Nebz

New Member
I've just started to trial Shadow Defender and have some questions.

I'm a 50 year old musician who is just getting into home recording. I want to protect myself when installing VST instruments. A lot of these free/cheap instruments and effects are created by lone programmers, often from countries like South America, Eastern Europe, China, Japan and Russia. They mostly come with installers or self-extracting archives. The VST themselves are often an .exe (standalone) & .dll (plugin) pair. Apart from worrying about what the installer drops, I'm also worried about using the actual instruments too. I guess over the next year I'll be testing dozens of these things.

My plan is to activate shadow mode, and run the installers/extractors in Sandboxie to see if they're dropping any malware. Then 'recover' the VST exe/dll from the sandbox and 'commit' that folder before rebooting. So that should protect me if anything from the installer managed to leak from the Sandbox, right?

Then I'd start shadow mode again, and test the VST over a period of time, to try to determine if it tries to do anything that it shouldn't.

1) I've got BitDefender Free, Malwarebytes Free, TinyWall and WiseVector to try to prevent the VST exe/dll doing anything nefarious in real time, and will try RegShot to see if I can spot changes to the system before and after I test the VST. I also take images every week with Macrium Reflect, and I might be able to upload some of the smaller VSTs to Virus Total.
Is there anything else that could help for this particular scenario? Or am I doing more-or-less the right thing?
2) In the event that I think the VST is safe after testing it, is it possible to 'cancel' shadow mode by exiting it without a reboot?
3) Where's the best place to get notified of a Shadow Defender discount or coupon?
4) Has there ever been an instance where a Windows update breaks Shadow Defender, and it isn't fixed for a time? I see a lot of threads about it being abandoned for long periods?

Bonus question for users of Wilders Security Forums: Why would my posts, which are the same as this one, be deleted by a moderator every time? I joined two weeks ago, and have had all six attempts at posting these questions deleted by a mod, with no communication whatsoever about what the problem is. It's been pretty frustrating, because it seems like a good forum.

Thanks.
 

Spawn

Administrator
Verified
Staff member
1) I've got BitDefender Free, Malwarebytes Free, TinyWall and WiseVector to try to prevent the VST exe/dll doing anything nefarious in real time, and will try RegShot to see if I can spot changes to the system before and after I test the VST. I also take images every week with Macrium Reflect, and I might be able to upload some of the smaller VSTs to Virus Total.
You can share your security set-up here:

Bonus question for users of Wilders Security Forums: Why would my posts, which are the same as this one, be deleted by a moderator every time? I joined two weeks ago, and have had all six attempts at posting these questions deleted by a mod, with no communication whatsoever about what the problem is. It's been pretty frustrating, because it seems like a good forum.
Various forums have different rules and guidelines, check any Introduction messages you may have received, or the sub-forum for new members. It's likely that new member posts are moderated by default, to combat spam. Even if it's unintentional, new poster's post appear spam-like and may be removed. Or sometimes new threads are moved, but they keeping posting in the same sub-forum. I would recommend contacting a Moderator via Private messaging, in hope of a response.
 

ichito

Level 10
Verified
Content Creator
Hi @Nebz
Beautiful and interesting post :) Perhaps I'm a bit off your situation but I'm long time user of SD and my advice could be such points:
- don't use Sbie...it automatically restrict file/process privileges and perhaps it's hard to recognise what action is right and what is suspicious/dangerous
- for me in your situation it's reasonable to use monitor of apps actions like HIPS that allows you to know what is happening in shadowed system
- it allows you not only know detected actions but analyse them after...it's possible watching log file and by analysing created rules
- apps called "file/system integrity checker" allows you to see list of changed object like file, folders, registry entries...but everything that is made after installation/checking files but HIPS do this in real-time so you can react and observe each one step
- free excellent HIPS for your can be SpyShelter...look at on it :)
According to SD...if you test some unknown files you will create a special folder on system disk called e.g. "Tests" used only to copy into it files/installers that want you test in virtualised system. Enter into SM and run it without fear because all changes will be rejected after reboot. In this mode you can also check created files using some AV scanners to check what is detected as malware or suspicious modification.
 
Last edited:

Nebz

New Member
Thanks for all the good advice. Much appreciated. What a difference compared to the problems I had in Wilders Security.

Another question for you! I've read that some users don't use the 'commit' feature, sometimes (or often) the files they are trying to save become corrupted and can't be opened after reboot.

Has anyone here experienced that? How often does it happen?

Thanks.
 

ichito

Level 10
Verified
Content Creator
Thanks for all the good advice. Much appreciated. What a difference compared to the problems I had in Wilders Security.
Haha...I'm user of Wilders...longer than of MT :cool:
OK...the most important is that you received some info and advise.
Another question for you! I've read that some users don't use the 'commit' feature, sometimes (or often) the files they are trying to save become corrupted and can't be opened after reboot.

Has anyone here experienced that? How often does it happen?

Thanks.
No issues using "Commit now" from SD window...actualy I don't use such option at all. If I need I rather use command from mouse menu "Commit by SD" and more precisely not to whole system disk but for certain folder.
 

Nebz

New Member
> Haha...I'm user of Wilders...longer than of MT

Yes, I saw your posts. You're very helpful there too!

> If I need I rather use command from mouse menu "Commit by SD" and more precisely not to whole system disk but for certain folder

Thanks. I think that's the way I will commit files too, so it's good to know you have never experienced a corrupt file.

no need for an overkill setup

Thanks for the advice. I was thinking that running Sandboxie whilst also in shadow mode would provide two layers of virtualisation, which would make it tougher for something to escape and do damage (especially given that SD by itself does not protect your from the virus/trojan's activities until you reboot)?
 
Last edited by a moderator:
Top