Shadow Mode, Malware and Tinkering - WARNING!

[Rolo]

Pretty much. Why I can't imagine using it all the time for security.

RollbackRx looks neat but blows up Win10 secure boot (it doesn't claim to run on Win10, so no fault there).

 

[Deleted member 178]

we will have to wait 6-7 months before RX works on Win10

 

[WinXPert]

Don't forget to click the Apply button

 

[Deleted member 178]

Don't forget to click the Apply button

damn it !!!! i knew i forgot something

 

[hjlbx]

@Umbra

Thanks for outlining SD commit procedure.

Maybe post guide on SD subforum ?

Any how, when specify C:\* - it automatically includes registry - or - user must also specify registry ?

I never bother with commit; no need - or - malware testing.

 

[Rolo]

Specifying C:\ doesn't really work: it will constantly halt on files it can't access and it will take far longer than just rebooting and installing "for real"...and that was just on my 100GB test VM, not the 2TB host.

 

[Deleted member 178]

in fact the best use of SD is:

1- go shadow mode
2- test whatever you want
3- if the test is proven worthy exit shadow mode
4- install the software outside shadow mode.
5- resume shadow mode for further tests if needed

 

[tonibalas]

in fact the best use of SD is:

1- go shadow mode
2- test whatever you want
3- if the test is proven worthy exit shadow mode
4- install the software outside shadow mode.
5- resume shadow mode for further tests if needed

This exactly what i did while testing Citrio browser and 7 Star browser.
I tested them, didn't like them,restarted pc everything was clear nothing left on my system Happy user

 

[Moose]

Salutations,

Could you give a example of File Exclusion List would be use for?
And would File Exclusion List get infected by malware? This will
help clear my confusion. Where the Commit Now is for your security
software correct?

Kind regards,

 

[hjlbx]

Salutations,

Could you give a example of File Exclusion List would be use for?
And would File Exclusion List get infected by malware? This will
help clear my confusion.

Kind regards,

@Moose

Excluded files could be infected - especially encrypted by cryptors (e.g. CryptoWall, Critoni, etc = "cryptomalware").

File exclusion list is used to retain changes\modifications to installed softs (that the user wishes to keep) - after exiting Shadow Mode. For example, updates, various logs (so user can keep track of what happened on system - for example, when malware testing), changes to registry, or work product - like photos, graphics, documents, etc, etc.

For best security, I do not exclude or commit anything... it's not that big of burden to "re-update" something after exiting Shadow Mode. I can always make the permanent change to my system after exiting Shadow Mode - for example, installing a soft after I've fully evaluated it and decided it will work on my system and for me... plus, more importantly, that it is safe.

If I want to save system details - like logs - or work product - like spreadsheets and word files - I upload them to OneDrive while in Shadow Mode - instead of excluding them. After exiting Shadow Mode, I download them...

This is rather safe practice compared to excluding or committing files - which, when testing malwares or during an infect - and a whole lot is happening - I can get confused and\or forget - and save infection to my system.

It can be a really bad situation if I commit an active infection to my physical system...

 

[jamescv7]

@Moose : A very comprehensive explanation by @Umbra( Link )

As much as possible use Shadow mode for testing purpose only'; do some changes when its mode off.

2- Exclusion List

IMPORTANT in case of a cryptomalware your excluded folders are vulnerable to it, you must then have those excluded folders protected (out of shadow mode) by a sandbox program or an antivirus for example.

if you want FULL protection , you MUST NOT have any excluded folders

 

[Deleted member 178]

File exclusion list is used to retain changes\modifications to installed softs (that the user wishes to keep) - after exiting Shadow Mode. For example, updates, various logs (so user can keep track of what happened on system - for example, when malware testing), changes to registry, or work product - like photos, graphics, documents, etc, etc.

For best security, I do not exclude or commit anything... it's not that big of burden to "re-update" something after exiting Shadow Mode. I can always make the permanent change to my system after exiting Shadow Mode - for example, installing a soft after I've fully evaluated it and decided it will work on my system and for me... plus, more importantly, that it is safe.

If I want to save system details - like logs - or work product - like spreadsheets and word files - I upload them to OneDrive while in Shadow Mode - instead of excluding them. After exiting Shadow Mode, I download them...

This is rather safe practice compared to excluding or committing files - which, when testing malwares or during an infect - and a whole lot is happening - I can get confused and\or forget - and save infection to my system.

It can be a really bad situation if I commit an active infection to my physical system...

exactly what i do, i never commit anything.

As much as possible use Shadow mode for testing purpose only; do some changes when its mode off.

+1

 

[Moose]

Salutations,

If you do not exclude files in shadow mode? Can they still get infected by like especially encrypted by cryptors (e.g. CryptoWall, Critoni, etc = "cryptomalware"). ? Yes and/or no?

In Post # 30! If so,the best way to stop this,is to encrypt the files and folders with other encryption software. So, that the cryptomalware can not encrypt the files and folders! And to backup the files and folders. May I suggest the following:
https://skycrypt.com/#

Video below:
https://skycrypt.com/#featured-slider

 

[hjlbx]

In Post # 30! If so,the best way to stop this,is to encrypt the files and folders with other encryption software. So, that the cryptomalware can not encrypt the files and folders! And to backup the files and folders. For example, Skycrypt.com
https://skycrypt.com/#


https://skycrypt.com/#featured-slider

Cryptors can re-encrypt any already encrypted files...

In other words, encrypting any file will not protect it from the likes of CryptoWall, TorrentLocker, Critoni, etc. If this were the case, then AV vendors would already be using encryption to protect systems.

 

[Moose]

Good to know hjbx, Thank you!

Post #69! Should have you cover now!
http://malwaretips.com/threads/ransomware-protection.30919/page-4#post-245528

 

[hjlbx]

Good to know hjbx, then what this http://malwaretips.com/threads/ransomware-protection.30919/page-4#post-245528

Post #69! Should have you cover now!

That is a partition backup - not encryption.

You can encrypt any file\data even if it is already encrypted.

You can prevent a file\data from being encrypted by denying access (read\write) to it.

There is a difference...

 

[Moose]

Okay! Yes! There is a difference! So let just talk files/folders.
Then this little software will take care this called Secure Folders.
And then lock the file completely! http://www.softpedia.com/get/Security/Security-Related/Secure-Folders.shtml

Read your post from # 34 to present post. Cover!

 

[Rolo]

File History/"Versioning" (whether the built-into Windows one or a cloud sync one) also lets you recover your unencrypted versions of your files or other file-corruption disaster. The benefit here is that it is real-time and you can go back several/all versions.

 

[Moose]

Salutations,

@Rolo,

What do you suggest as far as cloud sync one? And why? From your insight?

 

[Deleted member 2913]

By the way on Wilders a user contacted the Dev & got a reply he is going to release a new version of Shadow Defender compatible with Win 10 before 29 July.

Dont know how the upcoming SD will work with Win 10 windows updates auto download/install?

If I remember correctly the user who contacted the Dev had mentioned about Win 10 windows autoupdates.