SpyShelter 11

Discussion in 'other anti-malware software' started by puff-m-d, Apr 17, 2018.

  1. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    15,998
    You're welcome. :)
     
  2. Jerry666

    Jerry666 Registered Member

    Joined:
    May 28, 2002
    Posts:
    167
    11.7 is out , loaded wit noproblems
     
  3. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    11,879
    Location:
    The Netherlands
  4. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    11,879
    Location:
    The Netherlands
    BTW, remember we had a discussion about how the network monitor could be improved? It should be more like CrowdInspect, it shows you the active network connections, with a pausing option in order to prevent the screen from refreshing. This would give you time to block certain connections.

    https://www.softpedia.com/get/Antivirus/CrowdInspect.shtml
     
  5. ichito

    ichito Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    1,840
    Location:
    Poland - Cracow
    It's interresting but I'm not using Slimjet currently so I can't confirm such behaviour. I've downloaded SJ in both version (installer and portable) and will try observe what is happen. I see one doubt - my system is Vista and I don't know if installation will go successfuly.
    As regards network monitoring - yes, I know CrowdInspect and yes it's very useful tool...but i don't know if such feature should be incorporated 1:1 directly into SS :) You just can use CrowdInspect :)
    ----------------------
    edit:
    OK...as I thought Vista is not good system to test/reproduce such issue. Although SS alert about taking screenshot action but to record a video of screen it is needed for my instance of SJ some specific extension called 'Screencastify" that can not be installed in SJ v. 10.0.13.0 (it's based on Chromium 50.0.2661.75).
    190611181924_3.jpg
    190611181826_2.jpg

    So...I'll try to check it on Win8.1 of my wife but it have to be surerly a bit later.
     
    Last edited: Jun 11, 2019
  6. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    15,998
    SpyShelter v11.8 Released (June 12, 2019)
    Announcement
    Download
     
  7. ichito

    ichito Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    1,840
    Location:
    Poland - Cracow
    It's confirmed by my friend that on Win 10 1809 the action of taking screenshot and recording of screen is not monitored/detected. Maybe it's allowed because of some other mechanism used by Slimjet?
     
  8. Jerry666

    Jerry666 Registered Member

    Joined:
    May 28, 2002
    Posts:
    167
    anybody having trouble with 1.8 , seems if i type me in explorer it comes out as 45 went back to 11.6 and problem went away , should i just reload 11.8 and try again ?
     
  9. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    11,879
    Location:
    The Netherlands
    I still need to test other it against other video capturing tools, but I'm guessing that SS only protects against making screenshots, and not against video recording.
     
  10. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    11,879
    Location:
    The Netherlands
    Well, this another example of why I believe that SS is missing innovation. This stuff should have been integrated. And I really miss an "auto-block" mode. But SS is still the best HIPS/anti-logger on the market, no doubt about that. BTW, in "Auto-Allow" mode explorer.exe should be trusted right? Because I still got an alert, but I just realize I have probably disabled auto-allow for certain behaviors.
     
  11. ichito

    ichito Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    1,840
    Location:
    Poland - Cracow
    In my thinking Explorer.exe should be trusted...in the other way you perhaps will have some problems with strange system behaviour like close/reboot system or launching apps from desktop icons etc...it was very iritating :) If you have FW version you should look at the list in the tab "Application execution control" and check what rules of such process you have (bottom box). Perhaps you will have "*" in apps column so every child process can be potentialy launched...remove it and wait for alerts of single action :)
     
  12. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    11,879
    Location:
    The Netherlands
    Yes exactly, explorer.exe should be trusted, but it shouldn't get outbound network access. But anyway, are you willing to test SS against a couple of tools? I can't do this because I'm not using any virtual machines. I wonder if SS can block these basic keyloggers:

    https://www.snapfiles.com/get/kidlogger.html
    https://www.snapfiles.com/get/ardamaxkeylog.html
    https://www.snapfiles.com/get/keystrokespy.html
     
  13. ichito

    ichito Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    1,840
    Location:
    Poland - Cracow
    OK...I'll try to test how such tools will be detected. All 3 are already downloaded and two are launched to see how to better prepare test (rules, logfiles, first etecte action, etc.) It wil be done on system in Shadow Moe (SD) an I think it's enough to protect against unwanted changes :) If "no"?...I have Keriver backup :) At the end I'll post here some info and screenshots.
     
