SpyShelter 10

Discussion in 'other anti-malware software' started by Mops21, Jul 30, 2015.

  1. Oddo

    Oddo Registered Member

    Joined:
    Sep 6, 2013
    Posts:
    14
    Location:
    Schweden
    Just FYI: since SpyShelter allows the user to configure "external file analyzers" you can check a suspicious file at multiple online scanners / sandboxes with one click simultaneously. For instance, if you want to check at VirusTotal and Comodo Valkyrie create a new entry in the "configure file analyzer" settings with command line value: Directory of Firefox\firefox.exe https://valkyrie.comodo.com/get_info?sha1={SHA1} https://www.virustotal.com/en/file/{SHA256}/analysis/
    Two browser tabs will be opened with the results. (Same principle for other browsers)

    I find this option very helpful in daily life.
     
  2. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    Did you test it on Win 64 bit? And what about the RemoteDLL tool?

    Yes I know, but in this case it doesn't matter, it should block access to the file system. But perhaps it wasn't tested correctly, this is always a possibility.
     
  3. Jerry666

    Jerry666 Registered Member

    Joined:
    May 28, 2002
    Posts:
    176
     
  4. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    OK thanks for testing. BTW, I tested the new Maxthon v5, and SS alerted about it trying to modify network hooks. It's the first browser that I know of that tries to modify its own memory, perhaps because of the file sniffer, but it remains fishy.
     
  5. Jerry666

    Jerry666 Registered Member

    Joined:
    May 28, 2002
    Posts:
    176
    Interesting , must be the file sniffer . I used Maxthon a while back , forget why I dropped it . There was something written about it that gave me doubts
     
  6. SanyaIV

    SanyaIV Registered Member

    Joined:
    Oct 17, 2013
    Posts:
    278
    I've been thinking about getting rid of LastPass in favour of KeePass, although I've encountered an issue. It seems as if the auto-fill in KeePass uses simulated keystrokes which apparently SpyShelter Firewall doesn't like. Basically what happens is that letters get passed on correctly to the destination application but numbers get garbled. For example I tried to auto-fill "Example123456789" to chrome and the end result was "Example[bunch of gibberish]6789" <- This replicates consistently.

    I contacted support with several questions about it and got a response for one of those, the least relevant, and got an answer that didn't even answer that question.. Anyway, can anyone else confirm this behaviour? How would you go about working around it? Disabling protection for simulated keystrokes? Excluding select applications? Turning off Keystroke Encryption completely? Keep on buggering support to get them to fix it?
     
  7. guest

    guest Guest

    What about the option "Two-channel auto-type obfuscation" (at "Edit Entry": "Auto-Type"). Does it make any difference if you change this setting?
     
  8. SanyaIV

    SanyaIV Registered Member

    Joined:
    Oct 17, 2013
    Posts:
    278
    I haven't tried it but I doubt it makes any difference considering what it does is use clipboard & auto-type in combination, if auto-type ever types a number, it'll mess up, so it's a hit & miss with that.

    Edit: I am all kinds of confused now.. So I tried it again on a website called "sweclockers.com" and I used the password "ExampleQ123456789123456789QExample" Autotype became "ExampleQckers.comckers.comQExample" ... See it? 123456789 turned into ckers.com ... the end of "sweclockers.com" ... ... ... So I tried changing the password to 987654321 ... now letters got entered correctly... changed it back to 123456789 and letters got entered correctly... As I said, all kinds of confused.

    Edit 2: I just performed the autotype again right after typing that and the output was "ExampleQfconfusedfconfusedQExample" ... ... ... ... ... I think I'm beginning to see a pattern, where oh where did I type "confused" before? ;)

    Edit 3: Added a screenshot to show the issue. Left-most text is what I wrote myself, Right-most text is what is written in KeePass, middle text is what KeePass auto-typed into Vivaldi. Obviously something is going wrong here.

    Edit 4: Wow... I mean, it's not even encrypted to begin with, and the keylogger gets the actual password, in contrast to the destination application... Am I allowed to shake my head in disbelief now?

    Edit 5: Support is determined it's not a bug but a compatibility issue. Aren't they incompatible because of a bug? I don't understand the difference, could someone explain it to me?

    Either way, by the general tone of the support I'm guessing this won't be fixed. SpyShelter support is really like a mystery bag, you could get anywhere from great support to... less great support.
    FYI turning off everything under "Keystroke Encryption > Advanced > Emulation" doesn't change anything.

    Guess I'm sticking with LastPass
     

    Attached Files:

    Last edited: Nov 17, 2016
  9. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    Correct, I wouldn't trust it, they were logging website usage even when you told them not to. And modifying network hooks is kinda fishy. It could also be used to log data like username and passwords, and to modify websites. That's why I love HIPS, without them you just don't know what apps are up to.
     
  10. guest

    guest Guest

    I think we have to "trust" the support regarding this issue.
    Not all applications play well together, this doesn't mean that one of them has a bug but there can be a "incompatibility" or a conflict between them.
     
