The unofficial Shadow Defender Support Thread.

Discussion in 'sandboxing & virtualization' started by Cutting_Edgetech, Feb 14, 2011.

  1. sdmod

    sdmod Shadow Defender Expert

    Joined:
    Oct 28, 2010
    Posts:
    904
    With fast boot, hiberboot, hybrid boot, or hybrid shutdown disabled?

    Patrick


    Another thought


    This might have been caused by indexing the disk files.

    I've read somewhere that people had similar problems with image files.

    my computer, right click on the drive and then properties. On the General tab, Uncheck the option "Allow files on this drive to have contents indexed

     
    Last edited: Oct 11, 2018
  2. lucidstorm

    lucidstorm Registered Member

    Joined:
    Aug 12, 2018
    Posts:
    30
    Location:
    Poland
    Patrick, indexing is disabled as it is generally recommended to disable for SSDs

    I have a question to dev or whoever it might concern, do you believe SD is shadowing the whole drive? since 2 default hidden partitions like UEFI/MSR appear not to be shadowed, despite drive C is shadowed, its best to unhide then shadow them too, otherwise in shadowed mode u can write new code, wipe or whatever u see fit on unshadowed partitions. U can also create new partitions or edit them unrestricted (I already destroyed my boot record under shadowed mode and could not boot at restart so unless you protect these partitions too u are not safe I believe)

    thanks
     
    Last edited: Oct 11, 2018
  3. ichito

    ichito Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    1,733
    Location:
    Poland - Cracow
    Hi...some questions:
    - how "mini tool" was launched...from virtualised disk (C) or from other local or external?
    - is it possible...maybe do you know some...wiping tool that can erase itself wile working?
    I've never read and heard about some feature of SD that can protect against wiping whole disk...I don't know any app that can survive erasing disk. That's why backup apps are creating/saving disk copy/snapshots on other than system disk.
     
  4. lucidstorm

    lucidstorm Registered Member

    Joined:
    Aug 12, 2018
    Posts:
    30
    Location:
    Poland
    hi not itself, I just erased MSR/UEFI, u can do that from C live but u won't boot. Mini tool ran from virtualized drive, mini tool ran not on system one C but another drive F (but I was/booted on C, however it doesn't matter from which drive it ran I know u can't wipe your own system drive) - all disks virtualized (the ones visible by default by SD). I don't see the point of using SD if u don't shadow everything. The point is not erasing/formatting or wiping but being able to persistently change data in the boot sector, what a bootkit would do, this is what I was thinking in this case since SD didn't shield the boot partition despite whole C being virtualized. There is workaround I think, u make I (MSR) and E (boot sector Uefi) visible and the SD can see them and virtualize them. The second sub-topic of my post was about bootkits - even some ransomware goes after it (that's why I was so curious), the first one about data corruption by SD, which unfortunately is not fixable according to atlas

    again, in the mini test I killed MSR and UEFI (apparently not protected by default) with mini tool and some part of C system files manually (not whole) when in shadowed mode. however for a test to be 100% true I would need to reproduce this several times.

    Allow me to disagree, u can protect against format/wiping with SD, if you wipe drive D: after reboot it is back to normal. The whole point of SD is file protection, erasing data is just one of the possible threats related to file protection. For instance when I use SD i erase 30% of the clutter on desktop to work better (I know it will be back) so why not have some fun deleting/destroying
     
    Last edited: Oct 13, 2018 at 8:10 AM
  5. sdmod

    sdmod Shadow Defender Expert

    Joined:
    Oct 28, 2010
    Posts:
    904
    I use Shadow Mode to install unknown software for trial.
    I will also install software just in Shadow Mode, that I wouldn't use a lot, to edit images, sound and video, documents and conversion etc and just 'commit' the finished results and know that the program and all the unfinished or undesirable files will have gone on re-boot, reducing clutter.
    I run a lot of apps in shadowed session only, as I need them. I don't need to be as tidy or worry about it much in Shadow Mode. I just think about what I want to keep (files, folders, documents programs etc) and forget the rest
    Years ago people tested Shadow Defender by wrecking the system by deletion and found it would reboot like new. I've never tried this myself. As far as I know Shadow Defender is not effected by a crash. I suppose if you had intended to 'commit' something prior to this happening and didn't, then you might lose it.
    The thing to remember though is to be sure that you are in Shadow Mode before wrecking the system or being untidy. :)
    There speaks the voice of experience :)
    PS I have not heard anything from Tony yet.

    Patrick



    @lucidstorm

    'For instance when I use SD i erase 30% of the clutter on desktop to work better (I know it will be back) so why not have some fun deleting/destroying '
     
    Last edited: Oct 13, 2018 at 3:14 PM
  6. lucidstorm

    lucidstorm Registered Member

    Joined:
    Aug 12, 2018
    Posts:
    30
    Location:
    Poland
    its complety safe to delete, wipe your file on all your drives with SD on . SD is rock solid on that. Never had issues with it and I do it often to tidy my stuff when I work on a single project. I hate clutter. Its like destroying your house with a hammer but with no consequences - quite satisfactory . The only exception seams to be using mini tool to wipe unshadowed stuff by default, like hidden uefi partition or any hidden drives that u don't thick the square next to it on. In my opinion SD should see and list all possible drives/partitions ( hidden, protected, especially UEFI) to shadow - it doesn't now - otherwise its a potential flaw. SD shadows only what u see in the "Computer" section

    to change subject, do you know how to commit a deletion of a file, do I have to click on a folder and thick "commit delete"?
     
    Last edited: Oct 14, 2018 at 8:02 AM
  7. ichito

    ichito Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    1,733
    Location:
    Poland - Cracow
    @lucidstorm
    Your post confirmed my assumptions so...I can't agree with you. SD is not designed to protect disks against erasing data from system drive...why?...in my opinion SD needs or even demands something like "attachment point" in system disk and for me it's driver called diskpt0.sys that is created while entering Shadow Mode. It's created no matter if memory buffer is on HD or in RAM so:
    - diskpt0.sys can't be normaly deleted because is protected by system and SD...I think that there is no malware in real world that can do this but we can just wipe whole disk to remove/destroy it what you proved us
    - next thing - there is no malware that can block/delete/modify each kind of files placed on system disk...malware can do this on specific file extentions only
    - there is no malware that can act on so large files that can be located on system disk because such action can be easily detected by security apps (RAM/CPU usage) and than blocked
    - SD never was recommended as the only one single security solution/layer of protection in system because it has limitation in its protection features...it means it's protected by others mechanism also
    At the end...by your way we could say that every security can be baypassed using simple method - erasing whole disk with installed app...but such thinking is tricky for me :)
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.