Shadow Defender Update Thread (Current Version 1.4.0.680)

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
I know. If we start blocking drivers, then users will start screaming bloody murder. Right ? Right away, they will be the ones who will say such attacks are so low on the probability scale that they will accept the risk in favor of usability - in other words, they don't want the increased inconvenience in favor of increased protection against some extremely unlikely attack. Somebody on the forums will say those users are out of their minds - put the protection in place and make it an opt-out protection.
Of course, that would be like shooting in the own foot. That is why such gadgets can be used (and are in fact) to compromise institutions, banks, Enterprises. But, as I said before, that is not a realistic way to compromise computers of the home users.
 
5

509322

Thread author
But what happens when the infection starts from system space and it's not in guarded applications, such as this one
Voodooshield and NVT EXE Radar Pro blocked this exploit in particular, I'm actually genuinely curious this time (not trolling) :)


Apply the Microsoft security patch that was released within days of the exploit, but for the patch to even be required, the system would have to be configured to be using and actively using SMB networking.
 
Last edited by a moderator:

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
Apply the Microsoft security patch that was released within days of the exploit.
But what happens when the infection starts from system space and it's not in guarded applications, such as this one
https://www.youtube .com/watch?v=lLChVsNt1fY#t=01m55s
Voodooshield and NVT EXE Radar Pro blocked this exploit in particular, I'm actually genuinely curious this time (not trolling) :)
There is no proof that Voodooshield and NVT EXE Radar Pro blocked the exploit. In fact, the similar targetted attacks with the same exploits implemented in Fuzzbunch, easily bypassed Voodooshield and NVT EXE Radar Pro.
The video is an example of the targetted attack, so unrealistic in home user reality. You should probably be more afraid of stealing your computer from home, than of the targetted attack.:)
 

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
I updated all my drivers with wise driver care! and it uses Duba(Kingsoft)cloud to DW them!but all of them are signed and VT show them as safe(i Checked them one by one)!can I trust it? :)
Only for 99.99% . The 0.01% is the possibility, that they are China Government spying project.
 
  • Like
Reactions: Sunshine-boy
5

509322

Thread author
There is no proof that Voodooshield and NVT EXE Radar Pro blocked the exploit.

The video is of EB\DP "ported" to Metasploit framework. Rundll32 spawned by lsass.exe was intercepted and blocked, which means the Metasploit reverse TCP was blocked. Nothing more, nothing less.
 
5

509322

Thread author
OMFG someone answers my question.Andy pls tell me how they clean that infected laptop :D

Please do not use "OMFG" and similar because those sort of abbreviations are vulgar, and staff can considers those a violation of MalwareTips' Terms of Service. You should edit your post and remove it. Play it safe bro.
 
  • Like
Reactions: Sunshine-boy

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
Only for 99.99% . The 0.01% is the possibility, that they are China Government spying project.
The video is of EB\DP "ported" to Metasploit framework. Rundll32 spawned by lsass.exe was intercepted and blocked, which means the Metasploit reverse TCP was blocked. Nothing more, nothing less.
Yes. That was Umbra and my conclusion, and there are some facts that can support this. But there is a small probability, that an early Metasploit implementation of DoublePulsar was simply buggy.
 
  • Like
Reactions: Deleted member 178
5

509322

Thread author
I'm thinking of using appguard and adding everything from here - https://excubits.com/content/files/blacklist.txt to the guarded applications list, and only removing them when I actually need to run one of those files, do you think that's a good idea?

That's my personal policy, with even more disabled, on a Dell XPS 15. The only other security related soft installed is Adguard. Just clean install Windows, all the drivers, and there is no need to install any other security softs. I just disable AppGuard when I occasionally check for new drivers and update Adguard.

I got no headaches with bugs, conflicts, performance issues, etc.

I am not saying AppGuard is perfect security, but its close enough for me. I tried to break one of my systems with AG on it once and the only way I managed was to throw it off the wall. It's all true, cross my heart hope to die. Of course, I didn't have a kernel exploit that worked freely available scribbled down on a piece of paper in my front pocket at the time. So maybe my test at that time wasn't entirely accurate nor fair.
 

