Discussion in 'other anti-malware software' started by mood, Oct 21, 2019.
I've never use SS. Does it actually alert on unauthorized script file types?
I dont remember to confirm but most hips alerts about just about every type of files
Yes, of course.
I told him that's the power of hips
Thanks. I didn't see that anywhere in the screenshots on the website. Didn't want to speculate.
I will try it next week and how it looks now
Cool, I'll wait for your feedback
For sure buddy .I am trying appguard now in protected mode
It's like hips it pop up and alert for suspicious activity when I opened a game it block it now I have to excluded
Real Time System Protection
SpyShelter guards your registry, physical memory (RAM) and other sensitive computer parts among with processes, so that malicious code cannot be injected to take control of your PC.
Weird, but I don't think this setting should make a difference. If the firewall module is enabled you should see alerts about child processes being launched. At least with the latest SS Free, I don't know if this some kind of design error. Because I don't see any "Application Execution Control" tab.
I've installed SpyShelter Firewall on Win 10, and I'm happy to say that it's still pretty good. In order to avoid too many alerts I'm also running it in the same mode as you and I have disabled certain monitored actions. The only thing that bugs me is that screensize and columsize is not being remembered, so this GUI related stuff should be fixed.
BTW, alerts are correctly scaled when you choose a scale of 125%, so this probably isn't a bug like I mentioned earlier. But overall, I have to compliment the SS developers and I would advice people to choose for the SS Premium or Firewall version, it's worth the money. But of course it depends a bit on what you expect from a behavior blocker.
It depends on which mode it's in, you will probably have to use the "ask user" mode, plus "Application Execution Control" needs to be enabled. You're probably better off with a tool like EXE Radar or OSArmor when it comes to this.
But I'm actually trying to reduce alerts as much as possible, let's face it, it's not like malware will automatically end up on your system. Exploits attacks on home users are mostly a thing of the past, and a good AV will probably block 99% of all malware that you may perhaps not even encounter.
Thank you for providing some specifics. Not that I'm paranoid about it, but I think if the latest attacks can happen to big business, they can happen to home users, so I have my device locked down accordingly, based on what I've been able to learn about these exploits, far from expert level of course, but I'm pretty darn confident it's as close to bullet proof as I can achieve, with practically no more alerts these days. The latest was for C:\Windows\System32\manage-bde.exe becaue of a batch script for re-locking one of my bitlockered storage partitions.
Off-topic posts removed.
Thread topic is Spy Shelter.
No of course, better be safe than sorry. But it was just a general comment about my own personal view, I'm still trying to block as much as possible, but just like you I'm trying to do it without too many alerts. And there should be a good balance between security and usability. In a business environment I would probably be a bit more paranoid.
Your observation is correct and stick to answer I've got from developer (my post #144). They confirmed that last changes are made by purpose to wide the range of firewall features.
I don't remember how is it on my "frozen in snapshot" inctance of free version but I think you could try get some effects changing advanced settings - option "allow" in box "Execution af an aplikaction". Then you can save such template wile first time and use it for others needed processes by pushing button "load" e.g explorer.exe or process of your file manager.
@ichito, I can not find that option in Advanced Settings (or anywhere else) in SS12.3-Free.
OK..I will check it but I can't give you an answer shortly. Please wait
As of the time of this post, v12.4 of Free Edition is not available!
Free version is not in regular cykle of development so isn't updated at the same time as Premium and Firewall.
I tried SS free recently and i really liked. I was looking for a strong firewall, and i was glad to use the HIPS options too. I used the medium mode of protection to receive less pop ups, as i knew my desktop was just fresh installed and was clean --- btw, i wish they could explain better about the differences between medium and high protection, as their description is very generalist.
After a while, i enabled the auto-block suspicious behaviour and noticed that one *.exe i tried to install (HWinfo64) was blocked and added to the blacklist. I looked for it and couldn't find anywhere to remove it from the blocklist. I thought it was a bug. I also had problems using windows multiaccount, as SS wasn't able to open one instance for each account, and every time i changed account, SS advised me it was already opened (despite i couldn't access its interface for the second opened account)
I recently removed it and changed for WFC. The reasons that made me change was:
1) The problems i noticed (described above)
2) The few amount of information i could find about the effectiveness of HIPS and SS firewall.
3) The doubts about the development of the free version. I'm afraid they could discontinue it at any time
4) The incompatibility with Windows Core isolation and memory integrity
5) The lack of information i could find about its developer reliability and trustworthy.
I wish to know your opinion about these thoughts. I'm new here, so i may be wrong about some conclusions.
I don't know anything about number 4, can you explain this? And the developers of SS are quite trustworthy, don't forget they have been around since 2008. But personally I use SS for the HIPS not for the firewall, but I do like the network monitor quite a lot, so that's why I decided to go for SS Firewall.
I was looking for a strong firewall
Windows Firewall is a strong firewall, just difficult to customize and manage. Which is why you found WFC.
i was glad to use the HIPS options
You still can. Just slide the firewall toggle to off.
i enabled the auto-block suspicious behaviour
Historically, that's the bane of any behavioral process that attempts to bypass human intervention and why HIPS products pretty much vanished from the marketplace. Too bad the same can't be said for smelling and grammer auto-correct.
couldn't find anywhere to remove it from the blocklist
I don't use auto-block so I can't comment on your experience. Are you saying there was no entry whatsoever for the process in Rules? That would be a bug.
problems using windows multiaccount
You can try a trial of the SS Firewall or Premium to see if you run into the same problem and then open a support ticket. Or open a ticket anyhow, except for "We do not guarantee Technical Support for Free version." Source:
incompatibility with Windows Core isolation and memory integrity
I'm with Rasheed187 on this one. I've been running Premium on systems for years trouble free except for one issue with MpKslDrv.sys for a Defender defs update a while back.
lack of information i could find about its developer reliability and trustworthy
This is good thing considering intuhwebbernetz information in that respect is predominantly whining and moaning.
Separate names with a comma.