SpyShelter 12

Discussion in 'other anti-malware software' started by guest, Oct 21, 2019.

  1. Surt

    Surt Registered Member

    Joined:
    Jan 23, 2019
    Posts:
    471
    Location:
    USA
    In a review of my screenshots of "List of monitored actions" over the years, I got around to noticing that the terms for Anti-NetworkSpy, Internet Security and Firewall Protection Modules have been used interchangeably for ActionTypes in the spans of versions of the Free, Premium and Firewall products.

    Interestingly, ActionTypes 33 & 34 as Anti-NetworkSpy Protection Modules in the Premium product have been dropped; these are Firewall Protection Modules in the Firewall product.

    aCapture002630.jpg

    Migrated from the Firewall product to the v14 Premium product, ActionTypes 50, 52 and 53 are Firewall Protection Modules in the former and Internet Security Protection Modules in the latter. (ActionType 51 removed for clarity.)

    ASUS-000458.jpg
    aCapture002635.jpg

    UPDATE 11/02/22: see ichito's post #358 below. My screenshots are from an English language install. It is apparent the Internet Security vs Firewall tags in the List of... can vary.
     
    Last edited: Nov 2, 2022
  2. Surt

    Surt Registered Member

    Joined:
    Jan 23, 2019
    Posts:
    471
    Location:
    USA
    ActionType 48 was never in the Premium product; only in the Firewall product.

    With the demise of the Firewall product, the discussion for the Premium product has begun for SpyShelter 14 where "firewall" Protection Modules have become relevant.

    Hope this clears up your confusion.
     
    Last edited: Oct 31, 2022
  3. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    No correct, I knew about that ActionType 48 was never present in SS Premium. But that's exactly my issue, I would have rather seen that it was also implemented in SS Premium now that SS Firewall is terminated.

    And even worse, if I understood correctly, ActionType 33 has also been removed which is weird since this is important to be able to protect against banking trojans who are trying to hijack the browser. So this should have never been removed.
     
  4. moredhelfinland

    moredhelfinland Registered Member

    Joined:
    Mar 31, 2009
    Posts:
    344
    Location:
    Finland
    McAfee Endpoint with only their ATP sandbox only is amazing. PPL said that its not possible run McAfee endpoint only with its amazing sandbox.
    Its funny how powerfull it is, alone.
     
  5. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    I don't get it, what has this got to do with SS?
     
  6. moredhelfinland

    moredhelfinland Registered Member

    Joined:
    Mar 31, 2009
    Posts:
    344
    Location:
    Finland
    It's a way when sanboxin becomes a life. Yep, funny if i code a silly ****.
    G Data does nit nicely(in a browser), in techical way.
     
  7. Surt

    Surt Registered Member

    Joined:
    Jan 23, 2019
    Posts:
    471
    Location:
    USA
    You replied to my post #345 having two PREMIUM screen shots of with "seems like" which is in direct contradiction to "I knew."

    Thankfully, my #352 wasn't the too much of a waste of my time.
     
  8. ichito

    ichito Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    1,997
    Location:
    Poland - Cracow
    Fully agree about action #48 - making connection/internet acces was crucial action monitored in ancient HIPS/BB. Even more sometimes they monitored port listenning like e.g. ThreatFire.
    I have similar opinion like you guys about removing action#33...for me a bit undestandable.

    I've installed already two instantion of SS 14:
    - on XP on-top upgrade from 12.5 Premium - no issue at all, old liftime licence number accepted, all previous rules active
    - on Win7 installation after removing SS FW 12.9 - new licence code accepted but this process was a bit complicated fro me due to demand of conversion on SS page from "short" code to long chain of signs. But now everything works fine already.

    I've noticed small "issue" - in Polish version all newly added actions are described as Firewall in Ptotection Module column :)

    221102110240_2.jpg
     
  9. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    No you simply confirmed it, but that's not the point. The point is that important features from SS Firewall should have been migrated to SS Premium in my view. Especially ActionType 48 and 33 should be integrated in any serious anti-logger tool.

    And why not also add the network monitor? It gives a quick overview of all processes that are connecting out. The good news is that on Win 10 1909, an old SS Firewall version still works, hopefully this will also be the case on Win 11, but I doubt it.
     