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
If you don't let the malware start, it can't infect you, right? Perhaps more vulnerable processes should be blacklisted to make sure nothing starts without your consent? I'm thinking of using appguard along with VS and adding everything from here - https://excubits.com/content/files/blacklist.txt to the guarded applications list, and using install mode when I need to run one of them, what do you think? Obviously as a home user with decent habits I'm pretty much never gonna have to worry about such exploits and things, like you said, but I want the 99.99999% protection :D
It would be not wise to use both AppGuard and VoodooShield alongside with Kaspersky. If you cannot sleep fearing that you are still unprotected with Kaspersky alone, then use Appguard if you like SRP or VoodooShield if you like anti-exe. My advice is to meditate for a week (for the better sleep), and finally, stick with Kaspersky alone.
If you want 99.99% protection, then use a Chromebook instead Windows (@Lockdown good advice).
You can easily access 99.99999% protection when throwing all computer components and monitor into the blast furnace.:)(y)
.
Edit
In fact, @Lockdown advice was about using Chrome OS not Chromebook (my mistake).:oops:
 
Last edited:
5

509322

Thread author
It would be not wise to use both AppGuard and VoodooShield alongside with Kaspersky. If you cannot sleep fearing that you are still unprotected with Kaspersky alone, then use Appguard if you like SRP or VoodooShield if you like anti-exe. My advice is to meditate for a week (for the better sleep), and finally, stick with Kaspersky alone.
If you want 99.99% protection, then use a Chromebook instead Windows (@Lockdown good advice).
You can easily access 99.99999% protection when throwing all computer components and monitor into the blast furnace.:)(y)

1. Don't add AppGuard to KIS, KTS; it is unnecessary
2. If you want really high protection without all the hassle, then use Chrome OS
 

ichito

Level 11
Verified
Top Poster
Content Creator
Well-known
Dec 12, 2013
541
Is it still the thread about Shadow Defender?...maybe I've missed something? :oops:
 
  • Like
Reactions: Andy Ful
D

Deleted member 65228

Thread author
But is chrome os more secure than Linux?
Chrome OS is based on Linux. Google haven't made their "own" OS, they just modify the Linux kernel to adapt for their needs. This also means that Android is based on Linux. Of course it isn't identical to the Linux kernel they decide to use, since they will heavily modify it so it is capable of supporting what they need (and remove things they don't happen to want), but they base it on Linux. Windows started using DOS (which they bought from IBM) and then adapted it into MS-DOS, and then they proceeded with the release of Windows NT and continued to develop it since then up to now. Even a majority of hobbyist OS-developers don't make it entirely themselves - they'll usually have assistance from very old articles about OS development, some of which were published around the years 1998-2005 (e.g. OS Wiki, OS Dever, etc.).

Linux tends to be more secure than Windows most of the time because the demand of attack for it is lower compared to Windows (more targeting Windows). Linux also has completely different mechanisms of security which makes it more difficult for an attacker used to Windows to adapt to it in a short-period of time. OS X also tends to be more secure for the same reason. They can still both be targeted by both simple and advanced attacks, so don't believe they are invincible to malicious software (and you also have the danger of web-based phishing the same as whilst using Windows).

@Lockdown and @Andy Ful are right though in my opinion, Chrome OS is a lot more appropriate for an average home user who needs to do web-surfing and that sort of stuff. You can still work with documents through Google Drive, Microsoft Office/WPS Writer and such software (which is actually a big attack vector thanks to macro's) is not necessary at-all a majority of the time.
 

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
If someone wants to have much of Chromebook security on Windows, then he/she can adopt Shadow Defender on boot. Like in Chrome OS on the Chromebook, after the computer restart, the untouched OS is loaded. :)
Chrome OS on the standard computer is not as secure as on the Chromebook because the OS is not on the secure partition (I am also not sure if Chrome OS has 'Verified Boot' feature).
Personally, I use Shadow Defender for a long time without any serious problems.(y)
Yet, for browsing, watching the media, document editing, the Chrome OS (or even better the Chromebook) is the best solution.
 
Last edited:

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top