SpyShelter 11

Discussion in 'other anti-malware software' started by puff-m-d, Apr 17, 2018.

  1. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,510
    Location:
    USA
    I just installed 11.4 RC on Windows 10 X64 Pro version 1709 and it set itself to Medium Security Level after installation. During the installation Process I chose High Security Level since I was only given the option of Medium or High (I would have chose Microsoft if given the option). Anyway, it should have been in High Security Level after instillation instead of Medium.
     
  2. ichito

    ichito Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    1,773
    Location:
    Poland - Cracow
    Hi @Cutting_Edgetech
    Some bugs/issues are already reported to support...try to restart process of SS (close and open app). In my instation it works.

    No it works normaly...such feature gives limited access to keyboard inputs but gives. I've tested SS Security Test Tool on two apps - system Notepad and Chrome - results you can see below
    - first entry (red) is from Chrome
    - second (green) is from Notepad
    and in box of tool we can see one line of signs
    190108104500_6.jpg 190108104543_7.jpg
     
  3. Umbra

    Umbra Registered Member

    Joined:
    Feb 10, 2011
    Posts:
    4,994
    Location:
    Europe then Asia
    @ichito thx, I was asking because because i didn't see the pop-up/balloon when the app is sandboxed.
     
  4. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    11,145
    Location:
    The Netherlands
    Did they also fix the log window? With that I mean, are allowed or blocked behaviors now displayed in text instead of ActionType number?

    In the version I'm using it does work, so it should. If not, it's a bug in the new SS or some conflict on your system.
     
  5. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,510
    Location:
    USA
    SpyShelter rarely logs anything on my system. It just allows everything, and does not log anything unless i'm prompted for some behavior. I wish it logged like ERP does. I would know what's happening on my system, and I could look for suspicious behavior.
     
  6. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,510
    Location:
    USA
    Is anyone here using restricted apps list without breaking your applications? I have tried adding Firefox to the restricted apps list a few times in the past, and I always had to remove it because Firefox could not function when on the restricted apps list.
     
  7. Umbra

    Umbra Registered Member

    Joined:
    Feb 10, 2011
    Posts:
    4,994
    Location:
    Europe then Asia
    It logs everything for me. If an app doesn't do relevant activity, of course it won't be logged.
     
  8. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,510
    Location:
    USA
    I have it set to Allow Microsoft, but it allows everything from it's internal whitelisting, not just Microsoft. I don't see any logic in their Allow Microsoft Mode of protection since it allows all their internal whitelisting that has nothing to do with Microsoft. SpyShelter is not logging anything it is allowing, and it's allowing pretty much everything in Allow Microsoft Mode of protection. I can run SS for days and only have 2 or 3 entries in the Log.
     
  9. Umbra

    Umbra Registered Member

    Joined:
    Feb 10, 2011
    Posts:
    4,994
    Location:
    Europe then Asia
    I use Ask User mode, I dont see the point of using other modes, after all I use an HIPS because I want strict and total control.
     
  10. shmu26

    shmu26 Registered Member

    Joined:
    Jul 9, 2015
    Posts:
    1,117
    If you want to see the real power of SpyShelter, put it in "ask user" mode. And make sure that you don't already have entries with wildcard * in the whitelist (this might only apply to the firewall version, I don't remember)
     
  11. ichito

    ichito Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    1,773
    Location:
    Poland - Cracow
    @Rasheed187
    @Cutting_Edgetech
    I think my post can answer your qestion...I've done some test about what is logged and how rules are made according to different protection level:
    - test was made on FW version 11.3 because it's the last stable version
    - I took into account 3 levels: "auto alllow MS", "auto allow high security" and "ask user"
    - before each one test all rules in "general" tab and tab "application execution controll" was removed and log entries was cleared
    - there was such tasks below to do...as we can see there was different apps from more or less known vendors
    * launch Word (icon on desktop)
    * launch file manager Free Commander (icon on quick launchbar)
    * launch Firefox portable (icon on quick launchbar)
    * launch system Notepad (icon on start menu)
    * execution of installator of IOLO System Checkup
    * taking screenshot from SS interface using FC feature (Shift+Ctrl+F10 keys).

    Results and thoughts:
    - in all test the number of logged action listed in SS is quite the same
    - I think all action...even those not alerted...was listed
    - together with number of action we have description of action (see txt attachements)
    - the goal....what means differences...we can see on rules list and especialy in way that they had been created (manualy or automaticaly):
    * on "allow MS" level only one rule was made automaticaly - for Explorer.exe - the rest for other action was made manualy (it's Windows/MS process)
    shelter-rules_allowMS.jpg
    * on "auto allow High security" we have additionaly rule for Firefox that was made automaticaly (they are trustworthy signed apps/processes)
    shelter-rules_autoHigh.jpg
    * on "ask user" we have no rules made automaticaly - all of them needed user decision (everything is unknown).
    shelter-rules_askUser.jpg

    What's that can mean for me...maybe for other users?...protection level "auto allow MS" can be even better than "auto-high" and in fact unknown apps are detected what means our attention and decision. But for sure the best and most secure is "ask user" level.
     

