Yes...I think it should do this normaly like with any other folder what means you will get the alert when something will try to read/write anything from such folders. I made few minutes ago an example of rules for Chrome Advanced and Thudnerbird...that's are only two folders but perhaps is posible make that with all needed locations. Protecting folder means protecting whole its content so no matter what kind of file is in danger in case you wrote. Looking at my previous experiance with file/folder protection featured in SS I can say it works properly what means I've got an alert in every case I expected...or not what sounds rather good. It's hard to agree...at this time we have in Settings some specified and strictly definied protections level and there is no level called "think instead of user"...but there is the feature "Auto-allow the action for a component signed by a trusted signer"...you can chose one...few...or all from the list. My choice was "ask user" level
Even with "autoallow" for certified applications, it should provide some protection from malware. But at "ask user" level, you will have protection even if the malware hijacks a trusted process -- if you are very alert and you know that this particular process doesn't need to read your browser data.
Yes you perhaps have right but - not every user is using "ask user" level - folder protection is like the "second lock" that...not only suspicious/dangerous...process can't open without your permission.
Spyshelter on sale now until NOV 27th, %35 off. Totally worth the price. I love the antikelloger because it watches program start ups and clipboard access. Much more than just a antikeylogger. I don't even use the firewall but still love it. Buy it to be safer in an unsafe world
BTW, forgot to mention that SS also doesn't block process termination. In the article you can read that TrickBot uses Powershell to terminate AV's like Win Defender. Another thing that the developers have never improved. For people who want to experiment a bit, it's not a bad price for 1 year. But it should have been the normal price.
There is no other program that i am aware of that gets mad when a program updates like a browser and i have to allow all rules like the previous. There is no other program that I have that makes me allow access to any new program that I install. It gives me peace of mind and by you saying it should be cheaper is you not knowing what it really works like.
In reference to the Trend Micro article on Trickbot, only three AV solutions were mentioned: It's a given that MBAM and WD can be easily "taken out" by malware. I don't know however what excuse Sophos has for not having adequate self-protection. I also wouldn't lose any sleep over this Trickbot variant since the detection rate on VT is 53/67.
They reviewed v. 9.2 and there was more than 60 versions after such review and I think post of Rasheed was the good summary https://www.wilderssecurity.com/threads/spyshelter-9-2-released.368335/page-9#post-2497915 Yes...it's true...there is no action like "closing process/thread" in list of monitored actions or in advanced rules window Maybe because that SS can/should detect earlier suspicious action like #53 "execution of an application" and next gives us in alert option to block such dangerous proces and its action.
Mine is on auto allow high security and it still always pops off if a program changes. It's very active letting me know something changed which is why i like it but I'd never put it on my mom's PC because she wouldn't get it. Medium security I really don't know if I can even try it at this point because I have a bunch of rules already set to allow or deny. Basically there are programs you load that will actually try to gain access to your clipboard that they have no business to do so. You can block them with SS.
Basicaly...from help file "Auto allow - High security level Based on our internal rules, this will automatically allow certain non-signed apps, without prompting you. This happens when SpyShelter Firewall has already identified and classified these applications as safe. (...) Auto allow - Medium security level Based on our internal rules, this is a balanced option between high security and a lower number of false alerts. This is the recommended option for non-advanced users." We don't know exactly where is the difference...in which mechanism of detection...in which builtin rules...we can only observe different reaction for particular action. I've tested similar issue according to option "Auto-block suspicious behaviour" and it was mentioned on MT...maybe it can be interresting https://malwaretips.com/threads/does-oneself-really-need-an-antivirus.83648/page-4
Thanks. I see you did some interesting tests. You wrote there: "Auto allow - medium..." similar to mentioned abowe but most of actions are automaticaly allowed without adding to the list of rules." If they are not added to list of rules, it should not be a problem to switch from medium to high, correct? I mean, you won't lose security, after you switch to high.
In "auto allow-high" level only non-critical action were allowed and quite a lot of action (suspicious for SS) were blocked and added to the list of rules...in "medium" level most of apps action were allowed without adding rules to the list and only critical action were blocked and saved as rules. We should remeber that such behaviour was connected with auto block feature what could change the buil-in (and not visible for user) internal rules of SS. But answering your question - I think "yes"...changing level to high is not a problem because auto-allowed rules hadn't be created/saved so we can still block some actions what we want.
Bad excuse, a HIPS should always be able to monitor all suspicious actions, so if some app is trying to terminate security tools you already know something fishy is going on.
Lifetime licenses are a thing of the past. Most companies no longer offer them, and that includes Spyshelter.
"Please note that this is Release Candidate version and you may experience some irregularities in GUI, for this reason, automatic update is disabled for this RC version. Only manual update will work. You can find download links below. This version refreshes SpyShelter GUI, adds new icons, presents new Rules tree-view as well as allows to adjust GUI scaling without changing Windows settings. SpyShelter 11.4 Release Candidate – Added new(3rd) tree view mode display of Rules list – Replaced all images with new style and kind (vector based glyphs) – Implemented scaling feature for GUI (Auto, 125%, 150% PPI) – Many small general look improvements including scalable logo and other small improvements." https://www.spyshelter.com/blog/spyshelter-11-4-rc-released/
If they would spend more time on the Firewall by adding IDS and IPS to it then I would switch from Eset Internet Security and use SpyShelter Firewall instead.
