I just installed 11.4 RC on Windows 10 X64 Pro version 1709 and it set itself to Medium Security Level after installation. During the installation Process I chose High Security Level since I was only given the option of Medium or High (I would have chose Microsoft if given the option). Anyway, it should have been in High Security Level after instillation instead of Medium.
Hi @Cutting_Edgetech Some bugs/issues are already reported to support...try to restart process of SS (close and open app). In my instation it works. No it works normaly...such feature gives limited access to keyboard inputs but gives. I've tested SS Security Test Tool on two apps - system Notepad and Chrome - results you can see below - first entry (red) is from Chrome - second (green) is from Notepad and in box of tool we can see one line of signs
Did they also fix the log window? With that I mean, are allowed or blocked behaviors now displayed in text instead of ActionType number? In the version I'm using it does work, so it should. If not, it's a bug in the new SS or some conflict on your system.
SpyShelter rarely logs anything on my system. It just allows everything, and does not log anything unless i'm prompted for some behavior. I wish it logged like ERP does. I would know what's happening on my system, and I could look for suspicious behavior.
Is anyone here using restricted apps list without breaking your applications? I have tried adding Firefox to the restricted apps list a few times in the past, and I always had to remove it because Firefox could not function when on the restricted apps list.
I have it set to Allow Microsoft, but it allows everything from it's internal whitelisting, not just Microsoft. I don't see any logic in their Allow Microsoft Mode of protection since it allows all their internal whitelisting that has nothing to do with Microsoft. SpyShelter is not logging anything it is allowing, and it's allowing pretty much everything in Allow Microsoft Mode of protection. I can run SS for days and only have 2 or 3 entries in the Log.
I use Ask User mode, I dont see the point of using other modes, after all I use an HIPS because I want strict and total control.
If you want to see the real power of SpyShelter, put it in "ask user" mode. And make sure that you don't already have entries with wildcard * in the whitelist (this might only apply to the firewall version, I don't remember)
@Rasheed187 @Cutting_Edgetech I think my post can answer your qestion...I've done some test about what is logged and how rules are made according to different protection level: - test was made on FW version 11.3 because it's the last stable version - I took into account 3 levels: "auto alllow MS", "auto allow high security" and "ask user" - before each one test all rules in "general" tab and tab "application execution controll" was removed and log entries was cleared - there was such tasks below to do...as we can see there was different apps from more or less known vendors * launch Word (icon on desktop) * launch file manager Free Commander (icon on quick launchbar) * launch Firefox portable (icon on quick launchbar) * launch system Notepad (icon on start menu) * execution of installator of IOLO System Checkup * taking screenshot from SS interface using FC feature (Shift+Ctrl+F10 keys). Results and thoughts: - in all test the number of logged action listed in SS is quite the same - I think all action...even those not alerted...was listed - together with number of action we have description of action (see txt attachements) - the goal....what means differences...we can see on rules list and especialy in way that they had been created (manualy or automaticaly): * on "allow MS" level only one rule was made automaticaly - for Explorer.exe - the rest for other action was made manualy (it's Windows/MS process) * on "auto allow High security" we have additionaly rule for Firefox that was made automaticaly (they are trustworthy signed apps/processes) * on "ask user" we have no rules made automaticaly - all of them needed user decision (everything is unknown). What's that can mean for me...maybe for other users?...protection level "auto allow MS" can be even better than "auto-high" and in fact unknown apps are detected what means our attention and decision. But for sure the best and most secure is "ask user" level.
I'm not sure in what mode you're running, but it logs everything on my system, and I actually have a problem with it, because it even logs behaviors that I have disabled. This makes things very cluttered, and it only shows you the ActionType number, instead of "modifying protected file" or "outgoing network access", so yes it should have been like in ERP. Yes, I have also had problems with this feature, it's not the best sandbox out there. It's better to rely on Sandboxie.
Right. It's not trying to be a real sandbox. It doesn't divert writes to another location, or change integrity level of running processes, like Sandboxie does. It just restricts access to certain resources.
Yes and I think it was the reason that they went back from the name "Sandbox" to previous name of such feature "Restricted Apps". As I remember we can compare it to features that we could find in OA (Run as restricted) and Privatefirewall (Limited rights). Perhaps you should add folders with write access location for Firefox - C:\Users\User\\AppData\Roaming\Mozilla\Firefox and C:\Users\User\AppData\Local\Mozilla\Firefox...it's from Vista but in your system should be similar. General loaction that you can get from context menu - "Add special folder" - was in my case "to general".
I like the v11. 4 tree view, and the new PPI option saved my life lol. After few days of training, Ask User mode is quiet on my static system. I would like the option to get a notification when something is blocked (or I missed it).
I'd like to try SpyShelter Silent Anti Keylogger which I believe is just like an advanced Keyscrambler without all the other firewall stuff. Does anyone have a link for a download? I can't seem to find it.
Re: https://www.wilderssecurity.com/threads/spyshelter-silent.397482/ Or: https://www.majorgeeks.com/files/details/spyshelter_anti_keylogger_silent.html
I downloaded it but it is a paid one. I'd thought that it was freeware one. No problem and thanks anyway.
Silent version was always paid and have had separete licencing...you couldn't activate it using key number from Firewall or Premium versions.
Thanks ichito, SpyShelter Silent vesrsion looked like something that might suit my purposes with it being anti keylogger and encrypted keystrokes without all the full firewall rules etc. Keyscrambler My version 2.8,2.0 (even premium) is limited to certain range of applications and doesn't seem to cover some of the more modern browsers on my XP system. Spyshelter Silent covered all keystrokes as far as I know and runs on XP I was scared of installing the full version of Spyshelter as it requires a reboot, it looked complex, seemed like it required careful configuration and I wanted to try it first in Shadow Defender shadowed mode to prevent any possible conflicts in my real system with other deep level software but it requires a re-boot to operate.
Wait a minute, since when are you using SS? I thought a while back you said that you didn't need it? I remember you being quite negative about these type of HIPS.
