SpyShelter 12

Discussion in 'other anti-malware software' started by guest, Oct 21, 2019.

  1. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,694
    Location:
    USA
    Strange, the message I received yesterday notifying me that an update was available informed me that 12.6 was the latest version. The website says 12.7 is the latest version. Now I see why I was notified of an update being available.
     
  2. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,694
    Location:
    USA
    I just discovered a very strange issue with SpyShelter. If I use SpyShelter's UI to browse to the System 32 directory it goes to the SysWOW64 directory instead. SpyShelter UI reports that it is in the System 32 directory, but it is in the SysWOW64 directory. I don't know if this is a Windows issue or SpyShelter issue.

    Also, I tried adding the digital certificate of my video card to SpyShelter's Trusted Publishers List, and SS informed me that the file was not signed. I was only trying to add it to see if it was already on the list, and SS informed me that it was not signed. I checked the file and it is signed by Microsoft and A-Volute SAS. The Cert does not expire until 11/08/23.
     

    Attached Files:

  3. Adric

    Adric Registered Member

    Joined:
    Feb 1, 2006
    Posts:
    1,760
    Is your OS 64-bit and is Spyshelter 32-bit or 64-bit?

    As far as I know 32-bit apps in a 64-bit OS get redirected. See this for an explanation.
     
  4. NormanF

    NormanF Registered Member

    Joined:
    Feb 20, 2009
    Posts:
    2,872
    Windows 64x still supports 32 bit apps.
     
  5. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,694
    Location:
    USA
    I am using Windows 10 x64 Pro Version 20H2. Windows Process explorer says SpyShelter is running as a 32 bit application.

    I knew that 64bit applications run from the System 32 folder and 32 bit applications run from the SysWOW64 folder, but that should not prevent SS from showing the System 32 directory. If I try to navigate to the System 32 directory within SpyShelter's GUI it takes me to the SysWOW64 folder but falsely reports its in the System 32 directory. If I navigate to the SysWOW64 folder within SpyShelter's GUI then it correctly takes me to the SysWOW64 folder. Either way, it takes me to the SysWOW64 if I try navigating to the System 32 folder or the SysWOW64 folder. This makes it impossible to select an executable from the System 32 folder by using the GUI to navigate to the folder, since the user is always taken to the SysWOW64 folder.


    Update 10-17-21 @ 3:30 pm: I went ahead and reported this as a bug to Datpol. I will probably need to report SS can't extract some digital signatures as well since it falsely reports that some signed files are not signed.
     
    Last edited: Oct 17, 2021
  6. NormanF

    NormanF Registered Member

    Joined:
    Feb 20, 2009
    Posts:
    2,872
    The only issue with the free version is the settings won't be enabled after installation. Had to uninstall it.
     
  7. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,694
    Location:
    USA
    I just made a discovery about SpyShelter's inability to extract digital signatures from some files. I just discovered that if I copy and paste the files from the System 32 directory to the desktop that file Shelter is able to exact their digital signature when they are located on the desktop. If I try to extract the digital signature for the same files while their located in the System 32 directory then SS says the files are not signed. This probably has something to do with the bug of SS always showing the SysWOW64 folder for the System 32 folder.


    Update 1-17-21 @ 3:57: I just filed a bug report for this with Datpol.
     
    Last edited: Oct 17, 2021
  8. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,694
    Location:
    USA
    I wish someone from Datpol participated in this thread. It would really help them in squashing all the bugs out of their application.
     
  9. NormanF

    NormanF Registered Member

    Joined:
    Feb 20, 2009
    Posts:
    2,872
    SpyShelter's Tech Support should do that and forum participation from them would be helpful in regard to the point you made but its not mandatory.
     
  10. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,694
    Location:
    USA
    Support responded to my first request. They said I have to click on the sysnative folder in the left tree directory in order to access the System 32 folder. I did not see an option for it until they pointed it out. I have it marked with the red arrow in the image below.
     

    Attached Files:

  11. kC_

    kC_ Registered Member

    Joined:
    Apr 6, 2007
    Posts:
    580
    why had i never heard of spyshelter firewall before?! just what i needed! ive lived through sygate/kerio/outpost days..
    DItched my unreliable/buggy glasswire elite today on 3 machines..... SS is so much more powerful & slick.. i didn't even want the antikeylogger but hey why not!

