The unofficial Shadow Defender Support Thread.

That's strange.
I purchased 2 licenses [one for desktop and one for laptop] of Faronics Deep Freeze Standard at the beginning of this year [January to be exact] and they included Data Igloo with them.

Since when they discontinued selling DI alongside with DF Standard ?

I fully understand user huntnyc, not wanting to buy DF Enterprise for a home environment since the minimum amount of licenses allowed for the Enterprise version of DF is 15 and that's quite expensive.

So far, I like DF a lot since it does the exact things as SD and, the system resources impact is very minimum.



Carlos

 

Hi Gary,

I really love Deep Freeze and its low profile. My AV, which is Avast Internet Security always informs me about program and/or definitions updates. So, does the Microsoft Windows Update.

When I see an update is pending, I usually thaw the system, apply the updates and then put back the system in frozen state again. I guess for the Deep Freeze Standard version, this would be the only solution. With SSDs my reboots are very fast.

Best regards,

 

Dear Carlos,

Thank you for the above information. According to Gary (huntnyc), Data Igloo doesn't allow redirecting of Program Folders.

What has your experience been about Data Igloo?

It appears to be the best and working great with SSDs.

Best regards,

 

Hi Aladdin,

It's odd because the following links state that Returnil is compatible with SSDs. I'm not sure what you mean by fully compatible though - unless of course you had in mind the restrictions that Coldmoon was referring to in the DSLReports forum, which apply while in Virtual Mode.

http://www.returnilvirtualsystem.com/files/manuals/en_us/rss/ch01.html

http://www.dslreports.com/forum/r26...rnil-Virtual-System-Pro-v3.2.12918.5857-REL14

Kind regards

 

Was not taking any negative shots at Deep Freeze becaus eit is a fine product. Just clarifying that if anyone wanted to try and exclude Avast or any other program that resides in Pragram Files folder, that would not be possible with Data Igloo and Deep Freeze Standard. My information comes from the Data Igloo manual which anyone can download themselves and read. Faronics also has an Anivirus product which integrates with Deep Freeze but only with the Enterprise version which is prohibitive in cost to home users.

Regarding Returnil, just holding off because I think it might take up too much system disk space to run on my 128 GB system SSD according to system requirements but I oculd be wrong. Thanks again for all info.

Gary

 

Although I could not exclude Program Files folders with Deep Freeze Standard 7, have decided to run it anyway, remove Avast, and also run Sandboxie Paid as well as HitmanPro on demand. Should be enough to meet my needs. Just wanted to give a final update on this.

Gary

 

@ huntnyc:

That setup would be excellent in my opinion.
Although, I think you should add another line of defense on your PC setup which would be an Anti-Executable.

I was thinking that A-E could be either Blue Ridge Networks AppGuard or Faronics Anti-Executable. You can't go wrong with either one.

My layered defense for all my PCs laptops at home include at least these three layers: [Windows 7 Pro, with UAC enabled and running as standard user]

[1] AV/AM, in this case, I'm using MSE v4.1

[2] A-E, in this case, I'm using Faronics A-E, v5.0

[3] Light-Virtualization, in this case, I'm using Faronics Deep Freeze Standard v7.3

I've thrown in on this setup Sandboxie [paid], and I also use Mozilla Firefox 13.0.1 with NoScript as my default browser. [Previously, I had WOT for Firefox but the latest version of this add-on totally refuses to install on FF on Windows 7].

And, in case of disaster, I have a full image of my HDD [all PCs/laptops at home] created by using Acronis Ture Image Home 2012, so if something goes wrong and even with that above setup, malware gets past all the protection layers, I just re-image and, back on business.



Carlos

 

I'd just like to remind everyone that this is "The unofficial Shadow Defender Support Thread."

 

Very odd that the .331 driver is digitally signed whereas the "venerable good" .325 isn't.
That might explain why you aren't seeing BSOD with .331.

In regards to "Tony"...didn't that guy live in Beijing?
How much we know about him and how are business handled in China?
So far, no none of us have been to Beijing to know exactly what happened to SD "developer". May be the government expropriated his business, who knows.


Carlos

 

Dear Carlos,

Thanks for the above information. I wasn't aware that .331 driver was digitally signed by Microsoft. To get that done it has to meet the following criteria.

1. It has to be legit.

2. Tons of money need to be paid to Microsoft for the driver to be digitally signed.

Best regards,

 

Well you gentlemen could have told me about the digitally signed driver 400 posts ago....

But Thank You for pointing this out. A valuable piece of information.

Like a man just out of prison and abandoned by the world, when no one will trust him, I will trust and give version .331 a chance.

 

As far as I know v325 is also signed by VeriSign. This got nothing to do with Microsoft certification though, and this goes for both v225 and v331.

By the way, here's some screenies of my v325 diskpt.sys VeriSign certificate:

 

Well some have said they have purchased 331 and yet to hear anything bad or evil going on.Other then the silent No support, I think its fine to use.

 

Im trying it out and i hope it works out. I respect the opinion of this fine community and i pay attention to whats being said. I wanted version 325 to work but it was giving me the infamous BSOD. Ill keep trying out this 331 version. If all else fails and i get the malware of doom, well ill just whistle, and kick this puter to the curb.

 

Interesting...

I guess that's the "24-2-10" version (silent update). I 'm using the "23-2-10" version" and diskpt.sys is not signed. Also, its file-size is significantly smaller (186 KB).

