Many people are worried about whether their antivirus, firewall and antispyware software will protect them against the viruses, trojans, keyloggers and spyware increasing more than ever in today's Internet.

Here's an easy way to drastically reduce the amount of malware getting onto your PC and totally stopping any chance they have of running at startup. I'm also talking about unknown malware that hasn't been identified yet.

Software needed:

1. Shadow Defender
2. Altiris SVS

Hardware requirements:

1. Either 2 hard drives or 2 partitions. This is not essential but this guide is based on this. To get around this requirement, later on you have to exclude the folder C:\fslrdr in Shadow Defender.

With this method, you can create a Windows partition about 5GB and a large partition to store your layers and data on.

This is going to be done on Windows XP but should work fine on Vista.

Installing Altiris SVS

Installation of SVS is easy and is documented in many parts of this site. I will not go into much detail because of this.

Step 1

Get a License key for SVS Personal:

Direct Link: http://www.altiris.com/Download/svsPersonal.aspx

Go to the website above and read through the EULA. If you accept it (you have to to continue with this tutorial), click accept and download the license file.

Step 2

Download SVS from a download site

Direct Link:

Step 3

Extract SVS by opening the SVS zip file and extracting the executable to the desktop.

Run the executable and click cancel when it loads. This will create an msi installer file (ignore this file for now). If one doesn't appear, go all the way to just before you press install and then click cancel.

Step 4

Right click on the executable on the desktop and press Create Shortcut. This can be done other ways but I found this was the easiest.

Right click on the shortcut and click properties. This will open up the following box:

Click to view.

Change the text in the target box to:

msiexec /qn /i Software_Virtualization_Agent.msi PRODUCT_KEY=XXXXX-XXXXX-XXXXX-XXXXX D_FSLRDR="D:\fslrdr" INSTALL_ADMIN=1 REBOOT=ReallySuppress

1. The "/qn" means don't display a user interface. This makes it a silent install with no questions.
2. The "/i Software_Virtualization_Agent.msi" means that's the install file that it should use. This uses the msi file we created earlier.
3. The "PRODUCT_KEY=XXXXX-XXXXX-XXXXX-XXXXX" is where you insert your key that you want to use in the installation. There is no validation during install. If the product key is wrong, you won't be able to use SVS Admin tool and layers after reboot until you change it in the About dialog.
4. The "D_FSLRDR="D:\fslrdr"" is where you insert the location of the Layers folder. This should be on the second partition. If it isn't, look under hardware requirements at the top for a workaround.
5. The "INSTALL_ADMIN=1" makes the admin install so you can create layers on your computer. You can remove this if you are going to have the Admin tool on a USB.
6. The "REBOOT=ReallySuppress" stops the program from automatically rebooting after installation. This saves time even though it isn't necessary.

After that, press OK.

Step 5

Run the shortcut. Wait a while and a new shortcut will appear on the desktop. Wait a minute more, then reboot. You can make sure the process has finished in task manager (Ctrl+Alt+Delete) by looking under processes for msiexec.exe.

Installing Shadow Defender

This is the one that isn't documented on www.symantec.com/community so I will go into a bit more detail.

Step 1

Start by going to their website and download Shadow Defender

Direct Link: http://www.shadowdefender.com

Run the install you just downloaded.

Step 2

Wait until this screen pops up:

Click to view.

Step 3

Click next and read through the License. If you accept it, press the "I accept the agreement" radio button and click next (also needed to continue).

Click to view.

Step 4

Enter your username and Organization and click next:

Click to view.

Step 5

Select whether you want desktop/Quick Launch icons and click next:

Click to view.

Step 6

Check the install information is correct and click Install:

Click to view.

Step 7

Once the installation is complete, it will ask you to restart (see why we didn't restart earlier!). Restart now:

Click to view.

Setting up Altiris SVS

First we will create a batch file to run at Startup and one to run at Shutdown.

This means if the PC isn't shutdown properly New/Deleted layers will not appear and neither will wireless settings.

Step 1

Open up notepad (Make sure all these files are called the filename listed and not have a .txt appended).

