I'm testing Spyshelter in a VM right now. I executed gmer.exe file from the desktop, and it allowed it to execute. Spyshelter then alerted me to the pwrdyfoc.sys driver that gmer was trying to execute in my local temp folder. I have Spyshelter set on Allow Microsoft. Why did Spyshelter not alert me to the gmer.exe file before it tried to install the driver? Is there something in the settings I need to change so SS will alert me to .exe files attempting to execute?
under application execution control find explorer.exe find if there is a rule like " * " if there is remove it then go to list of monitored action find action 53,then select it then uncheck "auto allow action for component signed by trusted signer" then put in allow Microsoft mode.it should alert now. however not sure why its allowed.since file not have certificate maybe it in a builtin allowed hash?! edit: or maybe because parent file is from microsoft
There are many security softs that SpyShelter does not play well with. You definitely cannot use another product that has HIPS. It combines well with Appguard. If you run SSF in "ask user" mode, you don't really need anything else.
If you realy want to add something other I think NVT ERP - but in old version "3.1" - can be good and efficient companion to SS.
i believe OSA would be better, it has no prompts, just block notifications. SpS already does what ERP do.
Only the SS Firewall edition has "App Execution Control" and co22 already explained how to fix the problem. Nope, SS isn't as userfriendly as ERP. Sandboxie also plays well with SS, and no, the sandbox in SS isn't really that advanced.
It turns out I just needed to click on terminate instead of deny. I thought they both should do the same thing. I was never able to find the settings that CO22 referred me to, but i'm not using the Firewall version either. I'm testing SpyShelter Premium.
i talk only about security mechanism. You can compare user-friendliness between apps with similar mechanism, if one mechanism does already what the other does, the other became useless.
I'm not following you, the thing is that anti-exe in SS is very unhandy, so that's why I'm using EXE Radar. So I don't see how ERP is useless in this case.
Long time i didn't used SS, but i recall it blocks exe, drivers and dlls, and have a great command line parser. ERP blocks only exes. So you see why i say it is useless to use both? By using both it is like you are using an AV with antispyware capabilities, then add a basic anti-spyware because the AV is not convenient to use. Personally i choose a product based on its efficiency and coverage, i don't care much on its user-friendliness, i just need a GUI. I avoid redundancy.
Firewall (FW) with HIPS is what I seek. SS FW has HIPS. Comodo FW (CFW) has HIPS. I have 3 questions, just in case anyone here has experience with both SS FW & CFW: 1) Which is more user friendly: SS FW or CFW? 2) Which is easier on the CPU: SS FW or CFW? 3) Which is more stable: SS FW or CFW?
1) At default settings, CFW is more user friendly, in the sense that it is quieter. But when something does get blocked, SSFW is easier to deal with. You don't have all that messy autosandboxing stuff. (I am not really speaking of true Comodo default settings, I have in mind @cruelsister settings, which SHOULD be used by default.) 2) Both are easy on CPU 3) Both are prone to conflicts and issues of various sorts. It should be noted that CFW at default (@cruelsister) settings is a default/deny setup, but SSFW at default settings is not.
