Hi all SpyShelter 10.5.1 Released https://www.spyshelter.com/blog/spyshelter-10-5-released/#more-5821 Download https://www.spyshelter.com/download-spyshelter/ With best Regards Mops21
Finally after all these years they have implemented this. But they forgot to do the same with the Logging tab. Potentially SS could have been the best HIPS, but it still has too many annoyances. Have you already tested this feature, does it now work correctly? And I also wonder how exactly this excluding feature works, for example if you exclude a process will it not be monitored anymore? Or will it not be able to modify network hooks (used by banking trojans) inside browser memory?
I've used it with MBAE without any problems, and as long as you mark the other tools as trusted (Allow all actions) I expect it will work just fine.
Sorry, I have not tried the feature yet. I will not have time to test it for at least a week from now.
In my testing it does not inject into processes, and this seems to limit it's protection. Online Armor easily blocks Surfrigh'ts test tool from launching calc.exe, logging keystrokes, etc. I tested SpyShelter in Ask User Mode, and calc.exe successfully launched uncontested in all test. I did not test SpyShelter against the logging test. I emailed SpyShelter about this about 3 weeks ago, and they informed me SpyShelter prevented calc.exe from launching on their machine. I'm not sure how that is possible since I tested SpyShelter against these test twice in the past, and got the same results. SpyShelter wants me to test again, and send logs from Microsoft's autoruns application. I just have not had the time to do this. I recently had 2 hard drives that failed, and it's taking a lot of my time recovering my data.
SS does this job properly on my Vista so probably the fail is elsewhere on your side...that's are results of my own test - run calc.exe - action of loggers
I think there's a good possibility of a bug somewhere in SpyShelter. I switched SpyShelter's default settings to Ask User right before testing. Maybe SpyShelter is not switching modes. I did use an older build of SpyShelter though. Several more builds have been released since I conducted that test. I did not have any other security software installed when I tested. Online Armor passed the test on the same machine. I will record the test the next time I have time to conduct it. Edited 11/9 @4:04
Do this. Open your browser first before doing any of the Surfright exploit tests. Then execute each test. I have explained this a couple of times. What the test tool does is open a browser "stub" spawned process under it's own process. The stub runs so fast that any type of network driver filtering is not properly established. With your browser open, the "stub" instance launched by the test tool will be located under the browser main process that has established network connectivity. You can view all this activity using Process Explorer/Hacker.
It all depends on where the protection is located and how it is done. Online Armor hooks processes and it's dll is doing the monitoring. I suspect it immediate set a hook in the test tool the minute it started execution.
Online Armor injects into all processes; well probably 99.5% of all processes. I checked all of mine out of boredom over the last few years I used OA. I think I remember finding 1 that OA did not inject into. I want to say it was a security application, but I can't remember for sure. I would say it was intentionally done for compatibility purposes.
SpyShelter was not injecting into any processes I could find on my machine. Does it inject into any processes on your machine?
I don't use SpyShelter so I can't help you. I suspect it uses a driver filter that is part of the network adapter. Check your network connection for same.
No it doesn't, it uses the driver for all the monitoring, but this is not a bad thing, injecting code can cause compatibility problems. Perhaps that's why SS is quite stable. Yes, it's very frustrating, weird that no one has complained about this earlier. The ability to see what exactly is blocked or allowed, instead of displaying only "Action Type" is basic functionality, come on now.
I think using a driver would be a better method as long as it can accomplish the same objective as process injection. The problem i'm having is SpyShelter has not been reliable on the two machines I have tested on. It makes me believe there is a bug somewhere. SpyShelter is just allowing executions in Ask User Mode instead of prompting me. I did not have any other real-time security software installed when testing. There has been several builds released since I last tested though. That is a very good point. I didn't think to report that with the other issues I have reported.
SS has its own internal signers database (in 2011 it was ca 10000 entries) that can't be managed by user - perhaps that is (one of) the reason that some decision of SS are automatic. As I remember the same was in OA which have also its own database but in cloud (AM-N...earlier OASIS). @ Rasheed The new faetaure - "alternative view" gives you additional comment so it's easier to know what was created. I think too much info is just a "noise" and when we want to know much more we can just use tools like Tiny Watcher. We can use also other apps instead of SS or additionaly - I mean ThreatFire that gives a lot detailed information in its pop-ups (files, folders, registry entries)
@Rasheed187 This is just my opinion... I think SpyShelter makes good products, but the user interfaces are clunky, clumsy and tedious. Now NVT ERP - that is example of a good user interface... simple, easy to learn, easy to use, useful infos that are needed, etc.
And this is my also privat opinion...if we start talking and judging app according to its interface, the discuss is starting to be worthless.
Just tested with W10x64 Pro, all actions were detected in default installation settings and in Ask User mode. Perhaps try cleaning your rules, restart your PC and perform the test again? What happened to me once: Windows Defender crippled my SPS installation (after updating to new version), because it considered SPS to be malicious. So another thing I can suggest is disabling Windows Defender and reinstalling SpyShelter. Oh and old builds didn't work with Windows 10...SpyShelter 10+ works with Windows 10. If you tested older versions then they could not possibly work. SPS GUI is still better than those pseudo-futuristic-hackerlike-interfaces. It could use some usability upgrades but to be honest, I open the GUI like once a month if i block something legitimate, so it doesn't really bother me. http://core0.staticworld.net/images/article/2013/01/bitdefender_screen-100023083-large.jpg
That is not how security soft industry standards work... usability is equal in importance to protection. You can have a soft that protects 100 % against any and all known threats. However, if the user interface is difficult for typical user, then few people will use it. A primary reason why SpyShelter is not popular\widely used is the interface and the way information is presented to the user.
@hjlbx SS is the specific and rather advanced tool with features and options which are for mostly users not understandable and by this not interesting...is a tool for specific range of protection and many users don't feel the needs to have aplication for detection of logger actions, for keystroke encryption or file/folders restrictions. Interface?...it depends of what people like and what is nice for his eyes...I don't want to speak about it becouse "de gustibus non est disputandum" BTW...where you see differences between interface of ERP and SS...are quite equal and based on the same model...where ERP is better?
I didn't know about this, will "ask user" disable this feature? Don't get me wrong, SS has got a nice looking GUI, and I applaud them for adding this feature, but they should have done this years ago. Like I said, they need to do the same with the "log window", how hard is it to figure this out for the developers? It's these kind of details that annoy the hell out of me. But anyway, I have also got some other issues on my system, so for now I'm done with SS.
Yes I agree, as a long time HIPS user I can say that it's not good enough. But SS is not on its own, take a look at Zemana and Private Firewall for example, they are also horrible when it comes to this. SS is way better, it just needs some polishing.
Yes I believe it can, other HIPS that I used in the past also didn't inject code into every process. I think you're experiencing some type of bug, I'm not sure why SS behaves this on your system.