SpyShelter 10

Discussion in 'other anti-malware software' started by Mops21, Jul 30, 2015.

  1. hjlbx

    hjlbx Guest

    I checked Datpol website. They fixed sysnative file redirect a while back by adding it in SpS file explorer. It is OK.
     
  2. Schorg

    Schorg Guest

    Thank you, for your reply I was confused as I could add sysnative files ok.
     
  3. Schorg

    Schorg Guest

    I have recently had a similar issue with c:\windows\system32\AtBroker.exe, SpyShelter Firewall was unable to remember my choice to allow AtBroker.exe to execute C:\Windows\System32\sethc.exe.

    This resulted in continuing pop-ups, in the end I had to manually add this rule to Application Execution Control, since then I have had no recurrence of this issue.

    I have reported this bug to Datpol, hope this issue is resolved soon.
     
  4. SanyaIV

    SanyaIV Registered Member

    Joined:
    Oct 17, 2013
    Posts:
    278
    How did you add the rule manually? Was AtBroker.exe already present in the list and you only had to add sethc.exe to it? I'm wondering since I can't figure out how to manually add the base application, the executor if you will, in this case AtBroker.exe. I know how to add the application to be executed, but not the application that is to do the executing.

    Also the lack of manual editing of the path and the lack of support for wildcards in said path makes me somewhat frustrated.
     
  5. Schorg

    Schorg Guest

    Oh yes there is a workaround for c:\windows\system32\AtBroker.exe was a pain.

    1. Open SpyShelter Firewall GUI

    2. Go to Rules>General>Create rules for a component(second icon just below General tab(icon which looks like a small green plus) or right click on the title Component name.

    3. Either enter full path into Component path: or left click ....(button)> to open SpyShelter's File Explorer>locate c:\windows\system32\AtBroker.exe or type in the full path in File name:> press open.

    4. Go to Execution of an application>select allow>press ok

    Note: it will not create rules (HIPS rules) for the AtBroker.exeo_O, but if you now go to Application Execution Control tab, you will find AtBroker.exe amongst the list.

    Please Note: These steps above will create an allow rule for AtBroker.exe to execute any program. An allow * rule. Which it is advisable to keep, thank you @ichito for your advice!

    Below is for reference only and uses AtBroker.exe as an example, useful for creating individual rules for other exe's if SpyShelter refuse's to remember them.

    5. Right click AtBroker.exe>Create a Rule>...(button)>once SpyShelter file explorer's has opened enter full path into file name: c:\windows\system32\sethc.exe>press open>now the full path is shown in Creating a new rule for atbroker.exe>press ok.(make sure action: Allow is selected)

    Rule for Atbroker.exe to execute c:\windows\system32\sethc.exe has been created!!

    6. PLEASE NOTE: If you wish to monitor,keep track or control what's being executed by AtBroker.exe make sure you remove Allow * rule for AtBroker.exe, else it can execute any program, without giving you an alert to allow,deny or terminate.
     
    Last edited by a moderator: Jul 26, 2016
  6. SanyaIV

    SanyaIV Registered Member

    Joined:
    Oct 17, 2013
    Posts:
    278
    Thanks for the info, that'll make some things easier. =)
     
  7. Schorg

    Schorg Guest

    Your Welcome:thumb:, the more people report bugs/issues to Datpol the better. Hopefully these bugs/issues will get resolved in a future version:).
     
    Last edited by a moderator: Jul 24, 2016
  8. ichito

    ichito Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    1,997
    Location:
    Poland - Cracow
    Atbroker.exe is connected with e.g. remote access, few system features and some complete different devices (sound, screen, keybord...) and SS which install as I remember 38 hooks can detect actions from different physical sources because of many different reasons. Maybe making stable allowing rule for it in mentioned above way can resolves specific issue but for me it's quite danger to do so...I think user by this way can give full access to the system actually without control.
     
  9. Schorg

    Schorg Guest

    Hi @ichito, very informative, thank you. I shall make an edit in my post regarding advising to allow AtBroker.exe to be able to execute any program ie allow * rule.

    EDIT : I have edited my workaround for AtBroker.exe, so that it is advisable to allow AtBroker.exe to execute any program.
     
    Last edited by a moderator: Jul 25, 2016
  10. ald4r1s

    ald4r1s Registered Member

    Joined:
    Apr 8, 2013
    Posts:
    53

    Well either you turned on ICMP traffic filtering or you just have few firewalls installed and one is locking other out. Have you checked ICMP checkbox? If so there is no issue, it works like that for ICMP. It 's allowed/blocked for all IPs and this is how SpS FW works.

