@scorpionv - can you provide some examples\further details ? What is blocked without notification or logging ?
@scorpionv Try those things - make custom network rule in advanced rules window - allow in/out - in "Rules" tab exclude "VPN Client" folder with option "existing and any in future file" - add Cisco to user definied signers list (Settings/Security) - change protection level to "Allow Microsoft" - exclude process from keystrokes encryption - tab "process filter" - in tab "Advanced" check the option "better compatibility" (hooks guard).
@Rasheed187 Don't you use SpyShelter Firewall ? Have you experienced any specific problems between SSF and SBIE ?
@ichito ! Is there any good online translate service for Polish - to translate https://safegroup.pl/ ?
I don't know which one is good...I've found such list of pages translators so please try them http://www.lexicool.com/translate-web-page.asp
No I haven't. I did notice that some apps won't run sandboxed, but I believe that's not related to SS, must be some problem in SBIE. And if you install SS, it will automatically put "Hooks Guard" in "Better Compatibility mode" to avoid conflicts with SBIE. This is related to the self protection feature from SS.
I think the things that hold SSF back are insufficient documentation and no support forum. There's a lot about SSF that - at this point - can only be figured out\learned by practicing with it. Settings dependencies - for example. You and I share the same opinion regarding the GUI - but I guess if you really know how it works and what to expect during use - then one gets used to it. Heh, heh... it is quirky, but the HIPS appears to be very good protection - especially in the right user hands. You have any tips or good infos ?
Online translators have very difficult time translating Polish. They produce essentially gibberish... LOL.
All I can say is that HIPS should be used as a last line of defense. So after you have decided that some app is most likely to be clean you should be able to decide what's normal behavior and what's not if alerts pop-up. This depends on the type of app, for example: Browsers need to make outbound connections, but they don't need to load a service or driver. A process monitor might need to load a driver, but it should't inject code into processes. So this is the only thing you need to learn. BTW, the help file isn't that bad.
Sorry...look at this "Ordinal ranking on how hard a student has it to for second language acquisition." http://archive-e.blogspot.com/2013/09/hardest-language-to-learn.html For example?...17 grammatical forms for the number 2...hahaha http://hubpages.com/education/Most_Difficult_Languages_-_Polish
It's basically protection against banking trojans who try to control traffic by hijacking browser memory. It's a quite innovative feature, also offered by Zemana and Webroot. But it's not clear if SS can really block the newest and most popular banking trojans, since it hasn't been tested for years. I'm sure you're familiar with the MRG Effitas Online Banking test, Webroot usually performs good, same goes for Zemana. https://www.mrg-effitas.com/mrg-effitas-online-banking-certification-q4-2015/
Do you know if SpyShelter is being actively developed ? It appears to me to be highly intermittent\sporadic. Do you know anything about the developer or Datpol ?
On settings > firewall driver which to use , TDI Firewall driver or WFP Firewall driver ? What is the difference ? Thanks
It's being developed actively from what I understood. But to me the biggest frustration is that it still lacks important features related to usability and security. There's nothing wrong with the look and feel of the UI, but the problems lies in how info is presented. For example, in the log window you should only see relevant info about non trusted apps and you should see what behavior is being blocked or allowed. Another problem: There is no way to mark apps "Trusted" or "Restricted", and there is no way to sort on allowed or blocked behavior. About the protection capabilities: I have no clue how system applications like cmd.exe and powershell.exe are being handled. I get the impression that SS will automatically trust them, which is a huge problem. I also don't know if SS can protect against "process hollowing", also known as "zombie processes". http://www.malwaretech.com/2014/12/zombie-processes-as-hips-bypass.html
Yes, he explains everything clearly. BTW, the AntiNetworkSpy module should also block this, at least in theory: https://securityintelligence.com/go...build-to-inject-into-windows-10-edge-browser/
I agree with all you said regarding user-interface. For vulnerable processes - like cmd.exe, powershell.exe, vbc.exe, RegAsm.exe, etc - when SpyShelter is set to "Ask User" it will elicit the full run sequence for all processes. For any vulnerable processes, don't select "Remember my answer" - and no rules will be created. The problem here is that the user must be knowledgeable regarding vulnerable processes and how malware abuse them. That being said, if one gets an alert out-of-the-blue and it shows poaijancpa.tmp is trying to execute RegAsm.exe (for example) - you just know something isn't right - select Terminate and then investigate !
Yes correct, but I forgot to mention that I'm not using the anti-exe feature from SS, ERP is obviously much more user friendly. But SS should have offered an option to mark vulnerable system processes as "Restricted". It's a basic feature but the developers seem to have a different vision. SS is good but it could have been great, know what I mean?
"could have been great" - I know exactly what you mean. If users don't send feedback to Datpol - and stay on top of them - then they will never get improvements and\or desired features.
@ichito ! Is Datpol a one-man operation, small company or larger IT security company ? I can find virtually no infos about Datpol and its staff.
