SpyShelter 12

Discussion in 'other anti-malware software' started by mood, Oct 21, 2019.

  1. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    3,283
    Location:
    Canada
    I've never use SS. Does it actually alert on unauthorized script file types?
     
  2. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,742
    Location:
    Canada
    I dont remember to confirm but most hips alerts about just about every type of files
     
  3. Wendi

    Wendi Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    630
    Location:
    USA
    Yes, of course.
     
  4. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,742
    Location:
    Canada
    I told him that's the power of hips
     
  5. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    3,283
    Location:
    Canada
    Thanks. I didn't see that anywhere in the screenshots on the website. Didn't want to speculate.
     
  6. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,742
    Location:
    Canada
    I will try it next week and how it looks now
     
  7. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    3,283
    Location:
    Canada
    Cool, I'll wait for your feedback :)
     
  8. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,742
    Location:
    Canada
    For sure buddy .I am trying appguard now in protected mode
     
  9. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,742
    Location:
    Canada
    It's like hips it pop up and alert for suspicious activity when I opened a game :) it block it now I have to excluded
     
  10. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,742
    Location:
    Canada
    Real Time System Protection
    SpyShelter guards your registry, physical memory (RAM) and other sensitive computer parts among with processes, so that malicious code cannot be injected to take control of your PC.
     
  11. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    14,422
    Location:
    The Netherlands
    Weird, but I don't think this setting should make a difference. If the firewall module is enabled you should see alerts about child processes being launched. At least with the latest SS Free, I don't know if this some kind of design error. Because I don't see any "Application Execution Control" tab.
     
  12. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    14,422
    Location:
    The Netherlands
    I've installed SpyShelter Firewall on Win 10, and I'm happy to say that it's still pretty good. In order to avoid too many alerts I'm also running it in the same mode as you and I have disabled certain monitored actions. The only thing that bugs me is that screensize and columsize is not being remembered, so this GUI related stuff should be fixed.

    BTW, alerts are correctly scaled when you choose a scale of 125%, so this probably isn't a bug like I mentioned earlier. But overall, I have to compliment the SS developers and I would advice people to choose for the SS Premium or Firewall version, it's worth the money. But of course it depends a bit on what you expect from a behavior blocker.
     
  13. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    14,422
    Location:
    The Netherlands
    It depends on which mode it's in, you will probably have to use the "ask user" mode, plus "Application Execution Control" needs to be enabled. You're probably better off with a tool like EXE Radar or OSArmor when it comes to this.

    But I'm actually trying to reduce alerts as much as possible, let's face it, it's not like malware will automatically end up on your system. Exploits attacks on home users are mostly a thing of the past, and a good AV will probably block 99% of all malware that you may perhaps not even encounter.
     
  14. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    3,283
    Location:
    Canada
    Thank you for providing some specifics. Not that I'm paranoid about it, but I think if the latest attacks can happen to big business, they can happen to home users, so I have my device locked down accordingly, based on what I've been able to learn about these exploits, far from expert level of course, but I'm pretty darn confident it's as close to bullet proof as I can achieve, with practically no more alerts these days. The latest was for C:\Windows\System32\manage-bde.exe becaue of a batch script for re-locking one of my bitlockered storage partitions.
     
  15. stapp

    stapp Global Moderator

    Joined:
    Jan 12, 2006
    Posts:
    17,292
    Location:
    UK
    Off-topic posts removed.

    Thread topic is Spy Shelter.
     
  16. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    14,422
    Location:
    The Netherlands
    No of course, better be safe than sorry. But it was just a general comment about my own personal view, I'm still trying to block as much as possible, but just like you I'm trying to do it without too many alerts. And there should be a good balance between security and usability. In a business environment I would probably be a bit more paranoid.
     
  17. ichito

    ichito Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    1,964
    Location:
    Poland - Cracow
    Your observation is correct and stick to answer I've got from developer (my post #144). They confirmed that last changes are made by purpose to wide the range of firewall features.

    I don't remember how is it on my "frozen in snapshot" inctance of free version but I think you could try get some effects changing advanced settings - option "allow" in box "Execution af an aplikaction". Then you can save such template wile first time and use it for others needed processes by pushing button "load" e.g explorer.exe or process of your file manager.
     
