I think 10.9.8 on 64-bit was without issues...it looks they were on 32-bit although I'm not completely sure.
The logging system has to be one of the worst ever seen in any HIPS. And no option to auto-block certain behaviors. That's true.
OK...it's true that is no others command/option you can get from mouse menu except "view log file" - it gives you logged action listed in Notepad. As regards to auto-block option...right, no way to find specific feature called "auto-block behaviour (e.g.) rule #xx" but you can create group rules based on action listed in advanced rule window. - in "Rules" click right button somewhere on the list and from menu chose "Create rule fo a component" - you get new "empty" window without name of process and specific rules - everything on default settings - you can make your own rule/pattern for each action (allow/block/default) and at the end save everything with the name you want - then you can use saved pattern for any app/process you want/need just loading after opening rules windows to edit settings. That's the way for detected actions but you can create your own rule for connection also and than load it when you need - the box "Custom network rule"-"Select" and "Create" button.
The thing what's so ridiculous about the log window is that you only get to see the ActionType which is a freaking number, they didn't bother to fix this in almost 10 years. And even if App Execution Control is disabled you will see it being logged. Speaking of App Execution Control, there is no way to fine tune it, like with EXE Radar. And we should be able to block certain behaviors automatically on a global level. For example, I want to auto-block outgoing connections and read/write access to protected folders, I do not want to see any alerts! I would love to see certain features of GlassWire, BlackFog and Win Firewall Control being incorporated, I miss this type of innovation.
Hi Rasheed , does Black fog work alongside of spyshelter firewall , or do I have to use only one ether Black Fog or Spyshelter ? Thanks
Hmmm...I don't know...do you remember that phrase? - ""view log file" - it gives you logged action listed in Notepad"?...you perhaps didn't look inside log file. Short (only 3 minut of activity) quotation from it in which you can find description of action instead of it number only It's clear - at this time is not possible create some action/rule from log file what would be convinient sometimes. - How did you disable "App Execution Control"? - Auto-block of read/write access to protected folders is not reasonable for me...how would you save files inside? Perhaps that is the reason of lack such feature
I don't want to view the log file, I want SS to show me the ActionType in text! And yes, the ability to block or unblock straight from the log window is a must have. But the developers don't care. I disabled it via Settings, because App Execution Control in its current state is useless to me. Instead of alerting about all child processes, it should rather only monitor vulnerable system processes. And auto-blocking is another must have, you give only a couple, let's say 10 apps permission to access protected folders and you block all others, no alerts needed.
SS it's a "HIPS-like" created app and its main feature is to alert about detected uknown/suspicious events...for me it stands in oposite to auto-creating rules feature like "auto-block" or "auto-allow". BTW auto-allow can be tuned using diferent levels of protections because SS has the builtin wide base of trusted vendors/signers. And one more time about disabling App Execution Control - where it can be done?...I can't find that...
Yes, but a good HIPS will give you an option to auto-block or to alert about certain behavior, remember Neoava Guard who also had an excellent event log system? The weird thing is, if you look at the current quality of SS, it's already quite high, so I'm sure that the developer has got the skill to improve things, but for some reason he refuses to do this. And I already did answer your question, go to Settings --> List of Monitored Actions --> Disable ActionType 53, and it will stop giving useless process execution alerts that will drive you insane.
Look at this small tool called Folder Firewall Blocker...I've found it today and I'm impressed how smart it works http://www.snapfiles.com/get/folderfirewall.html
I don't see what's so impressive about it. It makes more sense to block ALL apps (no matter what folder) except for trusted ones, like browsers and download managers. This is exactly what tools like WFC and TinyWall offer, and SpyShelter should have also offered an auto-block function! Did it work for you? Because I was a bit surprised you asked me this question. Like I said, App Execution Control in its current form is useless. It should alert about all child processes being spawned by exploitable apps (browsers, media players, document readers), and it should only alert about apps trying to create suspicious child processes like explorer.exe, svchost.exe, cmd.exe and powershell.exe, for example.
Auto-blocking is a must have because I have separate data partition that only a few trusted apps need access to. All other apps should be blocked. BTW, about the ActionType, even in the Rules tab it's displayed as a number instead of text! You can see it when you switch to the classic view, what a joke. Take a look at this screenshot of Neoava Guard, this is how it should have been. It displays the app icon (Module) and event/action-type in text. Why didn't the developers fix this in almost 10 years?
No, they have stopped offering this. BTW, another thing that SpyShelter lacks is the ability to block terminating of processes. And it also doesn't monitor when services and drivers are being disabled. Other weird things: in the network activity monitor you can not see active connections.