Discussion in 'sandboxing & virtualization' started by Cutting_Edgetech, Feb 14, 2011.
I had SD before ransomware was ever thought of irregardless. Inquisitive as a malware tester i bombarded it with file infectors and every conceivable file of malware research files made available and SD shined then like a mystery creation which easily dumped anything thrown at it. Along came ransomware and results the same. The indestructable SD made mincement at keeping writes at bay and on reboot flushed the disk clean as a whistle.
As @innerpeace reinterated it's a MUST on my system(s) too and never once disappointed.
So +2 proudly. Fantastic invention that continues to perform as intended.
I have no doubts that SD will protect against any malware out there, even though I’m absolutely convinced that for average users (e.g. private accounts of ordinary people) there is no imminent threat lurking on the internet.
Big companies, corporations, government institutions can’t possibly have their system virtualized, because the risk of losing data with reboots out of shadow mode or deep freeze is real (and damaging) having many employees unaware of what it takes to retain important files when in shadow mode.
I have never ever tested my system against intentional malware, but it is nice to know that a reboot out of shadow mode will reset my system to its original state, period.
SD could be breached by hackers if they wanted to, but who are SD and DeepFreeze users? Private users, University/High school students, and library customers, hardly people with money, not worth their hacking skills… We are safe.
Hi...it seems you are new in SD matter so I want to mention about my review
You should remeber that you can virtualize not only system disk and you have possibility to exit from SM of specific disk, not all at once.
Thanks @ichito for the link to your review and it's good to see that Shadow Defender is still discussed with enthusiasm and interest by Wilders members.
Shadow Defender runs on all versions of Windows (although with current version (I think) Windows 2000 is not supported. I probably have older versions for Windows 2000 users if needed.
I currently still run version 22.214.171.1249 but that is just 'an old friend' to me and I'm sure that the most recent version is great too.
I run 126.96.36.1999 on Windows XP sp3, Windows 7 and Windows 10 and it runs equally well on all.
'Tony' developed Shadow Defender in the early days a similar way to Ronen Tzur (tzuk) with Sandboxie...finger on the pulse of user input and feedback almost like a rolling beta development but of late he has become inaccessible by email (Well that is my experience anyway).
He told me once that he had difficulty with the English language and a page of it was too much for him but that seemed to improve over the years. There have been major communication breakdowns at times where no Developer/user diologue was possible but I think that Shadow Defender has been developed as far as it can go and maintain it's simple usage, size and integrity.
Shadow Defender is not 'bloatware', it is concise, very usable, stable and cheap to buy and for your money you get a full lifetime licence.
I am wondering for those of you who use both Macrium Reflect and SD, are there any conflicts? Also, I have MR set to do an incremental backup every night. Do I need to exit out of shadow mode before allowing MR to run it's incremental backup? What happens if you run a MR backup and your computer is in shadow mode?
SD is working ca 10-11 years on my systems and currently on XP SP3, Win 7 and Win 8.1...more than one year ago also on Vista but this machine is already dead In all of such instance in cooperation with SpyShester Premiu/Firewall. Actualy it's har for me to imagine another team of security apps
@Alexhousek no conflicts and issues
XP SP3 - with Keriver One Click Free (the same was on Vista)
Win7 - with Aomei Backupper
Win 8.1 with Macrium Reflect
All of them have one important feature for me - independent screen of loading system that allows me enter to backup app before system is loaded.
Just to be sure that I understand correctly what you mean:
I assume you refer to a screen like this ("Betriebssystem auswählen" = Choose an operating system"):
Thanks Easter. I did see the prompt to enter the key. I just wasn't sure the key was valid since it was old and may have been from one of the older giveaways. I don't see a place in the program to enter the key nor do I see a 30 day trial countdown so I assume I'm good to go.
Hi stapp. Long time no see. It's great to hear the latest version is working great for you. It's reassuring since we've always had similar setups.
I have used SD for many years. I'm just having trouble remembering if I had the ramdisk in shadow mode or not. The computer I had it set up on was almost 8 years old and I really didn't dig around in the settings since I only opened the UI long enough to enter shadow mode and exit it with a shutdown.
I usually only put C: (OS partition) and maybe R: (ram disk) into shadow mode. The partitions on my data drive were always blocked from my browser with Sandboxie so I didn't put them in shadow mode.
Yes, you're right Why? Because I want/have possibility to revert clean/healthy system no matter how is it damaged by unwanted changes (tested apps, malware). Such feature allows me do this very easily without using removable drivers.
Sorry friend....no offense I just wanted to be helpful.
No problem. I didn't take offense. I understand how it is sometimes difficult to communicate on the internet. I'm just upset that my memory is bad.
Re the use of RAM for SD's write-cache, I have found it can improve system performance (i.e.,disk-writes) if your drive is HDD-based, but not if SSD-based. And even on systems with HDDs with no more than 4GB RAM you'll still be better off (performance-wise) to refrain from allocating RAM for write-cache (ymmv depending on your version of Windows and how you use your PC).
Hi pvsurfer. Thanks for the suggestion. I haven't really gave much thought to the speed of a SSD versus RAM. I never really noticed a slow down but all I do is surf when using SD.
