ShadowGuard is a new app designed to detect when malware or ransomware is attempting to delete File Shadow Copies and take action. Typically ransomware will attempt to delete Shadow Copies of your files prior to encrypting, so you can’t restore them, but ShadowGuard can step in at this stage to stop it completely. Upon detection ShadowGuard will:
- Prevent the command from execution (Preserving your Shadow Copies)
- Terminate the application that initiated the command (This would be the potential ransomware.)
ShadowGuard works by attaching itself as a debugger to certain processes, filtering out destructive commands before the process is even created. ShadowGuard can currently attach to:
- vssadmin.exe
- wmic.exe
- powershell.exe
ShadowGuard also maintains an allowed programs list which will prevent those programs from being terminated by ShadowGuard. This is extremely useful for some backup applications which may use vssadmin.exe in order to manage volume shadow copies.
Download ShadowGuard from it’s main page today!
Leave a Reply