Step 2

Enter in notepad this text:

Click to view.

and save it in C:\WINDOWS\system32\GroupPolicy\Machine\Scripts\Startup\Settings.bat

The commands mean:

• "@echo off" means don't show the commands on screen.
• "reg import" tells the computer to merge these registry files into the registry making SVS recognize the layers.
• "net stop wzc" tells the computer to stop the wireless service.
• "net start wzc" tells the computer to start the wireless service.

If you don't use wireless, delete the "net stop wzc", "net start wzc" and the "reg import" for the wireless.reg.

If you want to automatically start a layer, add at the bottom of this file:

svscmd NAME_OF_LAYER A

Step 3

Enter in notepad this text:

Click to view.

and save it in C:\WINDOWS\system32\GroupPolicy\Machine\Scripts\Shutdown\Settings.bat.

The commands mean:

• "@echo off" means don't show the commands on screen.
• "svscmd * D -F" stops all layers forcefully to make sure the registry is fully updated and not changed.
• "del *.reg" tells the computer to delete all registry files otherwise an error occurs when exporting:

  Error: Cannot create a file when that file already exists.

• "reg export" tells the computer to export these registry files out of the registry making files to import for the next boot.
• "net stop wzc" tells the computer to stop the wireless service.

If you don't use wireless, delete the "net stop wzc", and the "reg export" for the wireless.reg.

Step 4

Enter in notepad this text:

Click to view.

and save it in C:\WINDOWS\system32\GroupPolicy\Machine\Scripts\scripts.ini.

This basically tells the computer to run the Settings.bat file when the computer starts up and shuts down.

dd if=/dev/sda2 of=/mnt/Backup.drive

Setting up Shadow Defender

Step 1

Look in the bottom right hand corner. You should see a new icon:

Right-click on it and press Open Shadow Defender

A box like this will appear:

Click to view.

If you have a key, press Register and enter you key. Otherwise press Later.

Step 2

Go under the Exclusion List tab and Add the folders:

1. Favourites (Stored at "C:\Documents and Settings\USERNAME\Favorites" in Windows XP with default settings.
2. My Documents
3. Desktop

Then click apply:

Click to view.

Step 3

Go under the Mode Setting tab and untick the box next to D: and press Enter Shadow Mode:

Click to view.

Step 4

This message will appear:

Click to view.

Select Continue after reboot and press OK.

Finished

It'll now turn your PC into shadow mode! Please don't leave yet, read the information about committing files and folders and how to exit/return from/to shadow mode!

Thanks for reading my first guide!

If you have any suggestions, post a comment and I'll try to respond in a timely fashion!

Committing Files/Folders

Files can be committed using the Commit Now tab or directly from the file/folder.

Method 1

To commit a File/Folder, go under the Commit Now tab in Shadow Defender and click Add File or Add Folder. Go find the file/folder, select it and press OK.

Once all the files/folders you want to commit are selected, Press Apply.

Method 2

Right click on the file/folder and press Commit.

Exiting and Entering from Shadowing Mode

Run then Delete the Shutdown script and rename the registry files in D:\ so they end in .reg2 (Don't worry, the Shutdown script will come back after a restart).

Go into Shadow Defender under the Mode Setting tab and press Exit all Shadow Mode.

Restart, make your changes (and rename all .reg2 files back to .reg), go under the Mode Setting tab and make sure only C: is selected.

Then press Enter Shadow Mode and restart.

Notes

Beware: Viruses can still affect your system as but they can't change system files or start on boot (unless they alter a layer).

To stop layers being directly altered, open regedit and add a new DWORD named HideRedirectAreas (set it to 1) at HKLM\SYSTEM\Altiris\FSL.

Install .Net Framework outside of the layer due to incompatibilities with SVS (It cannot be virtualised).

Also, if you install Trinket, make sure it is installed to the base system due to it changing layers.

I haven't tried any programs which require drivers. They may not work.

This will also allow you to see if a program circumvents SVS and installs files to the OS. This shows a bug in SVS which should be reported.

If you find an alternative which is free, please list it here as well and I will add it to the guide.