    AFAIK ICMP is handled in special way by SpS FW, so traffic for ICMP packets will be allowed/denied for ALL ports despite of your defined rules.
     
    Last edited: Aug 2, 2016
  11. puff-m-d

    puff-m-d Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    5,703
    Location:
    North Carolina, USA
    Hello,

    SpyShelter version 10.8.2 has been released:
    Homepage: https://www.spyshelter.com/
    Download: https://www.spyshelter.com/download-spyshelter/
    Blog: https://www.spyshelter.com/blog/
    Changelog: https://www.spyshelter.com/blog/spyshelter-changelog/
    Note: As of this posting, there are instances on the site where it still states version 10.8.1 (whether not updated yet or typos), for instance on download page where it states 10.8.1 but 10.8.2 is actually downloaded.
     
    Last edited: Aug 2, 2016
  12. ald4r1s

    ald4r1s Registered Member

    Joined:
    Apr 8, 2013
    Posts:
    53
    CTRL+F5 or CTRL+R, refreshing cache fixed it for me instantly.
     
  13. puff-m-d

    puff-m-d Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    5,703
    Location:
    North Carolina, USA
    Hello ald4r1s,

    Thanks, that fixed it for me also. The changelog still shows 10.8.1 instead of 10.8.2 though (this appears to be a typo).
     
  14. ald4r1s

    ald4r1s Registered Member

    Joined:
    Apr 8, 2013
    Posts:
    53
    It is 10.8.2 for me everywhere, quirks of internet browsers, or they fixed it :p
     
  15. puff-m-d

    puff-m-d Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    5,703
    Location:
    North Carolina, USA
    Hello ald4r1s,

    Thanks. I went back and did a force reload of the changelog page for the dozenth time and finally see version 10.8.2... I amended my original post to reflect this :rolleyes: ...
     
  16. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    It seems like they are not focused on true usability and security improvements, very disappointing. Don't get me wrong, it's still a good tool, but I have a feeling that innovation has stagnated.
     
  17. ald4r1s

    ald4r1s Registered Member

    Joined:
    Apr 8, 2013
    Posts:
    53
    I think that you did not read the changelog or you are just trolling. There's a lot of bug fixes and usability improvements in this release. Did you even read the changelog/check those changes?
     
  18. ichito

    ichito Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    1,997
    Location:
    Poland - Cracow
  19. co22

    co22 Registered Member

    Joined:
    Nov 22, 2011
    Posts:
    411
    Location:
    router
    thank you for update
     
  20. ArchiveX

    ArchiveX Registered Member

    Joined:
    Apr 7, 2014
    Posts:
    1,501
    Location:
    .
    Just Updated. Thanks! :thumb:
     
  21. Mops21

    Mops21 Registered Member

    Joined:
    Oct 5, 2010
    Posts:
    2,731
    Location:
    Germany
    Hi all

    Can you check my german translations for this please see the Picture into the circles

    Decrease self-defense to improve compatibility with third-party software
    Verringern Sie Selbstverteidigung zur Verbesserung der Kompatibilität mit Software von Drittanbietern

    Configure external file analyzers
    Konfigurieren Sie externe Datei-Analysern

    Enable showing tooltips of autoallowed signed files
    Aktivieren Sie die Tooltips aus auto erlaubt signierte Dateien zeigen

    List of processes which are not monitored by AntiNetworkSpy module
    Liste der Prozesse, die durch AntiNetworkSpy Modul nicht überwacht werden

    With best Regards
    Mops21
     

    Attached Files:

  22. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    No trolling, you probably haven't read some of my older posts. It's cool that SS is still being actively developed, but I'm waiting for stuff like:

    - A better log window
    - A better firewall
    - Better rule management
    - Better data protection
     
  23. ichito

    ichito Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    1,997
    Location:
    Poland - Cracow
    As I remeber German language from my studies (ca 30 years ago) it looks quite good :)
     
  24. Mops21

    Mops21 Registered Member

    Joined:
    Oct 5, 2010
    Posts:
    2,731
    Location:
    Germany
    Okay thank you very much for your info

    With best Regards
    Mops21
     
  25. puff-m-d

    puff-m-d Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    5,703
    Location:
    North Carolina, USA
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.