Advice Request Shadow Defender vs BSOD?

Please provide comments and solutions that are helpful to the author of this topic.

Status
Not open for further replies.

Atlas147

Level 30
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 28, 2014
1,990
Hi guys, so this just popped into my mind and I wanted to see if anyone had answers to it. So if you enabled shadow mode on your computer, made changes to the computer and before you get the chance to exit shadow mode your computer gets a BSOD. Do you think that shadow defender would be able to revert the changes even with the BSOD?
 

DardiM

Level 26
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
May 14, 2016
1,597
Hi guys, so this just popped into my mind and I wanted to see if anyone had answers to it. So if you enabled shadow mode on your computer, made changes to the computer and before you get the chance to exit shadow mode your computer gets a BSOD. Do you think that shadow defender would be able to revert the changes even with the BSOD?
In fact Shadow Defender doesn't make changes to your files when activated : all changes are only made virtually, and only applied if you choose it (commit).
So it doesn't need to revert any change to your files : only some SD stuff will be concerned if you didn't exit the prog on a normal way.
"'Shadow Mode' redirects each system change to a virtual environment with no change to your real environment"
 
Last edited:
5

509322

Hi guys, so this just popped into my mind and I wanted to see if anyone had answers to it. So if you enabled shadow mode on your computer, made changes to the computer and before you get the chance to exit shadow mode your computer gets a BSOD. Do you think that shadow defender would be able to revert the changes even with the BSOD?

A BSOD is a low-level OS or hardware crash. The crash is below the level that Shadow Defender operates.

I should point out that there is malware that can force a BSOD - like Petya.
 
Last edited by a moderator:

Der.Reisende

Level 45
Honorary Member
Top Poster
Content Creator
Malware Hunter
Dec 27, 2014
3,423
To my experience (HUB tests, doing screenshots of the results), any change within a ShadowDefender session exited by a BSOD had the same effect as a restart, everything lost.
That's why I upload the screenshots after each sample, as MT autosaves the draft post.
 

tim one

Level 21
Verified
Honorary Member
Top Poster
Malware Hunter
Jul 31, 2014
1,086
I have had similar experiences, BSOD in shadow mode, sometimes due to incompatibility issues with older versions of SD and Windows 10, and sometimes due to malware or testing of applications that worked too in depth.
In all cases, SD has well worked, and on reboot I always got the previous situation, losting the changes made in shadow mode.
 

jamescv7

Level 85
Verified
Honorary Member
Mar 15, 2011
13,070
It will revert any changes regardless if the system commits on BSOD.

The nature of virtualization definitely destroys any operation related to exit commands.

Either User mode or Kernel Mode commits the problem still it will revert the changes.
 
5

509322

The condition that caused the BSOD will be reverted if it is caused within Shadow Mode. However, a hardware induced BSOD can not and will not be reverted by Shadow Defender.

A BSOD is initiated at a level below which Shadow Defender operates. The only modification that the BSOD makes to the system is the creation of a memory dump - which Shadow Mode will erase upon exiting - unless there is a failure of Shadow Defender itself and everything is saved to disk.
 

Atlas147

Level 30
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 28, 2014
1,990
Thanks for all of your inputs, nice to see all the knowledgeable people here in our community :D
Never knew Shadow Defender was such a robust program, gonna be more harsh with the things I throw at it in the future
 

DardiM

Level 26
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
May 14, 2016
1,597
Thanks for all of your inputs, nice to see all the knowledgeable people here in our community :D
Never knew Shadow Defender was such a robust program, gonna be more harsh with the things I throw at it in the future
I even tried with the reset button on the PC :oops:
(!!! WARNING : it is very bad to do this, for the hardware and software part - you can damage your computer !!!)
=> the virtual changes were lost, and it looked as if SD had reversed all : even if it is not Shadow Defender that has reversed any changes, but the changes made under SD activated that were only virtually done, and then not "real changes" (only for the virtual work)...are you still reading ? lol) :)
 
Last edited:

Atlas147

Level 30
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 28, 2014
1,990
I even tried with the reset button on the PC :oops:
(!!! WARNING : it is very bad to do this, for the hardware and software part - you can damage your computer !!!)
=> the virtual changes were lost, and it looked as if SD had reversed all : even if it is not Shadow Defender that has reversed any changes, but the changes made under SD activated that were only virtually done, and then not "real changes" (only for the virtual work)...are you still reading ? lol) :)
Hahah yes I am still reading :p
wow changes are discarded even using the reset button :eek:
 

DardiM

Level 26
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
May 14, 2016
1,597
Hahah yes I am still reading :p
wow changes are discarded even using the reset button :eek:
"changes are discarded"
No, like I explained, the way it works, changes are not really done with SD activated :
=> only done on a virtual way (until we choose to "commit" the change : apply them)
=> with a reset, SD loses the virtual part, can't apply the changes, but that is not a problem, because that is exactly what we want : no changes.

In fact, the only problem with error, is if you have made a lot of (virtual) changes, and want to apply them definitely, and an error occurs
=> unwanted reboot, and then not able to apply the changes

To simplify a lot : It is like writing on a list the changes you want : example 1000 lines of wanted changes - like before going shoping : (0 changes have been made in reality - 0 money spent, etc)
a reset etc, ... => you will only lose the list
or a commit => list read and changed are applied
 
Last edited:
F

ForgottenSeer 69673

Hello
I decided to post this here because since I joined I started a few new threads but they never got posted. Only said waiting for approval.

Last week after an Windows 10 insider update, My computer would boot to a black screen with some words which I can not remember. It appeared the boot sector was getting messed up. I used the fix boot issues that my Marcrium USB stick offers and then it would boot fine. I decided to uninstall SD just to see if that was the issues and since have been to boot just fine. If this is an SD issues this is a heads up that if you are using insider builds you may have issues with SD.
Also want to point out this only happened if I used shadow mode.
 

frogboy

In memoriam 1961-2018
Verified
Top Poster
Well-known
Jun 9, 2013
6,720
Hello
I decided to post this here because since I joined I started a few new threads but they never got posted. Only said waiting for approval.

Last week after an Windows 10 insider update, My computer would boot to a black screen with some words which I can not remember. It appeared the boot sector was getting messed up. I used the fix boot issues that my Marcrium USB stick offers and then it would boot fine. I decided to uninstall SD just to see if that was the issues and since have been to boot just fine. If this is an SD issues this is a heads up that if you are using insider builds you may have issues with SD.
Also want to point out this only happened if I used shadow mode.
Never had that problem , you here can maybe contact them here. Shadow Defender Home Page - the easiest PC security and privacy tool
 
F

ForgottenSeer 69673

After reinstalling SD, I had shut my computer off for the night. When I started it up it was still in shadow mode and booted just fine. After a bit, I opened the GUI and told SD to exit all shadow modes and reboot. It would never boot back up until I did what I did before. I used my Marcrium USB stick and chose to fix boot problems. Was the only way to get my computer back short of restoring a full image. I will now contact support.
 
  • Like
Reactions: Andy Ful
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top