    Love the hips/firewall (if only was stateful) and wish it could deal with having core isolation enabled... restricted apps feature is nice,

    a weird thing i am seeing though since installing, is when i launch task manager, cpu usage rockets and my system becomes quite unresponsive.

    just wish id noticed this before when lifetime licenses were available!

    would happily trade glasswire elite key (lifetime) for lifetime SS
     
  12. NormanF

    NormanF Registered Member

    Joined:
    Feb 20, 2009
    Posts:
    2,872
    There is also LMT Antimalware which is free.
     
  13. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    Yes, SS is pretty good and it recently turned 12 years old, so they started back in 2009, who knew it would become such a success for all of these years, congrats to Datpol. And I also don't understand what people like about GlassWire so much, it didn't have any must have features. SS is hands down the best anti-logger on the market.
     
  14. kC_

    kC_ Registered Member

    Joined:
    Apr 6, 2007
    Posts:
    580
    not sure if this is already been reported or is a known issue... but using the "screen phantom" feature, only protects the primary display, with the feature enabled i can still screenshot anything on screens 2 & 3, but 1 is blacked out
     
  15. Surt

    Surt Registered Member

    Joined:
    Jan 23, 2019
    Posts:
    471
    Location:
    USA
    That's easy!
    https://www.wilderssecurity.com/posts/2804423/
    Them there "must have" features over here are otherwise handled by:
    Windows Defender Antimalware Service
    Microsoft Network Realtime Inspection Service
    Windows Defender SmartScreen
    AppCheck Pro
    SpyShelter Premium
    AdGuard Firefox extension with Online Malicious URL Blocklist enabled

    Been using GW going on six years.

    Cheers.
     
    Last edited: Oct 23, 2021
  16. Surt

    Surt Registered Member

    Joined:
    Jan 23, 2019
    Posts:
    471
    Location:
    USA
    So then it's...
    :D
     
  17. kC_

    kC_ Registered Member

    Joined:
    Apr 6, 2007
    Posts:
    580
    at least not as unreliable/buggy as glasswire :D and way more powerful
     
  18. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    To be honest, I don't see the point of the ''screen phantom'' feature, because you can't even allow trusted apps to make screenshots. It's better to simply make use of the regular screen protection feature which will alert you about apps trying to make screenshots.

    To me those aren't must have features and I didn't like GlassWire at all. I believe SS gives much more useful protection and information, but it depends on what you look for in terms of protection.
     
  19. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,694
    Location:
    USA
    I may have discovered 2 more bugs with SpyShelter.

    The folders I add for write access under the restricted apps feature do not work after rebooting if they are on an external drive. The folders remain on the list of folders with write access, but SS blocks them from having write access anyway. This has been an ungoing problem since I started using the Restricted Apps feature. I would say it happens about 80 percent of the time after rebooting. I have drives on an Orico external enclosure, and one Western Digital external drive. I checked and the paths to the drives have not been changing. The problem occurs on all the drives within the Orico enclosure, and also the separate single external Western Digital drive.

    I tried using SpyShelters's user defined protected files feature, and as far as I can tell it does not work at all. I added one folder containing image files and another containing videos. I set SS to alert me for read and write access. I can access the the files with my image viewer and media player without any alerts from SS. I can delete the files within those folders, and I can write new files to those folders without any alerts from SS. I can edit the content of files within those folders without any alert from SS.

    Update 10-26-21 @ 4:52: I just sent the support request below to Datpol.

    The folders I add to the list of folders with write access under the restricted apps feature do not work after rebooting if they are on an external drive. The folders remain on the list after rebooting, but SS blocks them from having write access anyway. I have to remove them from the list and add them back to the list each time after rebooting. This has been a problem since I started using the Restricted Apps feature. It happens about 80 percent of the time after rebooting. I have drives on an Orico external enclosure, and one Western Digital external drive. I checked and the paths to the drives have not been changing. The problem occurs on all the drives within the Orico enclosure, and also the separate single external Western Digital drive.
     
