Great news for 32 bit OS-owners, it is fast with little overhead, exprerienced HIPS users can start it in highest security mode and respond to allow/block pop-ups to their liking. I think it is great for people running 32 bit systems and wanting a low noise/pop-up second layer protection. I know it is not intended to be used this way, but it works great and silent Use spyshelter as smart HIPS protecting ring0 (admin level intrusions) 1. Run it a while with default security setting (auto allow medium level) 2. After a two weeks or so, tighten up security for all internet facing programs and rich content processing programs (IE, WMP, Outlook, PDF Reader etc). - open allow rules, disable the "now I am really pawned" defenses (see picture) - turn up security one level to "auto allow microsoft" This prevents user errors. Allow MS prevents wrong deny decisions (blocking the OS), denying internet facing after learning period prevents wrong allow decisions. Nicething about Spyshelter is that you can also add rules for dll's (e.g. flashplayer). Regards Kees
@ Windows_Security Yes it's a cool for people who want total control, but I can't believe that it took this long to add this feature. Other HIPS had this stuff back in 2006. But when I buy a new machine I will probably also buy SS, I prefer it over Online Armor and Comodo.
First...SS is since more than 4 years still better and better and currently is the "number one" among anti-loggers and its main task is to protect against loggers in different types....system/kernel protection (HIPS feature) is only one of all others. The latest changes give us more advanced features that is much useful for users like you...I think....so I don't understand you Rasheed in your mention...sorry...
@ ichito Well, I'm not trying to bash SS, I actually like the app, but this feature should have been implemented a long time ago, it should be standard in any HIPS. Remember Neoava Guard? http://s14.postimg.org/h866f9jlt/NG_Sonar.png
Using free version here: noted that Spyshelter Exe is not signed (anymore). Have FW and Premium owners noted this also?
I just installed SpyShelter 9.4 premium. So far I love the changes that have been made. I would like to know the difference in mitigation methods used by SpyShelter in comparison to Online Armor since I use Online Armor. I don't think OA uses many user mode hooks, but i'm assuming SpyShelter does. I would check for the presence of user-mode hooks with GMER, but I can't use it on this particular machine because I get a BSOD when I reboot after using GMER. I'm testing SpyShelter without Online Armor. I'm not sure they can be used together. I would love to get some good feedback from SpyShelter, and Emsisoft about what methods they use to intercept possible harmful behavior. I would like to know if they solely use user-mode hooks, kernel mode driver, both, or some other method.
@ Cutting_Edgetech You can ask these questions over here: http://www.spyshelter.com/helpdesk/ On Windows 64 bit this whole "user vs kernel mode" discussion is not interesting, because of PatchGuard. You can not hook the kernel anymore in Win Vista/7/8 64 bit. So what I'm trying to say is, both SS and OA probably use the exact same techniques on both Win 32 and 64 bit.
Is there any anti-execution component in it? Seems it doesn't intercept execution of executables like other classical HIPS.
yes it do this put it in ask user level(Probably except allow microsoft will work to,i just run SSF In a ask user) now every time you want run program SSF will ask you allow Deny if you deny program wont launch if you check current component can execute any application and also checked remember my choice then SSF not anymore ask you for execution of any program(when program launch via explorer.exe) and all program will run. to revert back you must just delete rule from application execution control in a explorer.exe rule you see one * at the and delete that (if you deny when you checked both item you can not run any program except allowed rule in SSF)
I was using SS with OA during several months about 2 years ago...there was no issues, no conflicts connected with code or functions of both apps but sometimes when I tried to do something new for them I received too many pop-ups...I survived as you can see In regards to Kees's and co22's comments...thanks for advice. I can only add that SS offers others possibilities which can we consider as "anti-exe" - you can block each action in "Rule tab" directly from the list - in the newest versions you can also block permanently process and its actions using rules creator - on security level "Ask user" you can tick-on feature "Auto-block suspicious behaviour" what...as I think...can perhaps block every suspicious actions even if aplication is on own built-in white list of SS - you can restrict not only processes but also folder (removable drivers are already on list from r.m.b. menu) that included not trusted content like e.g. folders for downloaded files...one can do it in "Restricted Apps" panel, but don't forget add this folder to the list in "Folders with write access" tab because it will not able to write file in it.
Seems the HIPS rules and pop ups in SS are a bit confusing and not so user friendly. I wish they could make it easier and user friendly.
You get maximum pop up on ask user level and its normal you can put on other level Auto allow - Medium security level Allow Microsoft Auto allow - High security level you can reduce pop-up also with trusted signer option or using new feature "Create rules for a component" you can predefine rules
I have been using the trial version SS for a few days, and SS has disabled itself now. It says it disabled itself due to limitations of the trial version. It says I have 10 days left on the trial version though. Has anyone else experienced this? I'm using SS 9.4. Update: I just created a support ticket.
this is a new limitation in Trial version The Trial version has the following restriction: Protection will be randomly disabled after a couple of hours of using SpyShelter. To enable protection again you have to reboot the system.
That's ridiculous! I will just uninstall SS then. That's a good example of bad company policy. I was considering buying a license, but not now. I will just save my money. I'm on a very limited budget right now anyways.
SpyShleter responded to my support ticket, and informed me the same thing you did. My reply to them was the following below. I hope they realize this is bad policy. "I think this is bad company policy. A trial version should give the user uninterrupted full functionality. I think you will loss a lot of potential customers due to this bad policy. I will just uninstall SpyShelter".