SpyShelter 9.2 released

thanks, so i think these options are not avaible for this OS. (almost sure).

rules.

 

Are you using SpyShelter Premium, or SpyShelter Firewall?

 

If the two test i'm failing are packet filter fails then I will need to contact Eset. Does anyone know if the two I failed below are packet filter fails, or should the HIPS have blocked it instead? If no one knows for sure here then I will go over to Comodo forum.

Failed Test Invasion: FileDrop
Failed Test Impersonation: DDE

Edited 07/11 @12:10: Disregard this post. I see someone already answered this question above.

 

Does SpyShelter Firewall still show the packet filter rules, and HIPS rules in the same window?

 

I'm using the Open VPN Client provided to me by my VPN Provider. I have not tried the native OpenVpn Client since the problem began. I have the native OpenVpn client installed, but I have found the one provided by my VPN provider to be more reliable. I never had this issue before installing SpyShelter so I have to consider the possibility of SS being the cause. The only other possible cause i'm aware of is my wireless connection. They can fail sometimes causing DNS to leak.

 

@Cutting_Edgetech
I'm using SS Firewall on Vista and SS Premium on XP...i'll check the CLT score on XP later.
When you ask about rule's window...do you think about this?
https://www.wilderssecurity.com/threads/download-of-neoava-guard-beta-3.377170/#post-2500772
If "yes"...you have an answer

 

Thanks for the info @Cutting_Edgetech ...

I also use the an Open VPN Client provided to me by my VPN Provider. They recommended I replace the ISP DNS addresses in my router & Local Area Connection settings to the DNS addresses that they push out (not sure where the DNS settings are situated for WiFi, lemme' know if you can... it's always good to pick up extra intel along the way). I also modified the DNS Cache rule provided by W7FwAS, by inserting my VPN DNS addresses into the outbound firewall rule. It'll provide another aspect of leak protection since it's attached to the "dnscache" Windows Service.

In relation to software packages clashing with OpenVPN, it still could be SS. It depends on what rules you have set out in the Rules/General tab. If memory serves me correctly, I copied yours from a thread post a while back (laughs). Rules set to allow Program Files, Program Files (x86) and Windows directories, followed up with deny rules for specific sub-directories; such as Internet Explorer, Libre Office, Foxit PDF Reader, Windows Media Player Classic, etc...

 

My result of CLT on XP - 300/340...vulnerable action
8. Invasion: FileDrop
24. Impersonation: DDE
25. Impersonation: Coat
26. Impersonation: BITS
Honestly...I don't care about it

 

With this option, you will disable monitoring of network API hooks completely, so you will loose protection against banking trojans.

 

Nope, there almost all Action 33.

 

If I disable which? Which one are you talking about?

 

I'm talking about: "Setting hook to monitor network requests"

You can not allow or block this per app, it's an all or nothing approach. It's not clear to me if this is a technical issue, I believe the developers have already said that this can't be done differently.

All the other hook types that you mentioned are not relevant to this issue. Those hooks are related to global/window hooks, used by "hook based" key-loggers. Banking trojans make use of a more advanced method, they try to modify network API hooks, inside the browser memory.

 

Oh, ok. I misunderstood you. Yeah, I remember us talking about that before. I have Anki Flash Card app installed, and the network hooks block some actions from Anki. That's why I never did adopt using SpyShelter. I'm afraid it could cause my data for my flashcards to become corrupted since I can't make an exception for the app to allow the network hooks. I can't take the chance anyways since I have a project I have been working on for 6 years. I have a complete vocabulary set for the entire Spanish Language with vocabulary from all Spanish speaking countries.

 

Yes, I remember it also, and that's why the current implementation doesn't make any sense to me. It will also interfere with Fiddler, and if you turn it off, you lose protection against advanced trojans. Perhaps if you do have the time, you can test Zemana AntiLogger, to see how it handles Anki.

 

You are right...there is no advanced settings to allow or block this action for one specific process but I think you could try do this trick - in settings /tab "list of monitored actions":
- make your own list of trusted signer for needed apps ("settings"/tab "security"...command "user defined signers list")


- mark the rule #33 line and tick ON the option "auto-allow the action for component..." so in column "auto-allow" you get "Yes"
- the rest of rules should be manualy unticked with "No" in such column similar to screenshot below



The result is - only trusted apps are allowed in rule #33, the others are blocked and "trusted signers" doesn't work for others rules.

 

Interesting! If this tweak really works, I wonder why the developers didn't mention this. The only problem is that I don't like to enable the "trusted signers" option, it's a security risk IMO.

 

That will work if the application is singed. Anki Flash Card App is not signed so it want help my particular case.

 

I am trying to insert Ghostery's DLL file into SSP's Trusted Signers List. However, it keeps on telling me that there is no digital signature present. When I right click on the DLL file and bring up the Digital Signatures tab, there is an entry in the Signatures List. What gives?

EDIT: Confirmed via NVT-ERP Events tab that there is no Publisher assigned to Ghostery files... oh well

 

Sorry...I should say not "blocked" but rather "monitored"...what would be auto-allowed depends on few things
- our "list of trusted signers"
- internal white list in SS
- security level
- what kind of rules we have for specific processes (some single monitored action or for all)
- and connected setting - is it excluded from monitoring or not.

@Rasheed187
In help/manual file we can find such text about list of monitored actions

it's not such "trick" but something like a tip to check results of using it

 

SpyShelter 10

https://www.spyshelter.com/blog/spyshelter-10-released/#more-5428

 

Can confirm, SpyShelter 10 works with Windows 10 like a charm, on the other hand Zemana Antilogger still doesn't protect against anything even though it claims to

 

Is anything changed when it comes to features and interface?

 

Well, GUI seems a little bit different. Protection is as good as always. New features...I don't see any. Depends on when you used it last time, there has been quite a lot of new features throughout version 9.

 

I agree...no visible changes in features and options but for sure under the hood

 

Can you perhaps post some screenies?