Shadow Defender - General Impression

Status
Not open for further replies.
H

hjlbx

Thread author
Hello,

This is a mini-review of Shadow Defender.

WARNING ! If any malware is permitted to run while in Shadow Mode, then the entire Shadow Mode\virtualized session is infected ! Data may be stolen !

The above warning applies to all virtualization software including Comodo's virtual sandbox/kiosk, Sandboxie, Returnil, ToolWiz Time Freeze, etc and any virtual machines such as VirtualBox, VMWare, VirtualPC, etc. Virtualization provides no data protections.

NOTE: I will not provide in-depth instructions on how to configure as there already exists excellent "How To Configure" guides on this subforum - most notably by Umbra Polaris. His extensive guide explains how to properly configure and use Shadow Defender and how to use correctly under different scenarios.

Pros:

  • Protects physical system from any permanent infection. (Rootkits might be ble to bypass, but this has not been established as a fact with any verifiable evidence).
Highly suited to malware testing and software evaluation.
  • Easy to use and master.
  • High Compatibility.
  • Very light on resources.
  • Stable.
  • Lifetime License, Unlimited Installs.

Cons:


Impression:

Shadow Defender is indispensable. I use it constantly - for quite a long while now. It is the very first item on my short-list followed by Emsisoft and Revo Uninstaller Pro.

It is simple, yet extremely effective and utilitarian. Operation is so simple that I cannot imagine anyone who would not be able to master its use for maximum protection\utility. The GUI is very simplistic and well laid-out. You can read-up on the technical specifications on the Shadow Defender website. In a nut shell, it mounts a virtual drive (Z:\) to enter Shadow Mode and then un-mounts a virtual drive to exit Shadow Mode. When the virtual drive is un-mounted everything that is on it vanishes. That's it.

When using any virtualization software the user should expect quirky behavior - both minor and\or intermittent. How Shadow Defender will behave is entirely system specific. So, in other words, you might perhaps see some odd behavior but, then again, you might not. The only way to find out is to use the 30-day trial ( http://www.shadowdefender.com/download.html ).

I have never experienced a critical issue on my system. Some minor quirks, but nothing that I would rate as a bug. Some quirks inexplicably disappeared, never to return, and only one will re-appear randomly on a consistent basis. This is IT stuff so I have a high tolerance for this sort of thing by now.

The quirks on my system are graphics or anti-virus full, deep scan related in extended Shadow Mode with large Write Cache. Other times I've run a full-system scan with 10+ apps open and experienced no issues whatsoever. I'm just relaying these infos so the novice will understand what to potentially expect.

Whereas Sandboxie is nothing but a headache for me Shadow Defender is very solid overall.

The most important thing to understand about virtualization software is to heed my warning at the beginning of this thread. For example, your Windows key could be stolen.

NOTE: Rootkits have purportedly bypassed Shadow Defender. That is based upon only one video and the test result was improperly interpreted by the reviewer. The Kaspersky TDSS Killer scanner detected a remnant of the rootkit and not a full-blown MBR infection.

Tony, the developer fixed this issue a good while back by virtualizing the entire boot sector.

So, in short, there is no verifiable evidence that any rootkit can bypass the more recent versions. However, like all security software I admonish anyone not to think Shadow Defender is bulletproof and that it can be used to test rootkits without impunity. Just be careful and do the right thing... don't intentionally mess about with rootkits.

A much less likely bypass was shown in a video posted on youtube.com. It alleged that an object was carried over from Shadow Mode to the physical system. The object shown was a file in the start-up folder. When people started to ask for the sample, the video author folded-up like a lawn-chair. What does that tell you?

I always run a good AV with real-time protection while in Shadow Mode. Even if I clean an infected virtual session I still treat it as if were infected. Better to be safe than really and needlessly sorry.

On my system Shadow Defender is extremely reliable and handy.

It's the best software that I use.

Bottom line... this one is a "must-have" in my experience.
 
Last edited by a moderator:
D

Deleted member 2913

Thread author
Comodo Virtual Sandbox - If Comodo Firewall is set to block connections for programs running under sandbox, can data be stolen?
 
H

hjlbx

Thread author
Last edited by a moderator:

Janl92l

Level 7
Verified
Nov 7, 2014
339
This thread is about Shadow Defender. If u have any question about COMODO,write in on the COMODO thread. :)

Bye the way,Shadow Defender is a nice programm. I use toolwize time freez,its almost the same and free.
 
  • Like
Reactions: silversurfer
L

LabZero

Thread author
Great explanation, I am using Shadow Defender with great satisfaction but a question: the virtualized session is reset at reboot (I use this option) but if a Bootkit is a MBR rootkit infects the boot sector during the reboot to start even the Bootkit and this may infect real session?
 
  • Like
Reactions: frogboy

frogboy

In memoriam 1961-2018
Verified
Top Poster
Well-known
Jun 9, 2013
6,720
Great explanation, I am using Shadow Defender with great satisfaction but a question: the virtualized session is reset at reboot (I use this option) but if a Bootkit is a MBR rootkit infects the boot sector during the reboot to start even the Bootkit and this may infect real session?
Have a read here it sort of says MBR is protected but not sure how. http://dottech.org/107370/windows-review-shadow-defender/
 
H

hjlbx

Thread author
Yes, I read , protect MBR , probably don't allow writing boot sector.
Thanks friend:)

I routinely test bad malwares in Shadow Mode... some rootkits.

Exit Shadow Mode... run various rootkit detectors and AV scanners.

Clean.

I have only seen Shadow Defender fail 1 time - but it was entirely my fault.

I performed a "hard" restart while Shadow Defender was exiting Shadow Mode.

Some files were committed to system.
 
  • Like
Reactions: LabZero and frogboy
L

LabZero

Thread author
Yes, after the reboot I always scanning with ZAM for security but I must say that until now no problems.

Once on reboot I found the system does not reset even though I had followed the procedure
 
  • Like
Reactions: frogboy

frogboy

In memoriam 1961-2018
Verified
Top Poster
Well-known
Jun 9, 2013
6,720
Yes, after the reboot I always scanning with ZAM for security but I must say that until now no problems.

Once on reboot I found the system does not reset even though I had followed the procedure
I have never had that happen and i have been using SD for over four years.
 
L

LabZero

Thread author
I have never had that happen and i have been using SD for over four years.
Even if I hadn't opened the SD and ordered reset the virtual partition.

To reboot , automatically would be cancelled because I don not change the output options.

Instead this time I found the desktop with the malware downloaded for the test (it is strange)
 
  • Like
Reactions: frogboy

frogboy

In memoriam 1961-2018
Verified
Top Poster
Well-known
Jun 9, 2013
6,720
Even if I hadn't opened the SD and ordered reset the virtual partition.

To reboot , automatically would be cancelled because I don not change the output options.

Instead this time I found the desktop with the malware downloaded for the test (it is strange)
That is strange not sure what could have happened. If you find out let me know please my friend. :eek::D
 
  • Like
Reactions: LabZero
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top