Shadow Defender and Windows Defender on Windows 8.1

Status
Not open for further replies.
ifacedown

ifacedown

Level 18
Thread author
Verified
Jan 31, 2014
888
Hello,

I am using Windows 8.1 Pro Update 1, 32bit.

I have also Shadow Defender installed, with "Enter Shadow Mode on boot"

Now, what folders do I need to exclude on Shadow Defender so I can update Windows Defender on Shadow Mode? I have excluded the C:\Program Files\Windows Defender but still when I update on Shadow Mode and exit on Shadow Mode, the update is lost (in Normal Mode).

What registry/folders do I need to also exclude?

Please help. Thanks.
 
Petrovic

Petrovic

Level 64
Verified
Honorary Member
Top Poster
Well-known
Apr 25, 2013
5,355
and
jef8d55ok1.jpg

:)
 
D

Deleted member 178

i wonder which reg key/folder will avoid us to redo a scan after an update while in shadow mode or not
 
Petrovic

Petrovic

Level 64
Verified
Honorary Member
Top Poster
Well-known
Apr 25, 2013
5,355
In x64
C:\Program Files\Windows Defender
 
ifacedown

ifacedown

Level 18
Thread author
Verified
Jan 31, 2014
888
I just hope... that some AVs will be much easier to exclude... without the registry entries!
 
ifacedown

ifacedown

Level 18
Thread author
Verified
Jan 31, 2014
888
Let me ask... I am new to Shadow defender... If I try install a software in Shadow Mode, will the installation be completely "undone" when I exit Shadow Mode? Not even a single trace?
 
D

Deleted member 178

ifacedown said:
Let me ask... I am new to Shadow defender... If I try install a software in Shadow Mode, will the installation be completely "undone" when I exit Shadow Mode? Not even a single trace?
Click to expand...

yep, same for malware infections (except some very rare ones like Bioskit; nothing is perfect)
 
I

illumination

ifacedown said:
Hello,

I am using Windows 8.1 Pro Update 1, 32bit.

I have also Shadow Defender installed, with "Enter Shadow Mode on boot"

Now, what folders do I need to exclude on Shadow Defender so I can update Windows Defender on Shadow Mode? I have excluded the C:\Program Files\Windows Defender but still when I update on Shadow Mode and exit on Shadow Mode, the update is lost (in Normal Mode).

What registry/folders do I need to also exclude?

Please help. Thanks.
Click to expand...

With the registry, open regedit, click "Edit" at the top, go down to "Find" type in windows defender and click "find next", once the first one appears you can then tap "F3" to go to the next one it has found and keep doing that to see them all.. Search through the keys it has found keeping an eye on the right hand side of the editor, im assuming you will be able to tell which key is the one for updating and scans by reading the keys, and or just exclude all those you find for it to make sure.
 
ifacedown

ifacedown

Level 18
Thread author
Verified
Jan 31, 2014
888
illumination said:
With the registry, open regedit, click "Edit" at the top, go down to "Find" type in windows defender and click "find next", once the first one appears you can then tap "F3" to go to the next one it has found and keep doing that to see them all.. Search through the keys it has found keeping an eye on the right hand side of the editor, im assuming you will be able to tell which key is the one for updating and scans by reading the keys, and or just exclude all those you find for it to make sure.
Click to expand...


Some that I found:

HKEY_CLASSES_ROOT\AppID\{A79DB36D-6218-48e6-9EC9-DCBA9A39BF0F}
HKEY_CLASSES_ROOT\CLSID\{13F6A0B6-57AF-4BA7-ACAA-614BC89CA9D8}\InProcServer32
HKEY_CLASSES_ROOT\CLSID\{2781761E-28E0-4109-99FE-B9D127C57AFE}
HKEY_CLASSES_ROOT\CLSID\{2781761E-28E0-4109-99FE-B9D127C57AFE}\InprocServer32
HKEY_CLASSES_ROOT\CLSID\{5EE8E9E6-2853-4D28-B2DE-6529EDA0A294}
HKEY_CLASSES_ROOT\CLSID\{5EE8E9E6-2853-4D28-B2DE-6529EDA0A294}\InprocServer32
HKEY_CLASSES_ROOT\CLSID\{5EE8E9E6-2853-4D28-B2DE-6529EDA0A294}\ProgID
HKEY_CLASSES_ROOT\CLSID\{5EE8E9E6-2853-4D28-B2DE-6529EDA0A294}\VersionIndependentProgID

I can't see anything that is relevant to 'update' based on the descriptions.
 
I

illumination

ifacedown said:
Some that I found:

HKEY_CLASSES_ROOT\AppID\{A79DB36D-6218-48e6-9EC9-DCBA9A39BF0F}
HKEY_CLASSES_ROOT\CLSID\{13F6A0B6-57AF-4BA7-ACAA-614BC89CA9D8}\InProcServer32
HKEY_CLASSES_ROOT\CLSID\{2781761E-28E0-4109-99FE-B9D127C57AFE}
HKEY_CLASSES_ROOT\CLSID\{2781761E-28E0-4109-99FE-B9D127C57AFE}\InprocServer32
HKEY_CLASSES_ROOT\CLSID\{5EE8E9E6-2853-4D28-B2DE-6529EDA0A294}
HKEY_CLASSES_ROOT\CLSID\{5EE8E9E6-2853-4D28-B2DE-6529EDA0A294}\InprocServer32
HKEY_CLASSES_ROOT\CLSID\{5EE8E9E6-2853-4D28-B2DE-6529EDA0A294}\ProgID
HKEY_CLASSES_ROOT\CLSID\{5EE8E9E6-2853-4D28-B2DE-6529EDA0A294}\VersionIndependentProgID

I can't see anything that is relevant to 'update' based on the descriptions.
Click to expand...

Try just typing "windefend" into the search
 
I

illumination

go to

HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsDefender

Click the drop down on windows defender and you will see "realtime protection/updates/scans" ect to add to your exclusion
 
ifacedown

ifacedown

Level 18
Thread author
Verified
Jan 31, 2014
888
illumination said:
go to

HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsDefender

Click the drop down on windows defender and you will see "realtime protection/updates/scans" ect to add to your exclusion
Click to expand...
I have excluded many registry keys but still, after an update and exiting shadow mode:

Virus and Spyware Definitions: Created 245 days ago
 
I

illumination

ifacedown said:
I have excluded many registry keys but still, after an update and exiting shadow mode:

Virus and Spyware Definitions: Created 245 days ago
Click to expand...
If you have them all, the only thing i can think of, is that with Defender updates being tied in with the OS updates, you would probably have to exclude windows updates as well.. From there, maybe one of the other members here can help, as i would not be sure where to go at that point.
 
I

illumination

Had one more thought come to mind.. Try turning shadow defender of, rebooting, then open the user interface and add the exclusions, while it is off, update defender, then turn shadow defender back on and reboot and see what happen.. I have never set exclusions while it is on, i have always done it while off..
 
D

Deleted member 178

You cant add exclusions while in Shadow Mode must be done outside.

Btw cloud AV are best with SD , no exclusions needed ^^
 
Status
Not open for further replies.

Similar threads

Frib004
    • Like
Advice Request A question about Shadow Defender RAM cache
Replies
12
Views
1,966
Other security for Windows, Mac, Linux
Frib004
Frib004
M
  • Locked
BBWC not detected by malwarebytes and rkill but is there?
Replies
13
Views
476
Windows Malware Removal Help & Support
icotonev
icotonev
zkSnark
Question How to prevent files getting automatically deleted from PC?
Replies
6
Views
594
Windows 11
roger_m
R

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top