Discussion in 'other anti-malware software' started by puff-m-d, Apr 17, 2018.
11.7 is out , loaded wit noproblems
BTW, should SS also be capable to block video screen capturing? I noticed that Slimjet has a video recording function, and SS didn't alert about it.
BTW, remember we had a discussion about how the network monitor could be improved? It should be more like CrowdInspect, it shows you the active network connections, with a pausing option in order to prevent the screen from refreshing. This would give you time to block certain connections.
It's interresting but I'm not using Slimjet currently so I can't confirm such behaviour. I've downloaded SJ in both version (installer and portable) and will try observe what is happen. I see one doubt - my system is Vista and I don't know if installation will go successfuly.
As regards network monitoring - yes, I know CrowdInspect and yes it's very useful tool...but i don't know if such feature should be incorporated 1:1 directly into SS You just can use CrowdInspect
OK...as I thought Vista is not good system to test/reproduce such issue. Although SS alert about taking screenshot action but to record a video of screen it is needed for my instance of SJ some specific extension called 'Screencastify" that can not be installed in SJ v. 10.0.13.0 (it's based on Chromium 50.0.2661.75).
So...I'll try to check it on Win8.1 of my wife but it have to be surerly a bit later.
SpyShelter v11.8 Released (June 12, 2019)
It's confirmed by my friend that on Win 10 1809 the action of taking screenshot and recording of screen is not monitored/detected. Maybe it's allowed because of some other mechanism used by Slimjet?
anybody having trouble with 1.8 , seems if i type me in explorer it comes out as 45 went back to 11.6 and problem went away , should i just reload 11.8 and try again ?
I still need to test other it against other video capturing tools, but I'm guessing that SS only protects against making screenshots, and not against video recording.
Well, this another example of why I believe that SS is missing innovation. This stuff should have been integrated. And I really miss an "auto-block" mode. But SS is still the best HIPS/anti-logger on the market, no doubt about that. BTW, in "Auto-Allow" mode explorer.exe should be trusted right? Because I still got an alert, but I just realize I have probably disabled auto-allow for certain behaviors.
In my thinking Explorer.exe should be trusted...in the other way you perhaps will have some problems with strange system behaviour like close/reboot system or launching apps from desktop icons etc...it was very iritating If you have FW version you should look at the list in the tab "Application execution control" and check what rules of such process you have (bottom box). Perhaps you will have "*" in apps column so every child process can be potentialy launched...remove it and wait for alerts of single action
Yes exactly, explorer.exe should be trusted, but it shouldn't get outbound network access. But anyway, are you willing to test SS against a couple of tools? I can't do this because I'm not using any virtual machines. I wonder if SS can block these basic keyloggers:
OK...I'll try to test how such tools will be detected. All 3 are already downloaded and two are launched to see how to better prepare test (rules, logfiles, first etecte action, etc.) It wil be done on system in Shadow Moe (SD) an I think it's enough to protect against unwanted changes If "no"?...I have Keriver backup At the end I'll post here some info and screenshots.
OK...after a few days my first impression about test - SSFW against 3 popular logger apps.
Test "enviroment" - Vista 32-bit, SS on "ask user" level, log file is empty, test on virtialised system (SD)
First - Ardamax Keylogger Viewer v. 5.1...below there are all screenshots from detected "pure working" action (already after installation)
And at the end something "tasty" Ardamax KV in this free version has active only keylogging feature what is visible in main window (all the others features are greyed and perhaps paid)...but after 7-8 min SS detected next two actions that should be theoreticaly inactive - access to webcam and taking screenshot. On 3 picture there are alerts about such hidden actions and additionaly screenshot of keylogger window in which we can see "power" of SS - this are inputs deteced by AKV from logging to Wilders forum - my login and password
The next keyeloggers in near future
Thanks for testing. What about the other tools? And if I understood correctly, SS was able to block all of Ardamax Keylogger's actions.
I'm working on shifts and currently at night...when im back home i fall down on bed like dead. I have to find some time...I promise do this
Yes...it looks that SS successfully detected all actions related to logging users activity.
Here the two next tests and its results - I think in both cases are positive for SpyShelter:
Keystroke Spy and detected actions on screenshots and on the list:
anty keylogging - 10
screen protection - 22, 23
system protection - 26, 41
firewall - 51, 56
It's a bit interesting action of opening csrss.exe - in others than system locations - like in this example - AV app are treateting such process as backdoor. I think in this case it's easy to explain
Kidlogger and detsecte actions on the list and screenshots
anty keylogging - 20
clipboard protection - 24
anti-gettext - 25
sound protection - 32
system protection - 39, 51
firewall - 50, 53
According to description in link below it can be interessting the action of openning system file vercslid.exe
The last screenshot in panorama shows one more time what such application can see when we have SS working in our system
Thanks for the testing ichito. Very interesting results indeed. I'll be monitoring this thread in case you come up with similar testing of SpyShelter in the future. Perhaps a comparison with Zemana AntiLogger would also be interesting.
No problem, I know how it feels, I get really tired when I have played soccer or tennis, I guess I'm getting old LOL. But thanks for these tests, seems like SS has got no difficulties spotting all of these actions.
Keep in mind that Zemana AntiLogger doesn't alert about app behavior anymore. So basically, SS is the last HIPS on the market who gives the user full control.
Comodo is still alive.
LOL, totally forgot about Comodo. But I never liked them, too many dumb alerts. And my system started to behave weirdly. I have never had stability or even compatibility problems with SpyShelter. On the other hand, Comodo does have interesting features like the sandbox.
BTW, I've found another "flaw", seems like SS isn't monitoring DNS settings.
??...what about action #50 (access to the network via DNS Resolver)?
I could stand to be corrected, but I don't believe I've ever seen that particular feature ever being sold on SpyShelter's web site.
I have Glasswire for that. Below is a screenshot from their lovely wasted space GUI.
Considering the complexity of that Extenbro, it's possible that another one of SpyShelter's monitored actions might evoke an alert.
If you change your DNS settings, do you get an alert?
I have the not-firewall SpyShelter so I can't test that.
Separate names with a comma.