    Attached Files:

  12. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    11,145
    Location:
    The Netherlands
    I'm not sure in what mode you're running, but it logs everything on my system, and I actually have a problem with it, because it even logs behaviors that I have disabled. This makes things very cluttered, and it only shows you the ActionType number, instead of "modifying protected file" or "outgoing network access", so yes it should have been like in ERP.

    Yes, I have also had problems with this feature, it's not the best sandbox out there. It's better to rely on Sandboxie.
     
  13. Umbra

    Umbra Registered Member

    Joined:
    Feb 10, 2011
    Posts:
    4,994
    Location:
    Europe then Asia
    To me, Restricted Apps is closest to a mechanism like Appguard's Guarded Apps than sandboxie.
     
  14. shmu26

    shmu26 Registered Member

    Joined:
    Jul 9, 2015
    Posts:
    1,117
    Right. It's not trying to be a real sandbox. It doesn't divert writes to another location, or change integrity level of running processes, like Sandboxie does. It just restricts access to certain resources.
     
  15. ichito

    ichito Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    1,773
    Location:
    Poland - Cracow
    Yes and I think it was the reason that they went back from the name "Sandbox" to previous name of such feature "Restricted Apps". As I remember we can compare it to features that we could find in OA (Run as restricted) and Privatefirewall (Limited rights).
    Perhaps you should add folders with write access location for Firefox - C:\Users\User\\AppData\Roaming\Mozilla\Firefox and C:\Users\User\AppData\Local\Mozilla\Firefox...it's from Vista but in your system should be similar. General loaction that you can get from context menu - "Add special folder" - was in my case "to general".
     
  16. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    11,145
    Location:
    The Netherlands
    Problem is that it might often break stuff, so that's why I don't like it.
     
  17. Umbra

    Umbra Registered Member

    Joined:
    Feb 10, 2011
    Posts:
    4,994
    Location:
    Europe then Asia
    I like the v11. 4 tree view, and the new PPI option saved my life lol. After few days of training, Ask User mode is quiet on my static system.

    I would like the option to get a notification when something is blocked (or I missed it).
     
  18. sdmod

    sdmod Shadow Defender Expert

    Joined:
    Oct 28, 2010
    Posts:
    911
    I'd like to try SpyShelter Silent Anti Keylogger which I believe is just like an advanced Keyscrambler without all the other firewall stuff. Does anyone have a link for a download? I can't seem to find it.
     
  19. JRViejo

    JRViejo Super Moderator

    Joined:
    Jul 9, 2008
    Posts:
    28,984
    Location:
    U.S.A.
  20. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    9,512
    Try to download it from Majorgeeks
    SpyShelter_Silent_Majorgeeks.png
     
  21. sdmod

    sdmod Shadow Defender Expert

    Joined:
    Oct 28, 2010
    Posts:
    911
    I downloaded it but it is a paid one. I'd thought that it was freeware one. No problem and thanks anyway.

     
  22. ichito

    ichito Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    1,773
    Location:
    Poland - Cracow
    Silent version was always paid and have had separete licencing...you couldn't activate it using key number from Firewall or Premium versions.
     
  23. sdmod

    sdmod Shadow Defender Expert

    Joined:
    Oct 28, 2010
    Posts:
    911
    Thanks ichito,
    SpyShelter Silent vesrsion looked like something that might suit my purposes with it being anti keylogger and encrypted keystrokes without all the full firewall rules etc. Keyscrambler My version 2.8,2.0 (even premium) is limited to certain range of applications and doesn't seem to cover some of the more modern browsers on my XP system. Spyshelter Silent covered all keystrokes as far as I know and runs on XP
    I was scared of installing the full version of Spyshelter as it requires a reboot, it looked complex, seemed like it required careful configuration and I wanted to try it first in Shadow Defender shadowed mode to prevent any possible conflicts in my real system with other deep level software but it requires a re-boot to operate.



     
  24. Umbra

    Umbra Registered Member

    Joined:
    Feb 10, 2011
    Posts:
    4,994
    Location:
    Europe then Asia
    Just don't activate it while on shadow mode. For obvious reasons.
     
    Last edited: Jan 14, 2019 at 12:18 PM
  25. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    11,145
    Location:
    The Netherlands
    Wait a minute, since when are you using SS? I thought a while back you said that you didn't need it? I remember you being quite negative about these type of HIPS. :p
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.