  18. pvsurfer

    pvsurfer Registered Member

    Joined:
    Sep 1, 2004
    Posts:
    1,537
    Location:
    USA
    @ichito, I can not find that option in Advanced Settings (or anywhere else) in SS12.3-Free.
     
    Last edited: Jan 12, 2021
  19. ichito

    ichito Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    1,964
    Location:
    Poland - Cracow
    OK..I will check it but I can't give you an answer shortly. Please wait :)
     
  20. ichito

    ichito Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    1,964
    Location:
    Poland - Cracow
    https://www.spyshelter.com/blog/spyshelter-12-4-released/
     
  21. pvsurfer

    pvsurfer Registered Member

    Joined:
    Sep 1, 2004
    Posts:
    1,537
    Location:
    USA
  22. ichito

    ichito Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    1,964
    Location:
    Poland - Cracow
    Free version is not in regular cykle of development so isn't updated at the same time as Premium and Firewall.
     
  23. Tiamati

    Tiamati Registered Member

    Joined:
    Feb 1, 2021
    Posts:
    12
    Location:
    Canada
    Hello guys!
    I tried SS free recently and i really liked. I was looking for a strong firewall, and i was glad to use the HIPS options too. I used the medium mode of protection to receive less pop ups, as i knew my desktop was just fresh installed and was clean --- btw, i wish they could explain better about the differences between medium and high protection, as their description is very generalist.

    After a while, i enabled the auto-block suspicious behaviour and noticed that one *.exe i tried to install (HWinfo64) was blocked and added to the blacklist. I looked for it and couldn't find anywhere to remove it from the blocklist. I thought it was a bug. I also had problems using windows multiaccount, as SS wasn't able to open one instance for each account, and every time i changed account, SS advised me it was already opened (despite i couldn't access its interface for the second opened account)

    I recently removed it and changed for WFC. The reasons that made me change was:
    1) The problems i noticed (described above)
    2) The few amount of information i could find about the effectiveness of HIPS and SS firewall.
    3) The doubts about the development of the free version. I'm afraid they could discontinue it at any time
    4) The incompatibility with Windows Core isolation and memory integrity
    5) The lack of information i could find about its developer reliability and trustworthy.

    I wish to know your opinion about these thoughts. I'm new here, so i may be wrong about some conclusions.

    Ty
     
  24. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    14,422
    Location:
    The Netherlands
    I don't know anything about number 4, can you explain this? And the developers of SS are quite trustworthy, don't forget they have been around since 2008. But personally I use SS for the HIPS not for the firewall, but I do like the network monitor quite a lot, so that's why I decided to go for SS Firewall.
     
  25. Surt

    Surt Registered Member

    Joined:
    Jan 23, 2019
    Posts:
    303
    Location:
    USA
    I was looking for a strong firewall
    Windows Firewall is a strong firewall, just difficult to customize and manage. Which is why you found WFC.

    i was glad to use the HIPS options
    You still can. Just slide the firewall toggle to off.

    i enabled the auto-block suspicious behaviour

    Historically, that's the bane of any behavioral process that attempts to bypass human intervention and why HIPS products pretty much vanished from the marketplace. Too bad the same can't be said for smelling and grammer auto-correct.

    couldn't find anywhere to remove it from the blocklist
    I don't use auto-block so I can't comment on your experience. Are you saying there was no entry whatsoever for the process in Rules? That would be a bug.

    problems using windows multiaccount
    You can try a trial of the SS Firewall or Premium to see if you run into the same problem and then open a support ticket. Or open a ticket anyhow, except for "We do not guarantee Technical Support for Free version." Source:
    https://www.spyshelter.com/help/

    incompatibility with Windows Core isolation and memory integrity
    I'm with Rasheed187 on this one. I've been running Premium on systems for years trouble free except for one issue with MpKslDrv.sys for a Defender defs update a while back.

    lack of information i could find about its developer reliability and trustworthy

    This is good thing considering intuhwebbernetz information in that respect is predominantly whining and moaning.

    Cheeze Cheers.

    UPDATE:
    https://www.spyshelter.com/helpdesk/open.php
    aCapture001884.jpg
     
    Last edited: Feb 6, 2021
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.