The unofficial Shadow Defender Support Thread.

Hello,

I agree with this post:

I would much rather see the already existing bugs (such as the task scheduler and the losing of program settings issues) resolved first before even thinking of adding new features. These new features are not really needed as you are already in an environment where you can just re-boot and revert your system back to the previous state. Adding new features could make it even harder in isolating the cause of current bugs and issues, and could even introduce new bugs to the software.

IMHO, I would like to see the current version bug-free before adding anything else new. There are several of us out here that have issues that adding new features does not help the usability of the software for us at all.

 

Yes, this is my point of view too. Keep it simple, but most importantly, keep it usable.
Once the current version runs with the least bugs possible, a new feature could be added, but again, that might not be necessary at all.

 

SD's legacy has always been the fact that it wasn't officially "beaten" until very recently, when Sinowal arrived. Tony probably wants to beat it and get his record back. In fact he asked me for a sample to research, which I provided thanks to Patrick.

Drop Rights will bring Sandboxie features encompassing whole disk/partitions and not just individual applications. Low level access will be blocked so malware won't be able to infect the virtual environment and then possibly leak to the real system (as Sinowal seems to be able to do). This would be a proactive and comprehensive OS defense.

Personally I would rather have such options via SD. It will be good to have solid light-virtualization plus the ability to block low level access, all within in a single, easy-to-use lightweight app like SD. At the moment my SSDs don't take any direct write hits thanks to SD's RAM cache. I'd like to keep this ability and also have extra system security added to a single-app setup that is already optimal to me.

Regarding the current scheduler problems: I e-mailed Tony yesterday again, asking him to participate on this. He'll probably respond at the official sd forum.

 

The reason is that Shadow Defender can not always 'get rid of everything you don't want/need by simply rebooting'. Recent tests (believed to be reliable) have been conducted which have shown that SD is vulnerable to at least one known rootkit.

At this time, it seems that only Sandboxie has the capability to prevent all rootkits from escaping/bypassing its virtualized container (sandbox) and that's because SBIE provides a 'drop rights' option and disallows any kernel driver from executing.

TS

 

Very well stated CM - we share the same belief re this matter (and why I proposed an SD enhancement for 'Drop Rights & Prevent Kernel Driver Execution' option).

 

Hi all

The new Shadow Defender forum is no longer being flagged or blocked.

Take Care
TheQuest

 

Hooray! At last
Thanks TheQuest for letting us know

Patrick The Official Shadow Defender Forum

 

Hi sdmod /Patrick

Your welcome friend.

Sorry I called [named] it:- The new Shadow Defender forum , and not as it should have been:- The Official Shadow Defender Forum. .

With regards
Take Care
TheQuest

 

Been lurking for a while now so want to say that I am glad to hear that SD (Tony) is back in development after missing for few years.

I am going to wait for a while before purchasing a copy as my computer is going a bit loony at times. Not infection but more likely missing some drivers.

My last "shadow" software was PowerShadow but SD is better as far as switching between shadow modes is concerned.

Keep up the good work lads.

p/s: do you know what is the exact reason Tony is missing for the past few years?

 

Is SD 1.2.0.376 compatible with XP SP3?

 

Yes it is, system requirements at the bottom of the link.

http://www.shadowdefender.com/download.html

I am using .346 on XP SP3. Never a problem.

Bo

 

Message from Tony:

http://shadowdefenderforum.com/index.php?topic=12.0#msg184

 

Hi,

@Virus total and Jotti's malware scan

SD1.2.0.376_Setup(x64).exe <- Ikarus Virus.Win32.Virut

Do you have the same result with your version?

PLMK

Cam

 

Hi TomAZ,

I installed SD 1.2.0.376 in my test machine (Windows XP SP3 32 - bits) without any issue.

Cam

 

Just scanned using Malwarebytes anti malware (current virus defs)
and Avast Pro (current virus defs) and both came up clean
22.14 23 April 2013

Patrick
The Official Shadow Defender Forum

 

That's good to know, Camelia. Don't know why, but from time to time with some of the earlier versions, I was running into BSOD on reboots and Windows startups. Maybe just some kind of conflict with my particular system.

 

I didn't know that SD was vulnerable to anything. What rootkit? And is it a rootkit that GMER would detect? Would Malwarebytes or Hitman Pro be able to detect the trojan that was mentioned?

 

Check this out... -http://www.youtube.com/watch?v=VTLuTjufQkU-

 

Further feedback from Tony:

http://shadowdefenderforum.com/index.php?topic=29.msg193#new

 

For me, a shadow mode without exclusions and with 100% of the disk virtualized is completely useless. In normal work, I download files, create and modify documents, etc. They must be saved locally somewhere (I use a data partition) and, of course, they must survive a reboot.

 

This is why this will be optional and disabled by default. People can carry on using SD as they normally do. Any users who don't care about frequent committing would enable this to benefit from a more secure system.

 

New SD beta is out with stronger MBR protection. Sinowal is beaten but with some leftovers. Tony has just sent me the link for x64 as well.

Links here:

http://shadowdefenderforum.com/index.php?topic=29.msg193#msg193

Read the first post of the thread for details.

 

Hi TomAZ,

No BSOD on reboot and Windows startups with my particular system...
Which AV/Firewall do you use?
Did you install a malware protection such as MBAM, SAS or Hitman Pro... to mention a few?
Did you install .NET 4.0?

Cam

 

How to check my system for the Sinowal Virus?

Running Microsoft Windows Malicious Software Removal Tool (KB890830) or what?

TIA

Cam

 

Hi:

It seems ikarus flash command tool.exe in Shadow defender folder as a virus??