SpyShelter 10

Discussion in 'other anti-malware software' started by Mops21, Jul 30, 2015.

  1. ellison64

    ellison64 Registered Member

    Joined:
    Oct 5, 2003
    Posts:
    2,587
    I just tried that setting ,rebooted but haven't noticed any difference.What i have noticed is that the more entries under rules tab makes it worse.It now takes about 3 to 4 seconds after clicking rules or log tab tab for them to actually open,from any other tab such as about or settings.It seems the more entries or text the longer it takes to open ,and then scrolling give the problem in the 197 screenshot.I have opened a ticket with a screenshot ,so maybe Ill hear something .
     
  2. ellison64

    ellison64 Registered Member

    Joined:
    Oct 5, 2003
    Posts:
    2,587
    Ive had a mess around tonight and found the problem is combination of screen resolution ,and/or custom text size (accessed through display). Since removing custom text (I was set on 110%),and using different screen resolution spyshelter scrolls fine for me without skin.If I enable skin ,it gets buggy.I have a feeling(though cant confiirm it)that the font must be hard coded in spyshelter and custom texts sizes and different resolutions cause the problem.If you have time maybe you could check whether you are using custom text size ?or try different screen resolution.?
    Thanks
     
  3. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    @ ellison64

    To be honest, I don't feel like messing around since this issue finally seems to be resolved on my system, I can often also solve it by simply restarting the SS GUI. But I can tell you that I don't use any custom text size settings. But it would have probably been best if the SS developers simply changed to a more standard GUI, I'm sure others may have the same problem but don't bother to report it.
     
  4. fblais

    fblais Registered Member

    Joined:
    Jul 31, 2008
    Posts:
    1,340
    Location:
    Québec, Canada
    I didn't see that problem, I don't use skins.
    Maybe most users don't use skins as well.
     
  5. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    Can you guys perhaps test if SS can correctly block YTD Video Downloader from reading the clipboard? You should simply copy a YouTube link and then TD will normally auto-paste the link. If SS blocks this, this shouldn't be possible, yet it does on my system. About YTD, make sure not to install the adware.

    http://www.ytddownloader.com/
     
  6. ichito

    ichito Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    1,997
    Location:
    Poland - Cracow
    Hmmm...SS doesn't block clipboard just after copying adress of YT movie...it appears automaticaly in YTDownloader and it's ready to downolad. I repeted it few time with the same result. But I think it can be effect of two possible things:
    - while installation YTD installs Offercast346_SGT.exe which is
    http://www.herdprotect.com/offercast346_atu3_.exe-965b10b3ac63160d73fd8c3826837a876ce5187c.aspx

    Panorama Offercast.jpg

    - or...because of process OpenUrl.exe which executes Firefox.exe and next ytd.exe that creates (in deffault "documents" folder) "temp" file - its called ytCxxx.temp and it's 21 MB heavy...I don't know what is inside but I think such file can content settings that allow of capturing text in clipboard

    Panorama openurl.jpg
     
  7. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,694
    Location:
    USA
    What is the "Application Execution Control" mitigation feature in Spyshelter? It says SpyShelter Firewall is the only version to have this feature.
     
  8. hjlbx

    hjlbx Guest

    Trusted signers are hard-coded => not visible or modifiable via GUI.
     
  9. Online_Sword

    Online_Sword Registered Member

    Joined:
    Aug 21, 2015
    Posts:
    146
    If you mean the feature called "Application Execution Control", you can find it in the Main Window -> Rules -> "Application Execution Control" Tab (just next to the "General" Tab).

    Here users can specify what programs can/cannot be executed by a specified program.

    More precisely, only the built-in trusted signers are invisible.:) User-defined trusted vendors are visible:D (and editable in the paid versions).
     
  10. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    Thanks for checking, but you're wrong, it hasn't got anything to do with adware. A buddy reported it to the developers, and according to him it's normal for YTD to auto-read the clipboard, because it has the focus. But key-loggers will normally operate in the background. I'm not sure what to think of this explanation. I mean, you would think that if SS alerts about it, it should be able to block it.
     
  11. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    Yes, that's what I thought. I would love to know which companies are on the list, and this list should also be visible, with an option to disable signers.

    I have disabled this feature, it's not very user friendly. You're way better off with EXE Radar for example. And even worse, even when you disable it, SS will still show you execution events in the log window, making it very cluttered.
     
  12. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,694
    Location:
    USA
    AppGuard private folders will cover me for "Application Execution Control" now that I know what it is.
     
  13. ichito

    ichito Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    1,997
    Location:
    Poland - Cracow
    @Rasheed187
    I don't understand what is happen...I tested one more time YTD and blocked Ask component (Offercast) while installation...but not there is the matter - YTD could copy properly the clipboard whitout it. I discovered by accident that YTD insert content of clipboard only when you move mouse pointer into box for link adress...and there is no matter what kind of adress is it...it must be only inside the clipboard.
    It's not good that SS can't detect such capturing of clipboard content...but the worst is that it can to do so even if you set advanced rules for ytd.exe on "deny"...see below

    ytd rules.jpg

    I don't know what should I think...perhaps I'll call it to SS support.
     
