SpyShelter 11

Discussion in 'other anti-malware software' started by puff-m-d, Apr 17, 2018.

  1. ichito

    ichito Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    1,793
    Location:
    Poland - Cracow
    Yes...I think it should do this normaly like with any other folder what means you will get the alert when something will try to read/write anything from such folders.
    I made few minutes ago an example of rules for Chrome Advanced and Thudnerbird...that's are only two folders but perhaps is posible make that with all needed locations.
    181119201917_1.jpg

    Protecting folder means protecting whole its content so no matter what kind of file is in danger in case you wrote. Looking at my previous experiance with file/folder protection featured in SS I can say it works properly what means I've got an alert in every case I expected...or not what sounds rather good.

    It's hard to agree...at this time we have in Settings some specified and strictly definied protections level and there is no level called "think instead of user"...but there is the feature "Auto-allow the action for a component signed by a trusted signer"...you can chose one...few...or all from the list. My choice was "ask user" level :)
     
  2. shmu26

    shmu26 Registered Member

    Joined:
    Jul 9, 2015
    Posts:
    1,197
    Even with "autoallow" for certified applications, it should provide some protection from malware. But at "ask user" level, you will have protection even if the malware hijacks a trusted process -- if you are very alert and you know that this particular process doesn't need to read your browser data.
     
  3. ichito

    ichito Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    1,793
    Location:
    Poland - Cracow
    Yes you perhaps have right but
    - not every user is using "ask user" level
    - folder protection is like the "second lock" that...not only suspicious/dangerous...process can't open without your permission.
     
  4. Soft Life

    Soft Life Registered Member

    Joined:
    Aug 10, 2018
    Posts:
    61
    Location:
    United States
    Spyshelter on sale now until NOV 27th, %35 off. Totally worth the price. I love the antikelloger because it watches program start ups and clipboard access. Much more than just a antikeylogger. I don't even use the firewall but still love it. Buy it to be safer in an unsafe world
     
  5. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    11,347
    Location:
    The Netherlands
    BTW, forgot to mention that SS also doesn't block process termination. In the article you can read that TrickBot uses Powershell to terminate AV's like Win Defender. Another thing that the developers have never improved. :thumbd:

    For people who want to experiment a bit, it's not a bad price for 1 year. But it should have been the normal price.
     
  6. Soft Life

    Soft Life Registered Member

    Joined:
    Aug 10, 2018
    Posts:
    61
    Location:
    United States
    There is no other program that i am aware of that gets mad when a program updates like a browser and i have to allow all rules like the previous. There is no other program that I have that makes me allow access to any new program that I install. It gives me peace of mind and by you saying it should be cheaper is you not knowing what it really works like.
     
  7. Azure Phoenix

    Azure Phoenix Registered Member

    Joined:
    Nov 22, 2014
    Posts:
    843
    Don't all HIPS do this?
     
  8. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    7,257
    Location:
    U.S.A.
    In reference to the Trend Micro article on Trickbot, only three AV solutions were mentioned:
    It's a given that MBAM and WD can be easily "taken out" by malware. I don't know however what excuse Sophos has for not having adequate self-protection.

    I also wouldn't lose any sleep over this Trickbot variant since the detection rate on VT is 53/67.
     
    Last edited: Nov 24, 2018
  9. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    11,421
    SpyShelter v11.3 Released (November 26, 2018)
    Announcement
    Download
     
  10. Dragon1952

    Dragon1952 Registered Member

    Joined:
    Sep 16, 2012
    Posts:
    1,710
    Location:
    Hollow Earth - Telos
    The PCMAG review from 2015 on SS FW does not look good.
     
  11. Azure Phoenix

    Azure Phoenix Registered Member

    Joined:
    Nov 22, 2014
    Posts:
    843
    I don't think PCMag is the best place to look for reviews about products involving HIPS
     
    Last edited: Nov 26, 2018
  12. ichito

    ichito Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    1,793
    Location:
    Poland - Cracow
    They reviewed v. 9.2 and there was more than 60 versions after such review and I think post of Rasheed was the good summary
    https://www.wilderssecurity.com/threads/spyshelter-9-2-released.368335/page-9#post-2497915

    Yes...it's true...there is no action like "closing process/thread" in list of monitored actions or in advanced rules window :thumbd: Maybe because that SS can/should detect earlier suspicious action like #53 "execution of an application" and next gives us in alert option to block such dangerous proces and its action.
     