  11. Jerry666

    Jerry666 Registered Member

    Joined:
    May 28, 2002
    Posts:
    176
    Right that is why I dropped it ,why would they do that ? I'm sure I',m not the only one that dropped it because of this
     
  12. shmu26

    shmu26 Registered Member

    Joined:
    Jul 9, 2015
    Posts:
    1,549
    anyone know how exactly to add VT in chrome?
     
  13. shmu26

    shmu26 Registered Member

    Joined:
    Jul 9, 2015
    Posts:
    1,549
    what is a good config for default-deny in SpS?
    I mean, how specifically to set it up to block all suspicious actions after whitelisting?
     
    Last edited: Nov 25, 2016
  14. Solarlynx

    Solarlynx Registered Member

    Joined:
    Jun 25, 2011
    Posts:
    2,015
    I used to be a heavy user of KeePass until recently. I used it with chromeIPass extension. Several times I used SpS free for week or so. I didn't notice any problems that you describe.
     
  15. guest

    guest Guest

  16. askmark

    askmark Registered Member

    Joined:
    Jul 7, 2016
    Posts:
    392
    Location:
    united kingdom
    A handy extension - thanks for sharing :thumb:
     
  17. SanyaIV

    SanyaIV Registered Member

    Joined:
    Oct 17, 2013
    Posts:
    278
    FYI SpyShelter has a Black Friday sale!

    Used to be? What changed?

    I assume it would be the chromeIPass extension that filled the fields in your case, that would work fine since it's already in the browser hence SpyShelter Keystroke Encryption doesn't touch it, I also assume chromeIPass doesn't utilise a form of auto-typing in that extension but rather directly fill the field since they have that access unlike an external executable.
    But if you only use the standalone executable and use its auto-fill feature, then it'll make emulated keystrokes into the target application, at this point SpyShelter tries to do something with it and numbers end up messy in the target application (but don't worry, keyloggers get everything unencrypted and 100% intact.) Also be sure it's not a bug but a compatibility issue, because that distinction is very important apparently since it's the only thing support was willing to comment on.
     
  18. ichito

    ichito Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    1,997
    Location:
    Poland - Cracow
    Do you made an exclusion for password managers processes in this place?
    161125180647_1.jpg
    And...do you switched to "better compatibility mode"?
    161125180728_2.jpg
    Or/and...try for passwor manager processes make specific "allow" rule in advanced rules editor for boxes - "recording keyboard input" and "getting text of the other process window".
     
  19. SanyaIV

    SanyaIV Registered Member

    Joined:
    Oct 17, 2013
    Posts:
    278
    I tried making an exclusion for KeePass but as I suspected it was ineffective, considering the exclusion is for target applications and not source applications performing emulated key presses. It works if I set the target application to be excluded but by doing that I might as well just disable keystroke encryption since... what's the point?
    Yes I have it set to better compatibility mode.

    Not sure what you mean.

    Edit:
    Solved by using the chromeIPass extension with Vivaldi instead of performing auto-type from the standalone application.
     
    Last edited: Nov 26, 2016
  20. shmu26

    shmu26 Registered Member

    Joined:
    Jul 9, 2015
    Posts:
    1,549
    HitmanPro.Alert fills in the holes left open by SpyShelter, because it protects against hollow process and has an effective anti-ransomware module. This is my admittedly amateur opinion, I would be interested to hear what others think...
     
  21. ichito

    ichito Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    1,997
    Location:
    Poland - Cracow
    Hmmm...statement "from the ceiling"...I dont know what it has to Sanya's issue but I try to go further...SS hasn't:
    - malware signatures and by this way AV engine also
    - virtualised sandbox and can't virtualise system like e.g. SD
    - process monitor/service manager and registry manager/editor like earlier HIPS
    - can't make system/file backup
    - doesn't create encrypted container
    - and perhaps alot of others that would be included but probably never will be.

    SS is not "all-having-tool" but its main function is to protect system/data against wide range of loggers and the rest are only "help-tools" which give additional protection.
     
    Last edited: Nov 27, 2016
  22. shmu26

    shmu26 Registered Member

    Joined:
    Jul 9, 2015
    Posts:
    1,549
    right you are, my statement does not relate to Sanya's issue (that's why I didn't quote), but rather relates to many of the previous posts.
    the "holes" in its protection that I was referring to were the ones discussed at length in those previous posts.
     
  23. Solarlynx

    Solarlynx Registered Member

    Joined:
    Jun 25, 2011
    Posts:
    2,015
    Switched to LastPass. No problems with Keepass. I'm always ready to return to it.
     
  24. SanyaIV

    SanyaIV Registered Member

    Joined:
    Oct 17, 2013
    Posts:
    278
    Hah, so we're doing the opposite then. :p (Sorry for off-topic, stops here, pwomise~)
     
  25. n8chavez

    n8chavez Registered Member

    Joined:
    Jul 19, 2003
    Posts:
    3,336
    Location:
    Location Unknown
    I think it's worth mentioning that whatever antimalware tool you use, nothing can replace a clean (complete, and externally stored) system image. That being said, don't try to make Spyware shelter what it is not; it is not an antimalware.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.