    Last edited: Oct 26, 2021
  20. kC_

    kC_ Registered Member

    Joined:
    Apr 6, 2007
    Posts:
    580
    after what ive seen with "restricted apps" the very best thing you can do is get EVERYTHING out of there

    my example i thought i'd add my browsers, (edge / brave) to be "more secure" into the restricted apps, only i found that ANY exe the browser then launched was just trusted without a pop up or rule.... its a real security downgrade adding anything into restricted apps
    https://www.wilderssecurity.com/thr...-this-a-bug-or-by-design.441513/#post-3044627
     
  21. ichito

    ichito Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    1,997
    Location:
    Poland - Cracow
    Have you assigned drives letters in such way?
    https://www.informit.com/articles/article.aspx?p=19409
     
  22. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,694
    Location:
    USA
    Thank you for letting me know! Datpol fails to inform the user about any of the consequences of using the Restricted Apps feature. I went ahead and remove all restricted apps from the Restricted Apps list. It turns out that the Restricted Apps feature is the reason why Protected Folders were not working. It seems you are correct; no other SS mitigations work if you use the Restricted Apps feature. That's quite a shame too because it could be used as another layer of security instead of a replacement for all of SpyShelter's other mitigations. I had the restricted apps feature locked down really tight too. I did not use SpyShelter's default settings where they gave write access to all of the AppData local and roaming directories. I only gave write access to the folders that my Guarded Apps needed to write to in order to function correctly. In most cases they only needed to write to their own AppData folders.

    I think the restricted apps feature may need to be redesigned or maybe even removed considering they don't warn the user of any of the consequences of using the Restricted Apps feature. My first surprise of using the Restricted Apps feature was that disabling SpyShelter does not disable the mitigations being enforced by the Restricted Apps Feature. This makes it impossible to update some applications without first removing them from the Restricted Apps List or giving write access to directories that should never have write access, like the entire C:\Programs Files directories, since Firefox has to be able to write to C:\Program Files\* in order to update. What ends up happening in some cases is an application update fails and corrupts the application causing a major headache for some users to correct. I believe expected behavior should be if you disable SS then the Restricted Apps mitigations should also be disabled with the rest of SpyShelter's mitigations.
     
    Last edited: Oct 27, 2021
  23. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,694
    Location:
    USA
    Yes, I had assigned drive letters, and I made sure the drive letters had not changed each time the problem occurred. It doesn't matter now though since I have learned that using the Restricted Apps feature stops SS from enforcing all of it's other mitigations. I discovered that is the reason why the Protected Folders feature was not working, and the reason why I have been receiving so few prompts from SS since I began using the Restricted Apps feature. If I had known how the Restricted Apps feature is designed then I would have never used it. Datpol completely fails to warn the user of the many consequences of using the Restricted Apps feature.

    I have AppGuard for application containment anyway, and it's policy based containment should be really good. AG does not allow vulnerable applications to write to the System Space, C:\Program Files\*, Most of the Userspace and ProgramData Folders (which prevents malware from writing to the Windows Startup Folders), and C:\ (root). AppGuard also does not allow vulnerable applications to write to most of the registry (from what I can tell anyway), and AG does not allow vulnerable applications to read/write to the memory of other applications. I quite honestly was just using SpyShelter's Restricted Apps Feature to see how well it worked in comparison to AppGuard. I have come to the conclusion that AG's application containment is much better designed. The strength of SpyShelter is it's HIPS and definitely not it's application containment (Restricted Apps). I will be much better off using it's HIPS.
     
  24. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,867
    Location:
    Outer space
    Whats up with Spyshelters trial? It should be 14 days but after reboot it informs it will randomly shut off after a certain number of hours and you have to reboot to enable it again :blink::thumbd:
     
  25. Surt

    Surt Registered Member

    Joined:
    Jan 23, 2019
    Posts:
    471
    Location:
    USA
    Seems that "trial" in the context of your query moves from its definition "the act of trying, testing, or putting to the proof" to "subjection to suffering or grievous experiences; a distressed or painful state."

    dictionary dot com, of course.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.