 

Yes, as far as I know this is the silent update (it is obvious from the dates/times when compared with the previous file you mentioned which is 1 day older).

In the past I have seen users confusing VeriSign certification with Windows WHQL certification. From wikipedia: http://en.wikipedia.org/wiki/WHQL_Testing

A company can choose to sign their own drivers rather than go through the WHQL testing process. These drivers would not qualify for the "Certified for Windows" logos, but they would install on 64-bit versions of Windows and install without a warning message on 32-bit versions of Windows Vista or Windows 7.[2] However, it will not install without a warning message on Windows XP.[3]

Some device drivers that have passed the WHQL tests are also made available for download using Windows Update.

When Windows XP detects a new device, for which it does not have built-in drivers, it will show a Found New Hardware Wizard (see screenshot on the right). The only way to avoid the Found New Hardware Wizard from popping up on Windows XP is by pre-installing a WHQL certified driver before the device is plugged in.

The WHQL testing fee Microsoft requires is USD $250 per operating system family.[4] This fee covers both 32-bit (x86) and 64-bit (x64) versions, if submitted simultaneously, and is non-refundable. The fee does not include other expenses, such as a Windows Server 2008 x64 license, necessary for running WHQL tests, and a VeriSign certificate, necessary for submitting test results.[5]

 

Dear CM,

Again thank you for such an informative and learning post. Your posts are always a joy.

Best regards,

Mohamed

 

Thank you brother!

 

I've found on youtube someone that has tested the 331 version with malware. the video is about a month old. And the author of the vid is Winsevenholic. don't know him personally, but he has tested many many av products. its a short test.
Anyway here's the link:

-http://www.youtube.com/watch?v=hGXqkwcLOyQ

I use the .325 version myself, just in case. I have no idea if .331 is to be trusted.
But I thought maybe nice to see how SD does in a vid.

 

I just watched the SD v1.1.0.331 video at YouTube.
As usual, impressed by the capabilities of SD against malware regardless the version number.

Although, I couldn't understand how come the video poster was able to open the Windows Task Manager right after each malware file execution.
I had thought that was one the first things malware tends to block from working, to avoid the PC user could terminate its malware processes [via task manager].



Carlos

 

I do agree with you I must admit, now that I thought about it more. Ideally it would be better if there are more videos by different people with SD in it with different kinds of malware/viruses.
But to answer your concern about Task Manager behaviour, I have no idea to be honest. Some malware take over the system completely and don't show even the explorer process (task bar, window manager, etc).
The fact that the video is a bit like an music video (fast forward, fast cuts) doesn't help much either in following exactly what a specific virus/malware is doing.
Maybe the author did edit the video a bit too much. I rather see unedited video, but I couldn't find recent SD test video's tbh, or I didn't search hard enough or the videos that are more elaborate are usually russian, polish or in similar languages.
I guess a more thorough and unedited video is better to watch. I hope someone will do a lengthy test video.
Anyway, I do see your concern and I agree with you.

 

Thanks for the Link Jna99. Appreciate it.

 

The versions that I have (32 and 64) are both 23/02/2010


101CDC867F7771FAAE6810483EF16439

35EDF53C0B4D3B8960047CFBFCBAE7E3

 

My version is .225 which I downloaded with thanks to CyberMan969 (post # 1092). Checksums are MD5.
I already had a license bought for version .331 but thank goodness the licenses work with older versions
Various people in this thread recommended to use version .325 , so I stick with this version. But that doesn't mean .331 would be bad, but I guess still highly suspicious because of no changelog and no response with mail and no support or announcement whatsoever.
I'm running os windows 7 x64 and had no errors with installing, no BSOD or other errors.

Various checksums for x64 1.1.0.325 (silent update version):
checksums are calculated by Hashtab v4.0.0 program.

Adler32: F4011B6C
CRC32: 5AF8B7A9
MD2: 8AA153E21E5AA015B4A9ADB2E3B138EB
MD4: 7FEA6DEE42A72B9D1F5055F55807879F
MD5: 35EDF53C0B4D3B8960047CFBFCBAE7E3
RIPEMD-128: A7868B5B4682C6790D594568D011E43C
RIPEMD-256: 56DB2B1ADC3932F2A4C1EDEB090098EBFE8E1913F6DAA769E4CC1ADCB1743109
RIPEMD-320: 0C413CD6C1859824E218F70664797E465C720CD6E073C4BDA000FA39106E34B09BA794E8790A3E6E
SHA-1: A46C3B986ACF1BE42B87F2B1F57E3E13DEAF282A
SHA-256: 6FE018248990D0FEFE3BD10A3F13112B890841936B9D370A8A19ECBCFCD0C915
SHA-384: 953A87D418B9DCAD2FF87F6D386F35C7725043974073C1576A880CA1E366929AEF0A42CC3B1175630FEB42448CDB337D
SHA-512: C2823F1DF6745629C794ED35C24574D7C57AF9CFEE87CCAF9D5D89D02A7F6D140A123C78898C3816A646B1B178DEC4512FE30478243AD3415DD04BCC778C7003
Tiger: 720F1E1E4CD5C85AFCF57BB7E1BB2828EB62BCE43ADB4C50
Whirlpool: 49864CA924C519B9C8926469FEB32BB4F0209AEF95F3CC9D0E40B801329E04306AC0A7F1A3E893C462B80A22B6F8B02D96D81DF93367217DAEC0630B1E923F09