  10. Surt

    Surt Registered Member

    Joined:
    Jan 23, 2019
    Posts:
    471
    Location:
    USA
    BREAKING NEWS!
    I sent an email to helpdesk@ requesting that a changelog be published and half hour later I got a reply with the link to the changelog page. :thumb::thumb::thumb:
     
    Last edited: Nov 2, 2022
  11. guest

    guest Guest

    EU + USA = SpyShelter
    November 14, 2022
     
  12. Surt

    Surt Registered Member

    Joined:
    Jan 23, 2019
    Posts:
    471
    Location:
    USA
    "a small team in Texas USA"
    NetMeetings LLC in Austin. Right across the street from GlassWire's SecureMix LLC. Maybe. :)
     
  13. henryg

    henryg Registered Member

    Joined:
    Dec 13, 2005
    Posts:
    342
    Location:
    Boston
  14. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    Wow, interesting stuff. So SpyShelter is now owned by the developer of GlassWire? That's quite funny since I'm a fan of SS but was never too impressed with GlassWire. But I do think that SS is in good hands. Hopefully they will bring back the network monitor in SS Premium.
     
    Last edited: Nov 17, 2022
  15. guest

    guest Guest

    SpyShelter Black Friday Deal!
    November 21, 2022
     
  16. bellgamin

    bellgamin Registered Member

    Joined:
    Aug 1, 2002
    Posts:
    8,102
    Location:
    Hawaii
    Unfortunately, SS subscriptions activate on the day they are purchased. Thus, this sale is of little value to existing paid customers.
     
  17. khanyash

    khanyash Registered Member

    Joined:
    Apr 4, 2011
    Posts:
    2,428
    SpyShelter Premium default settings. Windows 10.

    I have to disable SpyShelter protection; otherwise, Sticky Password Manager doesn't open. There are no blocks under "Rules" in SpyShelter.

    And it seems SpyShelter sets Windows "Focus assist" to "Alarms only". How can I stop this? I like to keep Focus assist "Off".

    Any help?
     
  18. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    If you can't figure out what SS is blocking, then it's best to report this to the SS team, which is no longer Datpol.
     
  19. guest

    guest Guest

    SpyShelter and Windows Core Isolation Feature
    December 7, 2022
     
  20. guest

    guest Guest

    SpyShelter in 2023!
    January 31, 2023
     
  21. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    Cool, so this new NetMeetings development team is planning to develop new features for SS, sounds great! Hopefully they will start by bringing back the network monitor and they can perhaps also implement an ''auto-block'' feature, similar to how TinyWall automatically blocks outbound connections, for example.
     
  22. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,694
    Location:
    USA
    I have to take a final exam on Tuesday. After I get that out of the way, I will contact the new SS team and make my recommendations. My top two recommendations are below.

    1. Provide an ask option with the Execution Control feature, and allow the user to add their own vulnerable executables to a list. The user would then receive an alert anytime a vulnerable executable from the list attempted to execute. Allow the user to whitelist harmless execution attempts by command line. Support Wild Cards for command line whitelisting.

    2. Give the user full control over which digital certificates are trusted by SpyShelter. Allow the user to edit the Trusted Publisher's List to suit their own needs. One should never trust digital certificates that they don't need. I only use 5 digital certificates with ERP, and I rarely ever receive any prompts from ERP (I may receive 1-2 user prompts per month). Some months I don't receive any prompts at all from ERP. This goes to show that most users don't need to use many digital certificates to prevent unnecessary user prompts.
     
    Last edited: Feb 6, 2023
  23. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    OK cool, let me know if you have some more recommendations, I will also try to come up with a few. I would like to see more protection against info-stealers, like browser cookie/credentials protection, easier ways to protect folders from reading and writing and better protection against code injection like process hollowing.
     
  24. Defenestration

    Defenestration Registered Member

    Joined:
    Jul 17, 2004
    Posts:
    1,108
    I'm wondering why 12.9/14.0 Premium is so much bigger than 12.8 Firewall - installer is 17.2MB vs 10.3MB. Below is screengrab of both installer's extracted, showing difference in size of component's ?

    They're both protected by VMProtect and it's possible 12.9 isn't using the compression/pack feature of VMProtect.

    Still seem's a bit odd though.

    Capture.PNG
     
  25. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    I believe a 7MB difference isn't that bad. I have also seen browsers like Vivaldi getting bigger and bigger in the last few years.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.