I believe you already discovered that the "file and folder protection" feature will fail to protect files, if ransomware uses the "process hollowing" technique. In other words, you shouldn't rely on SS to protect against ransomware.
The clou is the word "IF"...this is the only one method and case I know...and perhaps you also...that someting can bypass SS in anti-ransome protection. It's to less to say that SS fails.
I've a few samples bypassed Spyshelter Premium I have a few samples bypassed Spyshelter Premium, if you want to have a test, I'd like to sent the samples to you with PM. Video link : https://www.upload.ee/files/7166180/Video_2017-06-27_184845.wmv.html
@Tomin...this is still the same trick with injection code into explorer.exe...and still the same decision "deny". Did you tried tips I've suggested in post #974?
To clarify, I'm not saying it's a flaw, because SS was never designed to protect against ransomware. It's designed to protect against stuff like keyloggers and banking trojans. But people need to be aware of this, and SS should also beef up security. I don't understand why it doesn't protect against process hollowing, any HIPS should be able to do this out of the box, without relying on user input.
I will have a try and then record a video here. And i have to say if I choose apply to all and deny at the first popup window. Don't you think is it the same with Spyshelter Firewall's anti-execuate feature? https://www.upload.ee/files/7187397/AutoAllow_Mode.rar.html https://www.upload.ee/files/7187420/Ask_User_Mode.rar.html
This info from changelog is interesting Does it means that SS Free can be upgraded from 10.8.6 to 10.9.4?
As expected, no exciting new changes. It's a good tool, but I'm very disappointed with the lack of innovation.
installing spyshelter with kaspersky total freez my computer, and return a lot of Microsoft-Windows-DistributedCOM error in windows events --> windows 10
If you send an email to support helpdesk@spyshelter.com They might be able to tell you which protections to turn off, so the two programs will stop conflicting. But you will lose protection, even if it works. Basically, you are trying to combo two programs that both have a robust HIPS component, and this doesn't work very well. There is only room on your system for one HIPS.
I am having trouble with "folders with write access". I put Chrome into restricted apps, and in order to print a web page, I need to add the "spool" folder, located in Windows/System32, to "folders with write access". But Spyshelter doesn't see that folder, when I try to add it. See screenshot, showing Windows explorer on the left, and Spyshelter window on the right. In file access violations, the folder does display. But when I hover over it, the second half of the path is displayed in chinese characters, and it doesn't work to add it to "folders with write access". I have a standard English installation of Windows, there is no chinese on my system.
Another issue: I installed SpyShelter on my admin account, with a 1 year license. In my standard account, on same PC, SS says it is registered as a trial version, and the rules I made in admin account are not being applied.
I reinstalled, this time with support for east asian languages. The second half of the path still appears in chinese, when hovering, but from the "access violations" tab I was able to add it to the list of "folders with write access". It appears there, half in chinese. Weird, but at least it works.
SpyShelter 10.9.5 released Posted on October 17, 2017 in News | Blog Homepage SpyShelter 10.9.5 is now available. Biggest and most anticipated change in newest version of SpyShelter Anti-Keylogger is the added compatibility for the most recent version of Windows 10, i.e. Fall Creators Update. SpyShelter 10.9.5 also includes a bunch of overall security improvements as well as some GUI fixes, such as fixing tray notification display issues which some users have experienced. Licensing issues on non-administrative accounts should no longer happen. In following days, a new SpyShelter product will join the family. Stay tuned for more updates and make sure to follow us Facebook & Twitter! SpyShelter 10.9.5 (17/Oct/2017) Changelog: – Added Windows 10 Fall Creators Update compatibility – Notification Balloons updates and fixes – Other corrections https://www.spyshelter.com/blog/spyshelter-10-9-5-released/ https://www.spyshelter.com/download-spyshelter/
Wow, I really wonder what type of product they will come up. I'm guessing it won't be related to anti-spyware, so it will probably be anti-ransomware.
I agree with your guess. In the mean time, is there an antiransomware program that works well with spyshelter? I am concerned that if the antiransomware program actually springs into action, it will be somehow blocked by SS, then allowing the ransomware to do its thing. I think it would take some testing to know.