Should the trial version of SpyShelter Premium (x64) ask about rules?

Discussion in 'other anti-malware software' started by Peter Francisco, Mar 17, 2015.

  1. Peter Francisco

    Peter Francisco Registered Member

    Joined:
    Mar 16, 2015
    Posts:
    2
    So I thought I would try SpyShelter Premium (9.7.1) on my W7x64 machine.

    The first try, I set it to 'Auto allow- High security level'. A lto of my programs wouldn't run- which I expected, and I set rules accordingly to allow the activities I needed. There were just 2 problems. First, the rules didn't seem to take effect till after a re-boot, and second, after rebooting, I found that programs that ran fine before the restart were blocked from operating normally. Well, just two problems if I don't count the almost fatal error of turning off 'Allow terminating Spyshelter via Task Manager', and on for both 'Administtrator rights required to access gui', and 'Password protection'. Setting this in my user account wouldn't let me make any changes with the user account (the application didn't appear to be running, but its process was). Trying to start SSP in either the user or admin accounts resulted in an error that SSP was already running, and I couldn't shut down the process even with the administrator account. After a restart and clicking the SSP icon, I was able to access the password gui and start the app- then set it to allow for terminating with the TM- but that was a user induced problem. So anyway, after several reboots and about a day, I couldn't get my sandboxed FireFox to access the internet- even with all the Sandboxie and FF rules set to 'allow', and finally had to reset my machine.

    So, I reverted back to a pre SSP image, and this time selected 'Ask User' SSP still doesn't ask whether it should make a rule, and does so automatically (I have 'Auto-blocj suspicious behavior' on). I still have to reboot to make my 'allow' rule changes take effect.
    So, my question is this: is the paid version the same as the trial version? I'm not so sure I want to actually buy this program if it's going to be so hard to run. I don't really have time to stop working, shut down all my open documents, and restart the machine just because that's the only way to get a program to act correctly with its first use with SSP. Does the paid version actually ask before it makes a rule, or am I just missing something and I'm not telling it to ask?
     
  2. marzametal

    marzametal Registered Member

    Joined:
    Mar 19, 2014
    Posts:
    732
    You have provided your problem, and also your solution... hahaha

    "Auto-block suspicious behaviour" - if this is ticked, you will NEVER be prompted... try and install something that doesn't fit into your ruleset, you will hear nothing but silence... till the install breaks. If "Auto Block" is combined with "Ask User", forget about it! You want to be asked but you are also auto-blocking. They cancel each other out and nothing is seen by the end user.

    User accounts have no say whatsoever in how SS runs. Fine, it'll seem as though your changes have committed. But give it a reboot, and you will see that nothing actually has... all changes you wish to make should be made via Admin (not the real Admin, but the one that is associated with Admin) account.

    It is hard to run, till you realise what you actually want out of the application. With this type of app, you can't go around willy nilly and hope for the best. It has to be targeted to how you wish your PC to run. Also, may I ask what other apps you have installed? Just curious...
     

    Attached Files:

    • ssp.jpg
      ssp.jpg
      File size:
      70.7 KB
      Views:
      39
  3. Peter Francisco

    Peter Francisco Registered Member

    Joined:
    Mar 16, 2015
    Posts:
    2
    Thanks so much for your input.

    I am running Avira and MS Essentials for viris detection, and Comodo for firewall and HIPPS. I use Sandboxie for my web browser (FireFox), and use NetLimiter to throttle Skype so it doesn't eat all my bandwidth before the end of my billing period.

    I haven’t messed much with SSP much since my last post. The last time I looked at it, it said I had worn out my welcome and I needed to buy it if I wanted to run it. This after 3 or 4 days into a '14 day' trial period. I haven’t rebooted or tried restarting it, since I haven’t made the time to mess with it. I told Comodo to allow SSP on the internet, so maybe I should have blocked it. I suppose I will probably have to revert to my pre-SSP image to try it again. Not sure if I should save my current rules and import them, or start over from scratch without 'Auto-block' selected.

    I seldom log into the Admin account. Are you saying I would need to log into an account with administration privileges in order to make\edit rules for SSP? Should I tell SSP not to automatically start with Windows, then open it from the user account with the 'Run as administrator' command? Maybe that way I could make my changes from the user account.

    Again, I very much appreciate your feedback. I would buy this program if I could make it work without constantly restarting.
     
    Last edited: Mar 22, 2015
  4. marzametal

    marzametal Registered Member

    Joined:
    Mar 19, 2014
    Posts:
    732
    Avira is fine for your real-time protection. There are pro's and con's with Avira, but for the most part, it still is solid and fits in with your setup. MS Essentials, on the other hand, can be given the flick. This is about as helpful as a broken window in a downpour. It constantly fails in benchmark detection tests. You are better off going with the free version of MalwareBytes Antimalware. The free version will be your on-demand protection (runs periodically).

    In regards to Comodo Firewall, great pick there, especially if it is set up properly. I never had the guts to try it out, even though people have been egging me on to do so. I use Windows 7 Firewall and Windows Firewall Control (shows allowed/blocked connections). In regards to HIPS, pick one mate... let Comodo handle it, or pass on the HIPS responsibility to SSP. Also one more thing worth mentioning, you might need to make another decision; this time in relation to SSP vs Sandboxie. These two are known to clash, and I don't like the idea of dumbing down one application just to promote compatibility. If there was a chance to blend them all together to produce one killer setup, then fair enough. However, SSP would have to be lowered in strength to allow proper behaviour if it is to run side by side with Sandboxie.

    Yeah, that is freaky, 3 days into the trial and SSP craps itself. Allowing SSP through Comodo wouldn't have caused any issues. Your system knows how to count to 14 days without the Internet. Your system clock could be reversed, meh... effort much? I am happy to hear you have a pre-SSP image. I am relatively new to the backup and restore scene. Where has it been all my life!?

    This can go two ways, it all depends on how you handle CF vs SSP and SSP vs Sandboxie.
    Anyways, what I recommend is make all the changes you wish to make in SSP now, and then uninstall SSP. It will ask you a question about keeping your settings. This is the only true way of saving 'everything'. Exporting rules does just that, exports the rules. However, all the ticks and dropdown selections will not be saved. After removal from your system, open up Windows Explorer and (damn, cannot remember the directory!! It could be the Program Files, or Program Data, or User/Appdata/Roaming/SpyShelter) you will see 3 files similar to these:
    1) settings.ini
    2) BWLV22M.db
    3) BWLV22C.db
    Backup these 3 files (2 & 3 might look different), and if you do end up running with SSP; after installation, log into Safe Mode via F8, and copy these 3 files over, replacing existing ones. There you have it, settings returned. I noticed one or two were missing, but overall, everything was as it should be.

    Now this is why it pays to talk to people (sometimes). I never thought of this! As tempting as testing this out is, I believe you have some thinking to do about CF, SBIE and SSP. Whatever comes out of that conversation will determine how your config looks in the future. These changes aren't made every day or every week, so take your time.
     
Loading...