    Last edited: Jan 14, 2016
  14. Online_Sword

    Online_Sword Registered Member

    Joined:
    Aug 21, 2015
    Posts:
    146
    Has anyone tried to add cmd.exe, rundll32.exe, and regsvr32.exe to the "Sandbox" of SS?

    We know that the sandbox of SS is not a fully virtualized sandbox, but it could limit the privileges of the applications.

    In BRN Appguard, the three system processes mentioned above are "guarded", which means that their privileges of accessing the file system and registry hives are also limited. This feature does not cause any problem in AG. That is why I am considering to sandbox these system processes in SS. Would this be a good idea or a bad idea?
     
  15. puff-m-d

    puff-m-d Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    5,703
    Location:
    North Carolina, USA
    Hello,

    SpyShelter version 10.6.5 has been released:
    Homepage: https://www.spyshelter.com/
    Download: https://www.spyshelter.com/download-spyshelter/
    Changelog: https://www.spyshelter.com/blog/spyshelter-changelog/
    Blog: https://www.spyshelter.com/blog/spyshelter-10-6-5-released/#more-6163
     
  16. Mops21

    Mops21 Registered Member

    Joined:
    Oct 5, 2010
    Posts:
    2,731
    Location:
    Germany
  17. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    No need to report it. Like I said, according to the developer, this is not a real issue, because keyloggers work from the background. So apparently, if apps have the focus they will always be able to read the clipboard.

    I'm guessing it would be a bad idea, but if you say that it doesn't cause problems with AG, perhaps it's worth a try. But this is another thing that should be improved, because I'm not sure if these system apps that can be used in attacks, are correctly monitored by SS. I wish I could do some more testing, but I still need to setup a VM.
     
  18. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    I'm not sure what you mean by that? I was just saying SS should improve the anti-exe feature, and I'm not sure why they are only offering this with SS FW.

    Is it just me, or do the newer versions have less available skins? I couldn't find the AlterMetro skin.
     
  19. ichito

    ichito Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    1,997
    Location:
    Poland - Cracow
    You are right...I've received explanation and already I know where was missunderstanding.
     
  20. Jerry666

    Jerry666 Registered Member

    Joined:
    May 28, 2002
    Posts:
    176
    New to this software , I have it with firewall , am I supposed to turn of windows firewall when I use Spyshelter firewall ? Instructions are not that clear . Was using Outpost pro prior to this si am looking for replacement .
    Thanks
     
  21. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    What about the missing skins in the new SS? And BTW, another thing that I completely forgot to mention, it's a shame that SS hasn't got the option to make you choose which behaviors/actions should be auto-blocked.

    You don't have to disable Win firewall, SS works independently.
     
  22. ichito

    ichito Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    1,997
    Location:
    Poland - Cracow
    "SpyShelter 10.6.7 is now available. Newest version of SpyShelter introduces new option to disable pop-up messages for automatically created rules and fixes a handful of User Interface issues.

    Very old problem with alert colors on few non default skins was fixed. Also Windows XP alert captions and colors are now displayed correctly when no skin is used.

    SpyShelter 10.6.7 Changelog (21/Jan/2016):

    – Added an option which allows disabling pop-up messages for automatically created rules
    – Improved drawing of dialog windows linked with Alert window
    – Fixed tray menu display issues for the disabled skin
    – Fixed minor color issues for Alert windo"
    https://www.spyshelter.com/blog/spyshelter-10-6-7-released/
     
  23. Anguel

    Anguel Registered Member

    Joined:
    Sep 25, 2007
    Posts:
    75
    Big fail:
    I installed SpyShelter Firewall 10.6.7 trial running it besides Kaspersky Internet Secutrity 2016, then tested with their own AntiTest.exe just to find out that nothing works as expected - keystrokes are not encrypted and I can also make screenshots. All protection items are enabled, changing to anti-keylogger to compatibility mode does not help either...
     
  24. ichito

    ichito Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    1,997
    Location:
    Poland - Cracow
    @Anguel
    KIS or its anti-logger protection was disabled? Both apps if run together can have conflict so it would be reasonable to make each-other exeptions. In SS you can also exclude processes of KIS in encryption options - chose "Do not encrypt keystrokes of processes specified below" and type needed processes.
     
  25. Anguel

    Anguel Registered Member

    Joined:
    Sep 25, 2007
    Posts:
    75
    AFAIK KIS has keylog protection for browser only and it is turned off. Now I shut down Kaspersky completely but this did not help either.
    I also don't see AntiTest.exe listed anywhere in SS rules - very strange.
    It is an unsigned application but is not blocked in any way by SS.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.