- Jan 29, 2016
- 812
Thanks for watching
and hope you enjoy the video!
Shadow Defender vs Malware samples
- Thread starter safe1st
- Start date
It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.
- Status
Thanks for watching
and hope you enjoy the video!
- May 22, 2016
- 328
Great video, thanks for taking the time to do this. 
As expected, classic malware testing on softwares like SD is futile; to truly test it; MBR-based ransomwares, bioskits/rootkits are the minimum requirements.
- Jan 29, 2016
- 812
You're right
But if I find one when testing other security product, will do re-test for sure
Also I show to some people who dont know how exactly this software works
thanks guys
Great review!
Some time ago I've tested Petya ( old version ) with SD under VM.
No issues at reboot, SD protects MBR from changes.
Some time ago I've tested Petya ( old version ) with SD under VM.
No issues at reboot, SD protects MBR from changes.
- Aug 17, 2013
- 1,905
Hi Umbra, Would the MBR-based ransomware etc bypass SD? I only ask as I know you have a lot of experience with SD.
They won't , this issue was fixed years ago , now the writing to the MBR is also redirected.
- Aug 17, 2013
- 1,905
Great thanks. I'm ashamed to say I've only recently started using SD and it is indeed an amazing piece of software.
- Jun 9, 2013
- 6,720
Nothing to be ashamed of there all software is new to us all at some time, please now you can enjoy SD like the rest of us users.
- Jul 3, 2015
- 8,153
if you like to test hard-to-defeat software, what about running a test on ReHIPS?
The isolation won't give the malware even a chance, but you could make it much more interesting by running the samples from a non-isolated location, and let the HIPS alone fight the battle.
The isolation won't give the malware even a chance, but you could make it much more interesting by running the samples from a non-isolated location, and let the HIPS alone fight the battle.
- Feb 15, 2012
- 2,128
As of today, there's no known bypass to SD?
- Nov 19, 2014
- 2,350
It doesn't restrict driver loading so i guess it can't protect any kernel mode malware. I would assume that's one way to bypass any protection it offers.
- Jul 3, 2015
- 8,153
the malware can load all the drivers it wants, and muck up the windows kernel, and it's all okay. Because all changes to the system will be erased at reboot. that's the form of protection it is designed to offer. Your system gets temporarily infected, and then you wash it all away at reboot.
- Nov 19, 2014
- 2,350
If you load your drivers you can disable SD. No? I am no malware expert but it's possible.
- Jun 9, 2013
- 6,720
Shadow defender as far as i know is indestructible i have thrown everything but a brick at it over the years and it has never let me down yet.
- Jul 3, 2015
- 8,153
I don't think it is a problem, because you don't need SD to protect you anymore, at that point. It has done its job already, because it has virtualized your system.
Writing to MBR and partitions are redirected , so the drivers would be also redirected. AFAIK , nothing bypassed SD yet. The last known bypass was a MBR exploitation , this bypass led to the implementation of the MBR protection of SD.
There is no officially known bypass, but certain types of malware can theoretically bypass it - for example, malicious BIOS, graphics, firmware, etc.
In other words, areas of the system that Shadow Defender does not virtualize.
It is nothing to fret about...
- Sep 15, 2016
- 31
Great review!
Some time ago I've tested Petya ( old version ) with SD under VM.
No issues at reboot, SD protects MBR from changes.
SD under virtual box working great. No need for restoring VM snapshot. Thanks for tip.
- Status
Similar threads
