SpyShelter 10

Discussion in 'other anti-malware software' started by Mops21, Jul 30, 2015.

  1. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Ah, thanks.
     
  2. ichito

    ichito Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    1,974
    Location:
    Poland - Cracow
    SS is not default-deny and signature-based app so the essence of its protection is to ask user about each detected action...that's the base of building list of rules. So SS by showing alot of alerts help users what does not menas "is not user-friendly".
     
    Last edited: Jan 23, 2018
  3. n8chavez

    n8chavez Registered Member

    Joined:
    Jul 19, 2003
    Posts:
    2,998
    Location:
    Location Unknown
    My main issue with SSF is that often the firewall component does not work. If I detect my networks so that they are listed in SSF, switching both Wifi and VPN to blocked, nothing is blocked regardless of setting. The firewall component has no effect at all.
     
  4. SpyShelter Firewall has memory protection for all code injection exploits, so that would be read and write access to any Microsoft process or application blocking very cool, which is the 'System Protection' security module which also has application restriction rules for blocking applications the same as OSArmor etc. this also means it can block Computer exploits, I've add all known computer exploited applications to rules list such as 'powershell, rundll32.exe, msiexec.exe' and UAC bypass DLL Hijacking method Kevin mitnick uses process 'sysprep.exe' also I added to the list for blocking exploits. And have also stolen more exploits from OSArmor rules list and have added two more processes for Cryptolocker family process 'vssadmin' and 'bcdedit' and much much more! :shifty:

    Code:
    //Block command-line strings used by Cryptolocker family
    [%PROCESSCMDLINE%: *rundll32*Shell32.dll*Control_RunDLL*\*.exe*]
    [%PROCESSCMDLINE%: *rundll32*javascript:*]
    [%PROCESSCMDLINE%: *rundll32*;*eval*(*]
    [%PROCESSCMDLINE%: *vssadmin*Delete*Shadows*/All*/Quiet*]
    [%PROCESSCMDLINE%: *bcdedit*/set*recoveryenabled* No*]
    [%PROCESSCMDLINE%: *bcdedit*/set*bootstatuspolicy*ignoreallfailures*]
    [%PROCESSCMDLINE%: *bcdedit*-set*loadoptions*DDISABLE_INTEGRITY_CHECKS*]
    [%PROCESSCMDLINE%: *bcdedit*/deletevalue*safeboot*/set*safeb
    
     
  5. I have no issues with SpyShelter Firewall it blocks File Sharing and NetBIOS Information ports '139,135, 445, 137, 138,' and pings at port number '7' to the Computer I tested firewall Yesterday! :ninja:

    You have to add the rules for firewall manually! :thumb:

     
  6. n8chavez

    n8chavez Registered Member

    Joined:
    Jul 19, 2003
    Posts:
    2,998
    Location:
    Location Unknown
    I think you are misunderstanding what I'm saying, or perhaps I am just a colossal idiot. But if you click on the detect network zones button in SSF (see here) it should detect what you're using to connect with. In my case that's both a VPN and wifi, in most cases since I'm always connected to a VPN. Changing the permission on both of those zones to "blocked" should block all connection to/from those zones, right? In my case it does not. There is no difference whether those are set to allowed or blocked. Of course, this is without going into any sort of granularity with the firewall but just the blacked adapter permissions. Am I missing something?
     
  7. If you know your VPN IP Address could you input your IP range in rule? I don't have that version of SpyShelter Firewall also, so I have to setup it manually. I don't use VPN Networks, but I have my own WIFI Network router I'm thinking it should be the same thing? My rules are below hope this helps!

    Network rule:
    192.168.1.2-192.168.1.100

    Don't block my router this address '192.168.1.1' and then block my own Computer and all computers connected to my Network! And I still have internet connection right now! ;)


     
  8. trott3r

    trott3r Registered Member

    Joined:
    Jan 21, 2010
    Posts:
    1,273
    Location:
    UK
    Does spyshelter have a ip blocklist like agnitums outpost firewall?

    Looking for a replacement for outpost.
     
  9. Jerry666

    Jerry666 Registered Member

    Joined:
    May 28, 2002
    Posts:
    176
    When you find a good replacement let me know , so far SSF has been as good as I could find , ben working well for the past 2 years .
     
  10. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    14,929
    Location:
    The Netherlands
    I get the impression that SS does not block memory reading and writing as strongly as AppGuard. That's why I became interested in AG, but I could never figure out how it worked, it looked too complex to me.
     
  11. shmu26

    shmu26 Registered Member

    Joined:
    Jul 9, 2015
    Posts:
    1,526
    Aw, come on. It's not that hard.
     
  12. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    14,929
    Location:
    The Netherlands
    Sometimes you like certain apps, and sometimes you don't. I get a headache just from reading AG's help file. :D
     
  13. shmu26

    shmu26 Registered Member

    Joined:
    Jul 9, 2015
    Posts:
    1,526
    Yeah, there is something about that help file that leaves you scratching your head, feeling "maybe I'm just stupid after all."
     
  14. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    14,929
    Location:
    The Netherlands
    Yes exactly, and I don't like that feeling. Tools like EXE Radar and SpyShelter are somehow easier to understand, at least for me.
     
  15. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    I used to be perplexed by Appguard, until Lockdown explained it to me. Now it just works no pop ups etc. The memory guard is simple. It 's easy, you just add apps to the guard list and tick the memguard boxes. If you are talking about under the hood, I don't care. I've tested it and it works. That's all I need to know.
     
  16. shmu26

    shmu26 Registered Member

    Joined:
    Jul 9, 2015
    Posts:
    1,526
    Same here. Lockdown is da man. There are some little things you need to know or figure out on your own, such as that "guarded apps list" overrides "user space" list. So if you have an item ticked on both of them, the guarded apps list wins. That's within the conceptual grasp of the ordinary mortal.
     
  17. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    14,929
    Location:
    The Netherlands
    BTW, one of the reasons that I believe AG's MemGuard is more advanced, is because if you block memory reading with SS, a tool like Process Explorer continues to work correctly. I believe that you mentioned that AG will correctly block Process Explorer from monitoring all processes.
     
  18. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    That is correct
     
  19. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    42,282
    Spyshelter v10.9.8 Released (April 10, 2018)
    Announcement
    Download
     
  20. Jerry666

    Jerry666 Registered Member

    Joined:
    May 28, 2002
    Posts:
    176
    Thanks , was getting worried , nothing for 3 months .
     
  21. ichito

    ichito Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    1,974
    Location:
    Poland - Cracow
    There is something wrong with this version...I saw signals from users that 10.9.8 crashes different systems including my Vista (32-bit). At this time I will rather wait and stay with v. 10.9.7 :thumbd:
     
  22. puff-m-d

    puff-m-d Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    5,625
    Location:
    North Carolina, USA
    Hello,

    SpyShelter version 10.9.9 has been released.
    Homepage
    Download
    Blog
    Changelog
     
  23. Jerry666

    Jerry666 Registered Member

    Joined:
    May 28, 2002
    Posts:
    176
  24. ichito

    ichito Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    1,974
    Location:
    Poland - Cracow
    As regard to my post #1046 - new build x.9 works OK.
     
  25. Jerry666

    Jerry666 Registered Member

    Joined:
    May 28, 2002
    Posts:
    176
    Thanks , that was quick !
    Strange , no problems with win 7 64 or 32 with 10.9.9
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.