To be honest the only reason I started using a ram disk for Sandboxie was because my very first SSD, a Samsung 840, didn't last one year. I thought maybe using the SSD for Sandboxie's reads and writes may have contributed to the problem. So basically I use RAM when I can to save wear and tear on the drive. Plus if malware hits or something bad happens during a SD and/or Sbie session a reboot or power cycle should clear the RAM which is a bonus. If I was using a SSD or HDD the changes might become permanent.
I hope that makes sense but thinking could be wrong though. Plus I always have spare RAM not being used.
I see sometime ahead to ask you @innerpeace how to implement a RAM DISK. I always admired those smart enough to know how best to utilize one and make the most of it like you obviously do.
The software is pretty simple to use. I got the idea from the forums years ago.
I use the older free version of Softperfect Ram Disk 3.4.8. https://www.majorgeeks.com/files/details/softperfect_ram_disk.html
Once it's set up you just move Sandboxie's root folder to R:\ or whatever you use as your ram disk.
Just keep in mind that if you download anything bigger than the ram disk size plus the sandbox folders contents you may want to up its size or do the download unsandboxed.
Thank You @innerpeace
Hello I just noticed that if u put SD in "enter shadow mode on boot" essentially permanent shadow mode until u manually stop it, and u check "Start with Windows"
then SD is supposed to shadow mode everything on boot so nothing gets changed, however if u disable the startup from task mananger
like this but with "Disabled" instead, then DefenderDaemon.exe will not run on startup despite being checked in SD settings and DESPITE BEING IN SHADOW MODE!!!!!!! Well I actually didn't test that i guess it's a quick 5 min test but the kernel driver should not be affected by the process responsible for the taskbar icon and the GUI which includes the "Shadow Mode" logo in the top. Now I turn off the startup from task manager cuz i dont want it to startup every time, i only want it to startup when im actually using it such as in this mode "enter shadow mode on boot" yet it does not and like u might even forget u had it (i did lol) but it's still in shadow mode (likely) but u just can't see the logo because the GUI Process DefenderDaemon.exe is not started
Would be a nice QoL change if the dev ever decides to update SD again. Although then my sharewareforsale license will be obsolete *sad noises*
In fact, it is as simple as this:
1) When putting SD in "enter shadow mode on boot" mode, check if Start with Windows option is checked
2) If yes, check if binary Shadow Defender Daemon exists in Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run
3) If yes, check the data, the data depends on whether it's enabled or disabled for startup. Enabled shows" 02 00 00 00 00 00 00 00 00 00 00 00" whereas disabled shows "03 00 00 00 a3 19 0d 11 c0 ba d7 01" although the data is different for different binary values aka programs so i'm not sure how it's determined but i know when something is enabled it always shows 02 with eleven 00s
4) Store that value somewhere and then enable it by setting the value to 02 and eleven 00s
5) When user is exitting enter shadow mode on boot, simply repeat and set back the value to what it was, if it was on Disabled u'd know what the data is for Disabled so it's not a problem to set it
Easy as that. My 5 year old sister (from 10+ years ago) can code this
I still can't get Shadow Defender to work. Tried it again a few days ago. The result was similar to my first post, above on 09 Sep 21.
Black screen, white letters, whirling dots.
This time I just shut the computer power switch off when the "repairs" reached 100% after about 5 minutes.
The computer started OK and the test files were gone from C:\ drive.
Everything on this computer works fine until I try to leave shadow mode.
Since then I have done the following checks:
ran chkdsk = ok
ran sfc /scannow verify only = it found errors but everything else is working ok.
ran windows memory diagnostic = no memory errors were detected
ran CrystalDiskInfo = ok
ran Hard Disk Sentinel = said perfect
ran WD virus scan = ok
ran WD virus boot scan = ok
ran TDSSKiller = ok
reset pagefile management to max of 4000 mb, that is about half the available RAM.
ran services.msc, shows bitlocker set to manual, it's not running now.
made sure fast boot is off.
Maybe these screen shots provide a clue?
Any suggestions would be appreciated.
I would consider turning hybrid sleep off.
These hybrid things often mean that you don't get a clean shut down and Shadow defender doesn't like those conditions
I don't ever run chkdsk. I turn it off
I often found that it made a bad situation worse.
Those 'repairs' are often chkdsk mangling your system beyond configurability and recovery.
Just my thoughts.
So both C and F are HDDs? Perhaps if disabling hybrid sleep doesn't work, u can try to swap the contents of those disks to see if the problem is in the files or in the HDD itself (or in SD with some driver etc.)
Also why not just convert to GPT
I will turn off the hybrid sleep option.
What about that lock option, should I uncheck it?
I'm assuming everybody has it checked and it does not interfere with Shadow Defender?
Does the partition setup shown above raise any red flags?
C & F are both partitions on a hard drive, a spinner.
I can try to transfer everything from F to C.
As a last resort I can convert to GPT, but want to try easier options first.
Thanks so far.
Oh oops I did not see that C and F are the same disk, and i somehow misread Volume as Disk
Sounds like that would have been easier if u started with it lol
Perhaps u can check the event log what crashed?
Separate names with a comma.