SpyShelter 10

Discussion in 'other anti-malware software' started by Mops21, Jul 30, 2015.

  1. hjlbx

    hjlbx Guest

    @scorpionv - can you provide some examples\further details ?

    What is blocked without notification or logging ?
     
  2. ichito

    ichito Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    1,973
    Location:
    Poland - Cracow
    @scorpionv
    Try those things
    - make custom network rule in advanced rules window - allow in/out
    - in "Rules" tab exclude "VPN Client" folder with option "existing and any in future file"
    - add Cisco to user definied signers list (Settings/Security)
    - change protection level to "Allow Microsoft"
    - exclude process from keystrokes encryption - tab "process filter"
    - in tab "Advanced" check the option "better compatibility" (hooks guard).
     
  3. hjlbx

    hjlbx Guest

    @Rasheed187

    Don't you use SpyShelter Firewall ?

    Have you experienced any specific problems between SSF and SBIE ?
     
  4. hjlbx

    hjlbx Guest

  5. ichito

    ichito Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    1,973
    Location:
    Poland - Cracow
  6. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    14,812
    Location:
    The Netherlands
    No I haven't. I did notice that some apps won't run sandboxed, but I believe that's not related to SS, must be some problem in SBIE. And if you install SS, it will automatically put "Hooks Guard" in "Better Compatibility mode" to avoid conflicts with SBIE. This is related to the self protection feature from SS.
     
  7. hjlbx

    hjlbx Guest

    I think the things that hold SSF back are insufficient documentation and no support forum. There's a lot about SSF that - at this point - can only be figured out\learned by practicing with it.

    Settings dependencies - for example.

    You and I share the same opinion regarding the GUI - but I guess if you really know how it works and what to expect during use - then one gets used to it. Heh, heh... it is quirky, but the HIPS appears to be very good protection - especially in the right user hands.

    You have any tips or good infos ?
     
  8. hjlbx

    hjlbx Guest

    Online translators have very difficult time translating Polish. They produce essentially gibberish... LOL.
     
  9. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    14,812
    Location:
    The Netherlands
    All I can say is that HIPS should be used as a last line of defense. So after you have decided that some app is most likely to be clean you should be able to decide what's normal behavior and what's not if alerts pop-up.

    This depends on the type of app, for example: Browsers need to make outbound connections, but they don't need to load a service or driver. A process monitor might need to load a driver, but it should't inject code into processes. So this is the only thing you need to learn. BTW, the help file isn't that bad.
     
  10. ichito

    ichito Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    1,973
    Location:
    Poland - Cracow
  11. hjlbx

    hjlbx Guest

  12. hjlbx

    hjlbx Guest

    LOL... prior Rules pane - with Actions listed at bottom of pane - was better.
     
  13. hjlbx

    hjlbx Guest

    @ichito
    @Rasheed187

    What is AntiNetworkSpy ?

    I read the Help file.

    Anyone with additional infos ?
     
    Last edited by a moderator: Feb 18, 2016
  14. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    14,812
    Location:
    The Netherlands
    It's basically protection against banking trojans who try to control traffic by hijacking browser memory. It's a quite innovative feature, also offered by Zemana and Webroot. But it's not clear if SS can really block the newest and most popular banking trojans, since it hasn't been tested for years. I'm sure you're familiar with the MRG Effitas Online Banking test, Webroot usually performs good, same goes for Zemana.

    https://www.mrg-effitas.com/mrg-effitas-online-banking-certification-q4-2015/
     
  15. hjlbx

    hjlbx Guest

    Do you know if SpyShelter is being actively developed ?

    It appears to me to be highly intermittent\sporadic.

    Do you know anything about the developer or Datpol ?
     
  16. Jerry666

    Jerry666 Registered Member

    Joined:
    May 28, 2002
    Posts:
    176
    On settings > firewall driver which to use , TDI Firewall driver or WFP Firewall driver ? What is the difference ?
    Thanks
     
  17. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    14,812
    Location:
    The Netherlands
    It's being developed actively from what I understood. But to me the biggest frustration is that it still lacks important features related to usability and security. There's nothing wrong with the look and feel of the UI, but the problems lies in how info is presented.

    For example, in the log window you should only see relevant info about non trusted apps and you should see what behavior is being blocked or allowed. Another problem: There is no way to mark apps "Trusted" or "Restricted", and there is no way to sort on allowed or blocked behavior.

    About the protection capabilities: I have no clue how system applications like cmd.exe and powershell.exe are being handled. I get the impression that SS will automatically trust them, which is a huge problem. I also don't know if SS can protect against "process hollowing", also known as "zombie processes".

    http://www.malwaretech.com/2014/12/zombie-processes-as-hips-bypass.html
     
  18. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    14,812
    Location:
    The Netherlands
    On Win Vista and higher you should use WFP. TDI is an older method used on Win XP.
     
  19. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    14,812
    Location:
    The Netherlands
  20. hjlbx

    hjlbx Guest

  21. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    14,812
    Location:
    The Netherlands
  22. hjlbx

    hjlbx Guest

    I agree with all you said regarding user-interface.

    For vulnerable processes - like cmd.exe, powershell.exe, vbc.exe, RegAsm.exe, etc - when SpyShelter is set to "Ask User" it will elicit the full run sequence for all processes.

    For any vulnerable processes, don't select "Remember my answer" - and no rules will be created.

    The problem here is that the user must be knowledgeable regarding vulnerable processes and how malware abuse them.

    That being said, if one gets an alert out-of-the-blue and it shows poaijancpa.tmp is trying to execute RegAsm.exe (for example) - you just know something isn't right - select Terminate and then investigate !
     
  23. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    14,812
    Location:
    The Netherlands
    Yes correct, but I forgot to mention that I'm not using the anti-exe feature from SS, ERP is obviously much more user friendly. But SS should have offered an option to mark vulnerable system processes as "Restricted". It's a basic feature but the developers seem to have a different vision. SS is good but it could have been great, know what I mean?
     
  24. hjlbx

    hjlbx Guest

    "could have been great" - I know exactly what you mean.

    If users don't send feedback to Datpol - and stay on top of them - then they will never get improvements and\or desired features.
     
  25. hjlbx

    hjlbx Guest

    @ichito !

    Is Datpol a one-man operation, small company or larger IT security company ?

    I can find virtually no infos about Datpol and its staff.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.