Just FYI: since SpyShelter allows the user to configure "external file analyzers" you can check a suspicious file at multiple online scanners / sandboxes with one click simultaneously. For instance, if you want to check at VirusTotal and Comodo Valkyrie create a new entry in the "configure file analyzer" settings with command line value: Directory of Firefox\firefox.exe https://valkyrie.comodo.com/get_info?sha1={SHA1} https://www.virustotal.com/en/file/{SHA256}/analysis/ Two browser tabs will be opened with the results. (Same principle for other browsers) I find this option very helpful in daily life.
Did you test it on Win 64 bit? And what about the RemoteDLL tool? Yes I know, but in this case it doesn't matter, it should block access to the file system. But perhaps it wasn't tested correctly, this is always a possibility.
OK thanks for testing. BTW, I tested the new Maxthon v5, and SS alerted about it trying to modify network hooks. It's the first browser that I know of that tries to modify its own memory, perhaps because of the file sniffer, but it remains fishy.
Interesting , must be the file sniffer . I used Maxthon a while back , forget why I dropped it . There was something written about it that gave me doubts
I've been thinking about getting rid of LastPass in favour of KeePass, although I've encountered an issue. It seems as if the auto-fill in KeePass uses simulated keystrokes which apparently SpyShelter Firewall doesn't like. Basically what happens is that letters get passed on correctly to the destination application but numbers get garbled. For example I tried to auto-fill "Example123456789" to chrome and the end result was "Example[bunch of gibberish]6789" <- This replicates consistently. I contacted support with several questions about it and got a response for one of those, the least relevant, and got an answer that didn't even answer that question.. Anyway, can anyone else confirm this behaviour? How would you go about working around it? Disabling protection for simulated keystrokes? Excluding select applications? Turning off Keystroke Encryption completely? Keep on buggering support to get them to fix it?
What about the option "Two-channel auto-type obfuscation" (at "Edit Entry": "Auto-Type"). Does it make any difference if you change this setting?
I haven't tried it but I doubt it makes any difference considering what it does is use clipboard & auto-type in combination, if auto-type ever types a number, it'll mess up, so it's a hit & miss with that. Edit: I am all kinds of confused now.. So I tried it again on a website called "sweclockers.com" and I used the password "ExampleQ123456789123456789QExample" Autotype became "ExampleQckers.comckers.comQExample" ... See it? 123456789 turned into ckers.com ... the end of "sweclockers.com" ... ... ... So I tried changing the password to 987654321 ... now letters got entered correctly... changed it back to 123456789 and letters got entered correctly... As I said, all kinds of confused. Edit 2: I just performed the autotype again right after typing that and the output was "ExampleQfconfusedfconfusedQExample" ... ... ... ... ... I think I'm beginning to see a pattern, where oh where did I type "confused" before? Edit 3: Added a screenshot to show the issue. Left-most text is what I wrote myself, Right-most text is what is written in KeePass, middle text is what KeePass auto-typed into Vivaldi. Obviously something is going wrong here. Edit 4: Wow... I mean, it's not even encrypted to begin with, and the keylogger gets the actual password, in contrast to the destination application... Am I allowed to shake my head in disbelief now? Edit 5: Support is determined it's not a bug but a compatibility issue. Aren't they incompatible because of a bug? I don't understand the difference, could someone explain it to me? Either way, by the general tone of the support I'm guessing this won't be fixed. SpyShelter support is really like a mystery bag, you could get anywhere from great support to... less great support. FYI turning off everything under "Keystroke Encryption > Advanced > Emulation" doesn't change anything. Guess I'm sticking with LastPass
Correct, I wouldn't trust it, they were logging website usage even when you told them not to. And modifying network hooks is kinda fishy. It could also be used to log data like username and passwords, and to modify websites. That's why I love HIPS, without them you just don't know what apps are up to.
I think we have to "trust" the support regarding this issue. Not all applications play well together, this doesn't mean that one of them has a bug but there can be a "incompatibility" or a conflict between them.
Right that is why I dropped it ,why would they do that ? I'm sure I',m not the only one that dropped it because of this
what is a good config for default-deny in SpS? I mean, how specifically to set it up to block all suspicious actions after whitelisting?
I used to be a heavy user of KeePass until recently. I used it with chromeIPass extension. Several times I used SpS free for week or so. I didn't notice any problems that you describe.
FYI SpyShelter has a Black Friday sale! Used to be? What changed? I assume it would be the chromeIPass extension that filled the fields in your case, that would work fine since it's already in the browser hence SpyShelter Keystroke Encryption doesn't touch it, I also assume chromeIPass doesn't utilise a form of auto-typing in that extension but rather directly fill the field since they have that access unlike an external executable. But if you only use the standalone executable and use its auto-fill feature, then it'll make emulated keystrokes into the target application, at this point SpyShelter tries to do something with it and numbers end up messy in the target application (but don't worry, keyloggers get everything unencrypted and 100% intact.) Also be sure it's not a bug but a compatibility issue, because that distinction is very important apparently since it's the only thing support was willing to comment on.
Do you made an exclusion for password managers processes in this place? And...do you switched to "better compatibility mode"? Or/and...try for passwor manager processes make specific "allow" rule in advanced rules editor for boxes - "recording keyboard input" and "getting text of the other process window".
I tried making an exclusion for KeePass but as I suspected it was ineffective, considering the exclusion is for target applications and not source applications performing emulated key presses. It works if I set the target application to be excluded but by doing that I might as well just disable keystroke encryption since... what's the point? Yes I have it set to better compatibility mode. Not sure what you mean. Edit: Solved by using the chromeIPass extension with Vivaldi instead of performing auto-type from the standalone application.
HitmanPro.Alert fills in the holes left open by SpyShelter, because it protects against hollow process and has an effective anti-ransomware module. This is my admittedly amateur opinion, I would be interested to hear what others think...
Hmmm...statement "from the ceiling"...I dont know what it has to Sanya's issue but I try to go further...SS hasn't: - malware signatures and by this way AV engine also - virtualised sandbox and can't virtualise system like e.g. SD - process monitor/service manager and registry manager/editor like earlier HIPS - can't make system/file backup - doesn't create encrypted container - and perhaps alot of others that would be included but probably never will be. SS is not "all-having-tool" but its main function is to protect system/data against wide range of loggers and the rest are only "help-tools" which give additional protection.
right you are, my statement does not relate to Sanya's issue (that's why I didn't quote), but rather relates to many of the previous posts. the "holes" in its protection that I was referring to were the ones discussed at length in those previous posts.
I think it's worth mentioning that whatever antimalware tool you use, nothing can replace a clean (complete, and externally stored) system image. That being said, don't try to make Spyware shelter what it is not; it is not an antimalware.