Discussion in 'other anti-malware software' started by Mops21, Jul 30, 2015.
Correct, I have been asking for a better logging system for years, but to no avail.
You assume I didn't' read the manual. I did. There was no answer as to why things were being blocked yet there was nothing in the log that indicated why. There was nothing in the manual that suggested what I should go when SBIE was not functioning correctly when it had execution permissions. There was nothing in the manual that said why restricted applications couldn't print, when we have seen here that they can. None of these questions were answered in the knowledgebase either. In fact SSF support had no answers either, other than "accept that fact." Why complain, because after reading the documentation (which was no help), and asking support all I got was unhelpful,, needlessly rude feedback.
How are you going with SpyShelter Firewall, is it still working as expected?
does not appear to install while in shadow mode. does this installer check to see if it in run in a virtual environment?
Sorry never tried to install SpyShelter in Shadow Defender, but I know it will not be successfully because it requires a reboot in order to finish the installation.
If software could be installed in Shadow/virtual mode wouldn't that then defeat the point of the virtual software? I have Shadow Defender and SpywareShelter Firewall functioning; I just installed Shadow Defender last.
Schorg - I haven't had time yet to really thoroughly test it. I will most likely be doing that tonight. However, preliminarily, I can say I've very optimistic because there have not been any issues at all yet. I'll keep ya posted.
Everything seems to be working fine. Printing now works from restricted applications. I wish I could tell you why. There was nothing in the log to indicate why it didn't work before, and even SSF support didn't know why. They just hid behind a generic answer. I did have to reset my ruleset. But it works now. I am not going to use SBIE, because there's no need now that I can print from restricted apps.
I think I'm going to pair it with Shadow Defender.
Glad that everything is working ok now, very strange why this happened maybe SpyShelter Firewall became corrupt in some way or unknown bug?. I have tried to reproduce, but when you restrict an app the general rules do not have any effect as the restricted apps (internal rules) over ride the general rules. The only rules which can override these restricted apps rules and I believe very importantly that they should do are <all components> (deny rules) as far as I can tell. Also forgot to mention that action 53 execution of an application only has an effect for the execution of the app which is restricted.
Yes I agree SpyShelter Firewall and Shadow Defender are a good combo.
BTW, which apps are you running restricted, and why not use SBIE for sandboxing those apps?
I can. It's just that I don't feel the need. Why add another app when restriction abilities are in SSF. I have a lifetime license for SBIE, but with SSF, Shadow Defender, and Zemana Premium there's no need.
Indeed, it is obvious that anything installed/created on the protected partition (C: by default) while in Shadow Mode, won't be kept, because SD at each reboot negate all actions done; installation and created files (unless the file/folder is excluded which defeat SD purpose...)
Yes, agreed. I thought as boredog is a user of Shadow Defender he would be aware of this, but might not be aware that the installation of SpyShelter requires a reboot to complete sucessfully and thus futile to even attempt installation in Shadow Defender's "Shadow Mode". Maybe boredog could use a VM or something like Rollback RX for trying out different security apps.
I don't worry about that when trying stuff. That is the advantage of Macrium's speed. Quick image before and quick restore if I don't like it.
I use Oracle's Virtualbox, but using Macrium Reflect in that way sounds interesting. I have Macrium Relect on my systems's (Paid) I shall give it a go. Thank you for the tip.
OK, I see. I didn't know you wasn't using SBIE anymore. The reason I asked is because SBIE is way more advanced and secure when it comes to sandboxing.
That's true. But I like the combo of SSF w/restricted apps + Shadow Defender >>> SBIE + SSF w/o restricted apps + Shadow Defender. The latter is redundant.
I forgot to ask if all of your restricted apps are working correctly. The thing is, because of SBIE's virtualization, you don't have to worry about which folders are accessible. That's the reason why I never liked the SS sandbox, it should be redesigned.
Yeah, I think everything is working correctly. I'm sure there are errors in the SSF log, but I haven't noticed anything I cannot do once I recreated my config. Also, be aware that with SSF you can also restrict folders.
Actually, I take that back. I just noticed that a few of my firefox extensions are not working, nor is the ability to customize the firefox toolbars when it's restricted. There were no such issues in SBIE.
That's exactly what I mean, I don't see the point of restricting write access to almost all folders, it will only cause annoyance. I think the sandbox should be focused on auto-blocking suspicious behavior of restricted apps.
Tried the discontinued free version again, but it keeps forgetting the rules I add manually. Anyone know a solution for this (besides buying a license, because paid version still works).
I believe the value to disable CMD should be set to 1. (disabled) Value of 0 would be enabled and CMD would run.
And for allowing of scripts/batch files, the value can be set to "2".
0 = CMD enabled
1 = CMD and scripts are disabled.
2 = CMD disabled, scripts are allowed
A newer version of the "Security Test Tool" was released (mentioned at Majorgeeks)
v184.108.40.206 - (2016-12-11)
(the previous version v220.127.116.11 was released in 2015)