewhere some giveaway of this great program?
    I have a new laptop and I would like to put this program on it.
     
  20. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    3,409
    Location:
    Mexico
    I don't think so but 35 dollars for a lifetime license (updates included) I think it's a good deal...
    http://www.shadowdefender.com/index.html
     
  21. Djigi

    Djigi Registered Member

    Joined:
    Aug 13, 2012
    Posts:
    554
    Location:
    Croatia
    Sure, you are right...tnx :thumb:
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.