Advice Request A Question About Shadow Defender

Please provide comments and solutions that are helpful to the author of this topic.

Status
Not open for further replies.
raveed

raveed

Level 2
Verified
Apr 24, 2016
74
I just look at the statements, which disturbed me. If using Shadow Mode on all disks, running malware, is it possible for the malicious file to remain on the system after reboot?
 
  • Like
Reactions: bribon77
Quassar

Quassar

Level 12
Verified
Well-known
Feb 10, 2012
585
If you dont leave shadow mode during system or files are not excluded / commit than don't should change/modify your files..
even if you brutal reset system and all files new will be not remain.
 
  • Like
Reactions: bribon77 and raveed
raveed

raveed

Level 2
Verified
Apr 24, 2016
74
I mean exactly the procedure when:
- I run Shadow Mode on all disks
- I run a malicious file and check the behavior of av
- I restart the system after the test.
 
  • Like
Reactions: Weebarra and bribon77
D

Deleted member 178

raveed said:
I just look at the statements, which disturbed me. If using Shadow Mode on all disks, running malware, is it possible for the malicious file to remain on the system after reboot?
Click to expand...
It was before when the malware infected the MBR, not anymore.

The only way is if you committed an infected file.
 
  • Like
Reactions: bribon77, raveed and dinosaur07
F

ForgottenSeer 69673

I only had it fail once. The gui would not start up after an insider update. The developer sent me a registry change and after that is has stayed working.
 
  • Like
Reactions: Weebarra and raveed
Andy Ful

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,510
raveed said:
I mean exactly the procedure when:
- I run Shadow Mode on all disks
- I run a malicious file and check the behavior of av
- I restart the system after the test.
Click to expand...
You probably know it, but those points should be extended:
- do not store personal data on the computer;
- check if other sources are disconnected (pendrives, NAS, etc.);
- check if other computers in the home network are isolated from your computer;
- use VPN, or disconnect the computer from the network;
- use Gest Network feature or the separate router for malware testing.
There are probably some more ...
 
  • Like
Reactions: Weebarra, harlan4096, bribon77 and 1 other person
Quassar

Quassar

Level 12
Verified
Well-known
Feb 10, 2012
585
raveed said:
I understand, you can not trust the program completely and you have to be careful...
Thank you all for your advice.
Click to expand...
Yes you need know yet how this program work what can do for you and what cant do... than you can instal rest software to protect rest part of your system/data
 
  • Like
Reactions: Andy Ful and raveed
raveed

raveed

Level 2
Verified
Apr 24, 2016
74
Quassar said:
Yes you need know yet how this program work what can do for you and what cant do... than you can instal rest software to protect rest part of your system/data
Click to expand...

Yes, I know that you can use it as a sandbox, but I usually use it only when I'm not sure of the program, or if I want to test the program - behavior.
 
Quassar

Quassar

Level 12
Verified
Well-known
Feb 10, 2012
585
Yea but some programs put deep drives in to system and otther services which require to restart your system than SD will wipe data so sometimes cant test some soft so in this case full virtual system will be better..

any way no problem glad to help youget some info which you need to know..
if need something know yet feel free to ask at last i will don't answer if dont know xDDDDDDDDD
 
raveed

raveed

Level 2
Verified
Apr 24, 2016
74
Quassar said:
Yea but some programs put deep drives in to system and otther services which require to restart your system than SD will wipe data so sometimes cant test some soft so in this case full virtual system will be better..
Click to expand...

That's right, that's the case with av installations. Of course, I also use wmvare, unfortunately due to a rather old computer and weak components it is very tedious ....
 
Quassar

Quassar

Level 12
Verified
Well-known
Feb 10, 2012
585
Hmm in this situation you can use Snapshot or even more safe fullback disk/system software
 
ichito

ichito

Level 11
Verified
Top Poster
Content Creator
Well-known
Dec 12, 2013
542
Sorry...but I found that I can say about one more way of "baypassing" SD...actually not only SD but every LV software like TTF, WTF or Returnil. It's not connetced to SD's commmit or exclusiuon feature but to specific feature of some particular apps - I'm saying about saving/synchronisation of settings/config files that are located not on system disk but on other local not virtualised. In such situation info/data are saved wile Shadow Mode on non virtualised disk and than after reboot and entering to normal mode are still accesible for that app with all saved changes...this could be potentialy used in some cases to bypass protection of vulnerable apps that are using described mechanism.
Such case on SSM exeample was describet some time ago on Wilders in that thread
System Safety Monitor and Shadow Defender
 
  • Like
Reactions: harlan4096 and Andy Ful
Wraith

Wraith

Level 13
Thread author
Verified
Top Poster
Well-known
Aug 15, 2018
634
ichito said:
Sorry...but I found that I can say about one more way of "baypassing" SD...actually not only SD but every LV software like TTF, WTF or Returnil. It's not connetced to SD's commmit or exclusiuon feature but to specific feature of some particular apps - I'm saying about saving/synchronisation of settings/config files that are located not on system disk but on other local not virtualised. In such situation info/data are saved wile Shadow Mode on non virtualised disk and than after reboot and entering to normal mode are still accesible for that app...this could be potentialy used in some cases to bypass protection of vulnerable apps that are using described mechanism.
Such case on SSM exeample was describet some time ago on Wilders in that thread
System Safety Monitor and Shadow Defender
Click to expand...
Well if you run all the disks and partitions that are connected to your computer in shadow mode then nothing will remain after a restart.
 
Status
Not open for further replies.

Similar threads

Frib004
    • Like
Advice Request A question about Shadow Defender RAM cache
Replies
12
Views
2,514
Other security for Windows, Mac, Linux
Frib004
Frib004
H
    • Like
    • Applause
    • Wow
Advice Request Use Deep Instinct for laptop set up with ransomware protection
Replies
9
Views
1,216
Other security for Windows, Mac, Linux
likeastar20
L
Shadowra
    • Like
    • +Reputation
    • Thanks
App Review Microsoft Defender Antivirus + Windows 11 Smart App Control (SAC)
Replies
44
Views
3,307
Video Reviews - Security and Privacy
tofargone
tofargone

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top