Guide | How To How to set up Shadow Defender for convenience & max protection

  • Thread starter Deleted member 178
  • Start date
The associated guide may contain user-generated or external content.
D

Deleted member 178

Thread author
Hi, i read a lot of post asking how to set up Shadow Defender properly for convenience and optimal protection. so there is my simple guide:

Prologue:

SD can be used in 2 modes:

1- On-Demand mode

In this mode you just activate the Shadow mode when you need to test something you think may be harmful to your system , then reboot to exit it; this mode will not reduce/hamper your daily use of your system since all changes made (Windows Updates, bookmarks, installed softs, etc...) outside Shadow Mode will remain.

2- Permanent Mode

This mode is active when you allow the Shadow Mode at boot, this mode is the safest one for your system but is the one that will have many unwanted effects, why ?

- You are always under Shadow Mode so any changes in your system will be negated at every reboot.

- Any Windows/software/antivirus Updates, created/modified/downloaded files (as well as malwares infections ) will be negated at the next reboot.

As you see it is the main purpose of SD, virtualizing your actions then negating them at next reboot.

You will ask me : "So what the benefit of SD if i have to redo every time the works i have done?"

I will answer by: "Then you have the exclusions and commit functions"

So now let start to configure SD for max protection but with convenience of use.

1- Mode Setting

First you have to decide which partitions/drives to protect from changes, of course the system one must be protected but i recommend also any other partitions/drives you may have !

Why ? because some malwares infect every files not just the system ones.

You choose your partitions there:

f1BzD.jpg

Then select "Enter Shadow Mode at every boot"; then you will enter rightaway in Shadow Mode and at every boot.

iE3ze.jpg

The desktop tip will appears to confirm that you entered in Shadow Mode (the tip can now be hided )

2- Exclusion List

IMPORTANT in case of a cryptomalware your excluded folders are vulnerable to it, you must then have those excluded folders protected (out of shadow mode) by a sandbox program or an antivirus for example.

if you want FULL protection , you MUST NOT have any excluded folders


The important part is here, the exclusion list

You will have to set the folders that will be ignored by SD, meaning all changes occurring on them will be kept when you will reboot.

There is my exclusions:

giWON.jpg

So what to exclude:

- Your Antivirus updates : Generally by excluding every folders of it (ask in your product support forum to be sure),

- Your browser bookmarks (optional) : i put it as optional because i don't like to exclude my browsers, since internet is the best place to be infected i don't want to open some security holes.
My workaround is to use an online bookmark synchronizer that loads my bookmarks everytime i am online (ex: Xmarks)

If you still want exclude them you must find where the bookmarks are stored. example for Firefox: "places.sqlite"

- Your downloads: It is a nonsense to download things then negate them at the next reboot, so i recommend you to create 2 folders (in the non-system partition), for that: the first one , i called it "Downloads " is where all your downloads will be saved (this one will be not excluded); its purpose is to check that your downloaded files are safe/non-malicious (the AVs will take care of that), you can open the files there.
The second folder will be named "Safe Downloads" , when after checking the files in "Downloads" you are sure they are safe, move them here to keep them. Later you will exit Shadow Mode and locate them as you wish in a non-exclusion folder.

- Your Works: Create and exclude a folder, put your actual working files there (documents, etc..) until done, then as above relocate them later in the folder that will be protected by Shadow Mode, so you will never loose them in case of infections.

For FULL protection, don't exclude those folders but instead upload them in a cloud services only after finishing your works, don't open you cloud folder permanently.

Note about Windows Update: unfortunately , you can't exclude it , SD can't exclude the registry base, so when an update is available , just exit Shadow Mode, install it, return under Shadow Mode.

note: now SD can exclude registry keys, but better temporarily exit shadow Mode and update your OS.


3- Commit Now button:

The Commit Now button allows you to exclude files/folders on the fly , in case you downloaded/modified a file outside the excluded folders.

NUaVI.jpg

You can also do it via right-clicking the file


Final Note

As you see , Shadow Defender is a powerful protection tool if used properly, but it is not 100% bullet-proof so you have to be careful on what you download and execute on your system.

Hope this guide helped you.

I will add more infos if needed and also about the browsers bookmarks file to exclude.


Thanks
 
Last edited by a moderator:
I

illumination

Thread author
Payback said:
May I know the meaning of "100 percent not bullet-proof"?

Certain rootkits/malware may be able to bypass Shadow Defender.
 
D

Deleted member 178

Thread author
illumination said:
Certain rootkits/malware may be able to bypass Shadow Defender.

Yes very very few of them may bypass it (based from some videos only, without real proof) but i didn't find one yet; SD protect the MBR ONLY after it loads its drivers, so if a rootkit manage to infect the MBR before that state, SD can't protect the system.
 
  • Like
Reactions: frogboy

Shadowave

Level 10
Verified
Aug 10, 2012
474
Old but verry useful guide. Thanks
Note about Windows Update: unfortunately , you can't exclude it , SD can't exclude the registry base, so when an update is available , just exit Shadow Mode, install it, return under Shadow Mode.
In the new version of Shadow Defender you can can exclude the registry base.

shadow_defender_malwaretips.jpg
 

Moose

Level 22
Jun 14, 2011
2,271
Questions,please!:eek:

> Does Shadow Defender have any problems with Windows 8.1?
> What Registry Exclusions should one use with Windows 8.1? If any?
> And how often is Shadow Defender update?
 
  • Like
Reactions: Cats-4_Owners-2

Moose

Level 22
Jun 14, 2011
2,271
> How many PC's does a Lic.,Key cover? Please!:confused:
> Also, on the Exclusion List how would you treat SandBoxie
Emsisoft Anti-Malware as an exclusion?

Thanks!;)
 
Last edited:
D

Deleted member 178

Thread author
> How many PC's does a Lic.,Key cover? Please!:confused:
> Also, on the Exclusion List how would you treat SandBoxie
Emsisoft Anti-Malware as an exclusion?

Thanks!;)

1- normally one PC
2- sandboxie (paid) could be used to force-sandboxing your excluded folders, since cryptomalware will encrypt them.
3- if you want full protection, no excluded folders should be set , that means No RT AVs (unless you use SD on demand, means no excluded folders but the use of commit button)

in edited the OP
 

Purshu_Pro

Level 29
Verified
Honorary Member
Aug 3, 2013
1,879
Thanks for this guide. I'm planning to make my first shadow mode experiment. So I'm planning to install a third party theme by patching my files with uxtheme patcher and then install the themes. So can any one assist me while i do this, what folders should i exclude/commit if i like the changes.
 

Media923823

Level 1
Nov 5, 2018
14
So I'm going to ask you again

So what the benefit of SD if i have to redo every time the works i have done?"

Because a ransomware attacks all the folders
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top