SpyShelter 10

Discussion in 'other anti-malware software' started by Mops21, Jul 30, 2015.

  1. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    9,197
    Location:
    The Netherlands
    I believe you already discovered that the "file and folder protection" feature will fail to protect files, if ransomware uses the "process hollowing" technique. In other words, you shouldn't rely on SS to protect against ransomware.
     
  2. ichito

    ichito Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    1,583
    Location:
    Poland - Cracow
    The clou is the word "IF"...this is the only one method and case I know...and perhaps you also...that someting can bypass SS in anti-ransome protection. It's to less to say that SS fails.
     
  3. Tomin2009

    Tomin2009 Registered Member

    Joined:
    Sep 13, 2012
    Posts:
    80
    I've a few samples bypassed Spyshelter Premium
    I have a few samples bypassed Spyshelter Premium, if you want to have a test, I'd like to sent the samples to you with PM.

    Video link : https://www.upload.ee/files/7166180/Video_2017-06-27_184845.wmv.html
     
  4. ichito

    ichito Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    1,583
    Location:
    Poland - Cracow
    @Tomin...this is still the same trick with injection code into explorer.exe...and still the same decision "deny". Did you tried tips I've suggested in post #974?
     
  5. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    9,197
    Location:
    The Netherlands
    To clarify, I'm not saying it's a flaw, because SS was never designed to protect against ransomware. It's designed to protect against stuff like keyloggers and banking trojans. But people need to be aware of this, and SS should also beef up security. I don't understand why it doesn't protect against process hollowing, any HIPS should be able to do this out of the box, without relying on user input.
     
  6. Tomin2009

    Tomin2009 Registered Member

    Joined:
    Sep 13, 2012
    Posts:
    80
    I will have a try and then record a video here.

    And i have to say if I choose apply to all and deny at the first popup window. Don't you think is it the same with Spyshelter Firewall's anti-execuate feature?

    https://www.upload.ee/files/7187397/AutoAllow_Mode.rar.html

    https://www.upload.ee/files/7187420/Ask_User_Mode.rar.html
     
    Last edited: Jul 3, 2017
  7. puff-m-d

    puff-m-d Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    4,673
    Location:
    North Carolina, USA
    Hello,

    SpyShelter version 10.9.3 has been released.
    Homepage
    Download
    Blog
    Changelog
     
  8. co22

    co22 Registered Member

    Joined:
    Nov 22, 2011
    Posts:
    289
    Location:
    router
    thanks for update:thumb:
     
  9. puff-m-d

    puff-m-d Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    4,673
    Location:
    North Carolina, USA
    Hello @co22,

    You are most welcome ;) ...
     
  10. Jerry666

    Jerry666 Registered Member

    Joined:
    May 28, 2002
    Posts:
    114
    Thanks !
     
Loading...