    Last edited: Nov 27, 2018
  13. shmu26

    shmu26 Registered Member

    Joined:
    Jul 9, 2015
    Posts:
    1,197
    What does high security level do, that medium security level does not do?
     
  14. Soft Life

    Soft Life Registered Member

    Joined:
    Aug 10, 2018
    Posts:
    61
    Location:
    United States
    Mine is on auto allow high security and it still always pops off if a program changes. It's very active letting me know something changed which is why i like it but I'd never put it on my mom's PC because she wouldn't get it. Medium security I really don't know if I can even try it at this point because I have a bunch of rules already set to allow or deny.

    Basically there are programs you load that will actually try to gain access to your clipboard that they have no business to do so. You can block them with SS.
     
  15. ichito

    ichito Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    1,793
    Location:
    Poland - Cracow
    Basicaly...from help file
    "Auto allow - High security level
    Based on our internal rules, this will automatically allow certain non-signed apps, without prompting you. This happens when SpyShelter Firewall has already identified and classified these applications as safe.
    (...)
    Auto allow - Medium security level
    Based on our internal rules, this is a balanced option between high security and a lower number of false alerts. This is the recommended option for non-advanced users."
    We don't know exactly where is the difference...in which mechanism of detection...in which builtin rules...we can only observe different reaction for particular action. I've tested similar issue according to option "Auto-block suspicious behaviour" and it was mentioned on MT...maybe it can be interresting
    https://malwaretips.com/threads/does-oneself-really-need-an-antivirus.83648/page-4
     
  16. shmu26

    shmu26 Registered Member

    Joined:
    Jul 9, 2015
    Posts:
    1,197
    Thanks. I see you did some interesting tests.
    You wrote there: "Auto allow - medium..." similar to mentioned abowe but most of actions are automaticaly allowed without adding to the list of rules."
    If they are not added to list of rules, it should not be a problem to switch from medium to high, correct? I mean, you won't lose security, after you switch to high.
     
  17. ichito

    ichito Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    1,793
    Location:
    Poland - Cracow
    In "auto allow-high" level only non-critical action were allowed and quite a lot of action (suspicious for SS) were blocked and added to the list of rules...in "medium" level most of apps action were allowed without adding rules to the list and only critical action were blocked and saved as rules. We should remeber that such behaviour was connected with auto block feature what could change the buil-in (and not visible for user) internal rules of SS. But answering your question - I think "yes"...changing level to high is not a problem because auto-allowed rules hadn't be created/saved so we can still block some actions what we want.
     
  18. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    11,347
    Location:
    The Netherlands
    Bad excuse, a HIPS should always be able to monitor all suspicious actions, so if some app is trying to terminate security tools you already know something fishy is going on.
     
  19. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,512
    Location:
    USA
    Does the developers of SpyShelter ever sell lifetime license?
     
  20. kakaka

    kakaka Registered Member

    Joined:
    Oct 5, 2009
    Posts:
    63
    Yes, I bought one long time ago.
     
  21. shmu26

    shmu26 Registered Member

    Joined:
    Jul 9, 2015
    Posts:
    1,197
    Lifetime licenses are a thing of the past. Most companies no longer offer them, and that includes Spyshelter.
     
  22. Jerry666

    Jerry666 Registered Member

    Joined:
    May 28, 2002
    Posts:
    161
    As did i Great deal no longer offered
     
  23. ichito

    ichito Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    1,793
    Location:
    Poland - Cracow
    "Please note that this is Release Candidate version and you may experience some irregularities in GUI, for this reason, automatic update is disabled for this RC version. Only manual update will work. You can find download links below.


    This version refreshes SpyShelter GUI, adds new icons, presents new Rules tree-view as well as allows to adjust GUI scaling without changing Windows settings.


    SpyShelter 11.4 Release Candidate


    – Added new(3rd) tree view mode display of Rules list
    – Replaced all images with new style and kind (vector based glyphs)
    – Implemented scaling feature for GUI (Auto, 125%, 150% PPI)
    – Many small general look improvements including scalable logo and other small improvements."

    https://www.spyshelter.com/blog/spyshelter-11-4-rc-released/
     
  24. Umbra

    Umbra Registered Member

    Joined:
    Feb 10, 2011
    Posts:
    5,358
    Location:
    Europe then Asia
    It is me or the encryption module of SpS-FW doesn't work in sandboxie-ed apps?
     
  25. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,512
    Location:
    USA
    If they would spend more time on the Firewall by adding IDS and IPS to it then I would switch from Eset Internet Security and use SpyShelter Firewall instead.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.