SpyShelter 10

Discussion in 'other anti-malware software' started by Mops21, Jul 30, 2015.

  1. Tomin2009

    Tomin2009 Registered Member

    Joined:
    Sep 13, 2012
    Posts:
    83
    The compatibility is an serious problem for SSF, especially in Windows 10 X64.
     
  2. Lockdown

    Lockdown Registered Member

    Joined:
    Oct 28, 2016
    Posts:
    772
    Location:
    AppGuard LLC, Virginia, U.S.
    What compatibility problems have you experienced or heard about ?
     
  3. Tomin2009

    Tomin2009 Registered Member

    Joined:
    Sep 13, 2012
    Posts:
    83
    What a pity,you are not the developer from SSF. I have reported a few bugs to the developers usinng their "helpdesk", they just ignore it.
    For example, I send them an sample that bypass SSF's protection, they just said SSF is OK, they will not spend time on that.:'(
     
  4. Lockdown

    Lockdown Registered Member

    Joined:
    Oct 28, 2016
    Posts:
    772
    Location:
    AppGuard LLC, Virginia, U.S.
    I use SpyShelter Firewall because I find its logging useful under certain circumstances, so I was interested in your experience with it.

    I noticed that installing SSFW on one W10 system breaks extensions (uBlock Origin and LastPass) in Microsoft Edge.
     
  5. ichito

    ichito Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    1,592
    Location:
    Poland - Cracow
    What was that?...colud you share some info?
     
  6. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    9,498
    Location:
    The Netherlands
    Yes, please post details.
     
  7. co22

    co22 Registered Member

    Joined:
    Nov 22, 2011
    Posts:
    296
    Location:
    router
    10+ for more advanced firewall:)
     
  8. Tomin2009

    Tomin2009 Registered Member

    Joined:
    Sep 13, 2012
    Posts:
    83
    Sample One

    1. Create an empty *.txt file and rename it with"Let's run the game!"(no .txt)

    2.Copy the file to desktop and Documents.

    3.Run the sample!

    Use it as your own risk!!!


    Sample Two

    Just run it(If you don't allow it to run,OK,SSF win ), and then you will find encrypted by sample.


    Here is a pdf file to show Kinds of Antivirus softwares' result while suffered sample one!

    https://www.upload.ee/files/7145756/Result.pdf.html
     
    Last edited: Jun 21, 2017
  9. Quassar

    Quassar Registered Member

    Joined:
    Oct 19, 2011
    Posts:
    80
    I have

    While i have instaled SSFW
    winpatrol dont wanna lunch its popup for half s and off..
    I can't install WireShark, instalator just rage freeze after lunch :)
    cant also run TCPview from internals suite.
     
    Last edited: Jun 21, 2017
  10. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    9,498
    Location:
    The Netherlands
    Can you give some more details? Are you saying that SS doesn't protect against ransomware? We already knew about this.
     
  11. n8chavez

    n8chavez Registered Member

    Joined:
    Jul 19, 2003
    Posts:
    2,418
    Location:
    Location Unknown
    SSF doesn't protect against ransomware? hmm....it might be time to rethink things.
     
  12. Lockdown

    Lockdown Registered Member

    Joined:
    Oct 28, 2016
    Posts:
    772
    Location:
    AppGuard LLC, Virginia, U.S.
    It does protect against the execution of unknown\untrusted programs - which includes ransomware.

    However, if the user allows the unknown\untrusted file execution, then it does not detect file encryption - but at the same time - it should protect files placed into protected folders from being encrypted.

    There are those that are paranoid that a normally trusted file that is digitally signed and download from a trusted website will turn out to be ransomware. It's possible, but not likely. And most security products are going to miss the sample as well if they fully whitelist on the basis of the digital certificate alone.
     
  13. n8chavez

    n8chavez Registered Member

    Joined:
    Jul 19, 2003
    Posts:
    2,418
    Location:
    Location Unknown
    Oh...well I don't expect any application to protect against idiocy. Why would you allow something that you that you did not cause?
     
  14. Lockdown

    Lockdown Registered Member

    Joined:
    Oct 28, 2016
    Posts:
    772
    Location:
    AppGuard LLC, Virginia, U.S.
    That is precisely Datpol's short reply argument to the ransomware issue.
     
  15. Tomin2009

    Tomin2009 Registered Member

    Joined:
    Sep 13, 2012
    Posts:
    83
    :argh:
    OK,you win.
     
  16. Tomin2009

    Tomin2009 Registered Member

    Joined:
    Sep 13, 2012
    Posts:
    83
  17. Lockdown

    Lockdown Registered Member

    Joined:
    Oct 28, 2016
    Posts:
    772
    Location:
    AppGuard LLC, Virginia, U.S.
    Did you give this video to SpyShelter support ?

    Did you try it with SpyShelter set to "Ask User" in Security Settings ?
     
    Last edited: Jun 27, 2017
  18. Lockdown

    Lockdown Registered Member

    Joined:
    Oct 28, 2016
    Posts:
    772
    Location:
    AppGuard LLC, Virginia, U.S.
    The malware is still running, so it keeps trying to create the autorun key.

    Deny only terminates a single action. If the malware keeps trying to do the same thing over-and-over you will get an alert for each time it tries to do it. In this case, the malware attempts to create the autorun key over-and-over and each time you select Deny, it blocks the autorun key creation 1 time.

    Tick "Remember my choice" at the bottom of the alert to create a permanent block (or allow) rule.

    If that does not solve the issue, then

    select Terminate. It should kill the process.
     
  19. Tomin2009

    Tomin2009 Registered Member

    Joined:
    Sep 13, 2012
    Posts:
    83
    Thanks
     
  20. Tomin2009

    Tomin2009 Registered Member

    Joined:
    Sep 13, 2012
    Posts:
    83
    Same result.
     
  21. Lockdown

    Lockdown Registered Member

    Joined:
    Oct 28, 2016
    Posts:
    772
    Location:
    AppGuard LLC, Virginia, U.S.
    Try one more time, but this time tick "Remember my answer."

    If autorun key is still created, then it appears that it is a legitimate bug; SpyShelter is not preventing an autorun key creation in HKCU.

    Because of language, I have always found it best to supply to Datpol:

    1. video
    2. sample
     
  22. Tomin2009

    Tomin2009 Registered Member

    Joined:
    Sep 13, 2012
    Posts:
    83
  23. Tomin2009

    Tomin2009 Registered Member

    Joined:
    Sep 13, 2012
    Posts:
    83
    Send it to you by PM
     
  24. ichito

    ichito Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    1,592
    Location:
    Poland - Cracow
    OK...interesting but we can see that anyone have mentioned about those things below which are offered in window of alert...user should know and use not only allow/deny button
    - the command "Analyze file with ViruScan.Jotti.org"...it couldn't be maybe helpful in this case but can give some advice about allow/deny decision
    - option "Apply the choice to all actions for current component" means
    That can be important because malware can use legal process in next steps what we can see in movies - explorer.exe in 60 (first movie) and 45 sec. (second movie). "Apply for all actions" could probably finish infection.
    - the button "Terminate" that means something diferent as "Deny" - it doesn't block single alerted action but kill parent (here - malicious) process
    - in Settings/Advanced we have the options "Terminate child processes"...also those known and legal...and perhaps more interesting "Terminate all instances" that should "kill all processes with the same path as the suspicious process".
    Probably it would be worth to check this tricks also.
     
    Last edited: Jun 27, 2017
  25. Tomin2009

    Tomin2009 Registered Member

    Joined:
    Sep 13, 2012
    Posts:
    83
    :thumb:
     
Loading...