Advice Request A Question About Shadow Defender

Please provide comments and solutions that are helpful to the author of this topic.

Status
Not open for further replies.

raveed

Level 2
Verified
Apr 24, 2016
74
I just look at the statements, which disturbed me. If using Shadow Mode on all disks, running malware, is it possible for the malicious file to remain on the system after reboot?
 
  • Like
Reactions: bribon77

Quassar

Level 12
Verified
Well-known
Feb 10, 2012
585
If you dont leave shadow mode during system or files are not excluded / commit than don't should change/modify your files..
even if you brutal reset system and all files new will be not remain.
 
  • Like
Reactions: bribon77 and raveed

raveed

Level 2
Verified
Apr 24, 2016
74
I mean exactly the procedure when:
- I run Shadow Mode on all disks
- I run a malicious file and check the behavior of av
- I restart the system after the test.
 
D

Deleted member 178

I just look at the statements, which disturbed me. If using Shadow Mode on all disks, running malware, is it possible for the malicious file to remain on the system after reboot?
It was before when the malware infected the MBR, not anymore.

The only way is if you committed an infected file.
 
F

ForgottenSeer 69673

I only had it fail once. The gui would not start up after an insider update. The developer sent me a registry change and after that is has stayed working.
 
  • Like
Reactions: Weebarra and raveed

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
I mean exactly the procedure when:
- I run Shadow Mode on all disks
- I run a malicious file and check the behavior of av
- I restart the system after the test.
You probably know it, but those points should be extended:
- do not store personal data on the computer;
- check if other sources are disconnected (pendrives, NAS, etc.);
- check if other computers in the home network are isolated from your computer;
- use VPN, or disconnect the computer from the network;
- use Gest Network feature or the separate router for malware testing.
There are probably some more ...
 

Quassar

Level 12
Verified
Well-known
Feb 10, 2012
585
I understand, you can not trust the program completely and you have to be careful...
Thank you all for your advice.
Yes you need know yet how this program work what can do for you and what cant do... than you can instal rest software to protect rest part of your system/data
 
  • Like
Reactions: Andy Ful and raveed

raveed

Level 2
Verified
Apr 24, 2016
74
Yes you need know yet how this program work what can do for you and what cant do... than you can instal rest software to protect rest part of your system/data

Yes, I know that you can use it as a sandbox, but I usually use it only when I'm not sure of the program, or if I want to test the program - behavior.
 

Quassar

Level 12
Verified
Well-known
Feb 10, 2012
585
Yea but some programs put deep drives in to system and otther services which require to restart your system than SD will wipe data so sometimes cant test some soft so in this case full virtual system will be better..

any way no problem glad to help youget some info which you need to know..
if need something know yet feel free to ask at last i will don't answer if dont know xDDDDDDDDD
 

raveed

Level 2
Verified
Apr 24, 2016
74
Yea but some programs put deep drives in to system and otther services which require to restart your system than SD will wipe data so sometimes cant test some soft so in this case full virtual system will be better..

That's right, that's the case with av installations. Of course, I also use wmvare, unfortunately due to a rather old computer and weak components it is very tedious ....
 

Quassar

Level 12
Verified
Well-known
Feb 10, 2012
585
Hmm in this situation you can use Snapshot or even more safe fullback disk/system software
 

ichito

Level 11
Verified
Top Poster
Content Creator
Well-known
Dec 12, 2013
541
Sorry...but I found that I can say about one more way of "baypassing" SD...actually not only SD but every LV software like TTF, WTF or Returnil. It's not connetced to SD's commmit or exclusiuon feature but to specific feature of some particular apps - I'm saying about saving/synchronisation of settings/config files that are located not on system disk but on other local not virtualised. In such situation info/data are saved wile Shadow Mode on non virtualised disk and than after reboot and entering to normal mode are still accesible for that app with all saved changes...this could be potentialy used in some cases to bypass protection of vulnerable apps that are using described mechanism.
Such case on SSM exeample was describet some time ago on Wilders in that thread
System Safety Monitor and Shadow Defender
 

Wraith

Level 13
Thread author
Verified
Top Poster
Well-known
Aug 15, 2018
634
Sorry...but I found that I can say about one more way of "baypassing" SD...actually not only SD but every LV software like TTF, WTF or Returnil. It's not connetced to SD's commmit or exclusiuon feature but to specific feature of some particular apps - I'm saying about saving/synchronisation of settings/config files that are located not on system disk but on other local not virtualised. In such situation info/data are saved wile Shadow Mode on non virtualised disk and than after reboot and entering to normal mode are still accesible for that app...this could be potentialy used in some cases to bypass protection of vulnerable apps that are using described mechanism.
Such case on SSM exeample was describet some time ago on Wilders in that thread
System Safety Monitor and Shadow Defender
Well if you run all the disks and partitions that are connected to your computer in shadow mode then nothing will remain after a restart.
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top