  14. ichito

    ichito Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    1,840
    Location:
    Poland - Cracow
    OK...after a few days my first impression about test - SSFW against 3 popular logger apps.
    Test "enviroment" - Vista 32-bit, SS on "ask user" level, log file is empty, test on virtialised system (SD)
    First - Ardamax Keylogger Viewer v. 5.1...below there are all screenshots from detected "pure working" action (already after installation)
    #1
    Panorama JIT 1.jpg
    #2
    Panorama JIT 2.jpg

    And at the end something "tasty" :) Ardamax KV in this free version has active only keylogging feature what is visible in main window (all the others features are greyed and perhaps paid)...but after 7-8 min SS detected next two actions that should be theoreticaly inactive - access to webcam and taking screenshot. On 3 picture there are alerts about such hidden actions and additionaly screenshot of keylogger window in which we can see "power" of SS - this are inputs deteced by AKV from logging to Wilders forum - my login and password :)
    #3 Panorama JIT 3.jpg

    The next keyeloggers in near future :)
     
  15. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    11,879
    Location:
    The Netherlands
    Thanks for testing. What about the other tools? And if I understood correctly, SS was able to block all of Ardamax Keylogger's actions. :thumb:
     
  16. ichito

    ichito Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    1,840
    Location:
    Poland - Cracow
    I'm working on shifts and currently at night...when im back home i fall down on bed like dead. I have to find some time...I promise do this :)
    Yes...it looks that SS successfully detected all actions related to logging users activity.
     
  17. ichito

    ichito Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    1,840
    Location:
    Poland - Cracow
    Here the two next tests and its results - I think in both cases are positive for SpyShelter:
    Keystroke Spy and detected actions on screenshots and on the list:
    anty keylogging - 10
    screen protection - 22, 23
    system protection - 26, 41
    firewall - 51, 56

    Panorama KeySpy.jpg
    It's a bit interesting action of opening csrss.exe - in others than system locations - like in this example - AV app are treateting such process as backdoor. I think in this case it's easy to explain :)

    Kidlogger and detsecte actions on the list and screenshots
    anty keylogging - 20
    clipboard protection - 24
    anti-gettext - 25
    sound protection - 32
    system protection - 39, 51
    firewall - 50, 53
    Panorama kidlogger.jpg
    According to description in link below it can be interessting the action of openning system file vercslid.exe
    https://www.file.net/process/verclsid.exe.html
    The last screenshot in panorama shows one more time what such application can see when we have SS working in our system :)
     
  18. TNO_sec

    TNO_sec Registered Member

    Joined:
    Sep 26, 2010
    Posts:
    47
    Thanks for the testing ichito. Very interesting results indeed. I'll be monitoring this thread in case you come up with similar testing of SpyShelter in the future. Perhaps a comparison with Zemana AntiLogger would also be interesting.
     
  19. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    11,879
    Location:
    The Netherlands
    No problem, I know how it feels, I get really tired when I have played soccer or tennis, I guess I'm getting old LOL. But thanks for these tests, seems like SS has got no difficulties spotting all of these actions. :thumb:

    Keep in mind that Zemana AntiLogger doesn't alert about app behavior anymore. So basically, SS is the last HIPS on the market who gives the user full control.
     
  20. Umbra

    Umbra Suspended Member

    Joined:
    Feb 10, 2011
    Posts:
    6,163
    Location:
    Europe then Asia
    Comodo is still alive.
     
  21. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    11,879
    Location:
    The Netherlands
    LOL, totally forgot about Comodo. But I never liked them, too many dumb alerts. And my system started to behave weirdly. I have never had stability or even compatibility problems with SpyShelter. On the other hand, Comodo does have interesting features like the sandbox.
     
  22. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    11,879
    Location:
    The Netherlands
  23. ichito

    ichito Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    1,840
    Location:
    Poland - Cracow
    ??...what about action #50 (access to the network via DNS Resolver)?
     
  24. Surt

    Surt Registered Member

    Joined:
    Jan 23, 2019
    Posts:
    50
    Location:
    USA
    I could stand to be corrected, but I don't believe I've ever seen that particular feature ever being sold on SpyShelter's web site.

    I have Glasswire for that. Below is a screenshot from their lovely wasted space GUI.

    Considering the complexity of that Extenbro, it's possible that another one of SpyShelter's monitored actions might evoke an alert.

    DNSwildersGWire.jpg
     
  25. Surt

    Surt Registered Member

    Joined:
    Jan 23, 2019
    Posts:
    50
    Location:
    USA
    If you change your DNS settings, do you get an alert?

    I have the not-firewall SpyShelter so I can't test that.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.