SpyShelter 12

Discussion in 'other anti-malware software' started by mood, Oct 21, 2019.

  1. Tiamati

    Tiamati Registered Member

    Joined:
    Feb 1, 2021
    Posts:
    12
    Location:
    Canada
    Memory integrity is a feature of core isolation. I tried to enable it, but it checks for incompatible drivers before enabling. SS was considered incompatbile and Windows 10 didn't let me activate memory integrity;

    You can check more information about Core Isolation here

    As i'm using SS free version, i compared it with WFC. I noticed that SS was not checking some network communications; i believe the PRO version does, but i didn't tested. So i decided to keep with WFC firewall.

    Yes. When something is blocked by auto-block, the log shows the information, but no rule is created in the rule TAB. It makes impossible to revert the rule. I tried some more times before uninstalling SS, and despite i spent some time looking for the rule, i was not able to find it anywhere.

    Yes, i was starting to write for the thecnical support when i noticed they didn't cover Free version with it. =[
     
  2. Surt

    Surt Registered Member

    Joined:
    Jan 23, 2019
    Posts:
    303
    Location:
    USA
    How did my thoughtfully articulated and eloquent, sophisticated dialogue get quote flagged Rasheed187? This is an outrage! :)

    Must be my low-ball three digit post count... :'(

    Auto-blocked stuff not showing up in Rules is unacceptable. Glad I don't need it.

    Good luck.
     
  3. Surt

    Surt Registered Member

    Joined:
    Jan 23, 2019
    Posts:
    303
    Location:
    USA
    Win10 Pro 20H2
    SpyShelter Premium 12.4
    Auto allow - High security level
    Is this happening to anyone else? Pretty much routine for me every time the Defender Platform gets updated, like this afternoon.

    I get an alert for NisSrv.exe and give it an OK.

    A toaster notification slides out, immediately retracts and then isn't presented in the Action Center. So while I can't verbose quote it, the text is terse enough to note a rule for NisSrv.exe can't be created because the file doesn't exist.

    An action type 39 is logged for NisSrv.exe, but no rule.

    A rule is created for MsMpEng.exe for action type 39.

    Equally perplexing, while I have a boatload of logs for type 39 for MpKslDrv.sys, I have only eight rules, the latest 2/4. The earliest 2/10/20, the day I installed SS on a new system I built on 2/7. (And no rules ever for NisSrv.exe.)

    Otherwise, the Platform folder appears properly stuffed with expected files, and processes and services running OK. Nothing in Event Viewer suggesting the Platform update went awry.

    As the developer considers this "not a bug." It is an annoyance.
     
  4. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,621
    Location:
    USA
    Does Spyshelter Firewall use WFP, or do they still use their own minifilter driver?
     
  5. Deletedmessiah

    Deletedmessiah Registered Member

    Joined:
    Feb 20, 2018
    Posts:
    103
    Location:
    Outer space
    It had option to choose between wfp or their own driver last time I tried it. Wfp was recommended for newer Windows and their own driver for older Windows.
     
  6. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    14,422
    Location:
    The Netherlands
    OK thanks, didn't know about this and I indeed saw that this feature is disabled in Win 10.

    Can you perhaps tell me what SS didn't monitor when it came to outbound connections?

    This is indeed weird, perhaps a moderator can change this.
     
  7. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    14,422
    Location:
    The Netherlands
    Haven't noticed anything yet. BTW, what do you mean with "toaster notification", do you mean the old school balloon notifications? I'm asking because for some reason, SS has stopped showing these notifications on my system, might be some bug in Win 10.

    On older versions of SS you can choose between the TDI or WFP driver, but need to check it on newer versions. But I wonder if it really matters because SS doesn't depend on the Windows Firewall.
     
  8. Surt

    Surt Registered Member

    Joined:
    Jan 23, 2019
    Posts:
    303
    Location:
    USA
    I know the toaster function can be disabled and the system revert to the old balloon format, I haven't done that.

    Toaster notification - a message is displayed on a panel a slides out from a side of the screen and then slides back in. In Win10, the Action Center can be opened to review a history of the notifications until "Clear all notifications" is selected.

    Of the several notifications that rendered in the Action Center during the Platform update, only the one for nissrv.exe was missing.

    While SS's wonky handling of Defender components doesn't break anything, msmpeng.exe and nissrv.exe both chat with Azure and otherwise don't exhibit any breakdowns, I was wondering if anyone else was seeing the same nisssrv.exe alert and subsequent "rule not created" as me.

    I think that this might have to do with MS's moving away from consistently pathed Defender storage in Program Files (x86) and Program Files (which still remain and get updated along with the Platform update) to Platform folders named 4.18.2101.9-0 (the latest) in Program Data. As well, that at least one previous folder remains present, as now with 4.18.2011.6-0. Over time, I've seen chatter about management and monitoring software having to struggle with that.

    "The more they over think the plumbing, the easier it is to stop up the drain." -LtCdr. Montgomery Scott, UFP Starfleet
     
  9. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,742
    Location:
    Canada
    Is
    Silent Anti-Keylogger as good as?and ?
     
    Last edited: Feb 13, 2021
  10. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,621
    Location:
    USA
    Thank you for your response! I am thinking about using it with Eset Internet Security. That is why I was wondering if they still used a minfilter driver. If they do, then it may be compatible with Eset Internet Security. I was thinking about replacing ERP with Spyshelter, and unfortunayely you have to have the firewall version to cover execution of .exe files.
     
  11. ichito

    ichito Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    1,964
    Location:
    Poland - Cracow
    Each version of SS (except "Silent") covers an execution of .exe but Firewall has additional module to manage child processes.
    210214125952_2.jpg
     
  12. Jerry666

    Jerry666 Registered Member

    Joined:
    May 28, 2002
    Posts:
    176
    I've been using it for ten years since Outpost went off the air , they have been responsive to any questions or problems I've had I trust them , use spyshelter on all my computers , knock wood have yet to have any serious problems , takes a while to learn the in and outs , but worth it . Hopr they never get bought out .
    Nice to see this board is still active . thanks
     
  13. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    14,422
    Location:
    The Netherlands
    Wow, I didn't even know that SS supported toaster notifications, is this something that needs to be enabled in SS? And like I said, it seems like SS has stopped showing me balloon notifications, I'm not sure if it started after I used Notification Area Cleaner which also works in Win 10. I guess I will need to reinstall SS.

    https://www.softpedia.com/get/System/File-Management/Notification-Area-Cleaner-for-Windows-7.shtml
     
  14. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    14,422
    Location:
    The Netherlands
  15. co22

    co22 Registered Member

    Joined:
    Nov 22, 2011
    Posts:
    398
    Location:
    router
    ask user mode
    modify protected file or folder
    Target object: "C:\Windows\System32\Drivers\intctl.sys"
    Category: General

    register service or driver:
    C:\Windows\system32\drivers\intctl.sys

    load driver:
    C:\Windows\system32\drivers\intctl.sys
     
  16. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    14,422
    Location:
    The Netherlands
    Thanks, in ask user mode it will of course alert, but can you also test it in medium and high security level mode?
     
  17. co22

    co22 Registered Member

    Joined:
    Nov 22, 2011
    Posts:
    398
    Location:
    router
    tested for you high security level
    it wont ask but i think see first log from above
    it ask forbellow i think if you block this driver wont installed at all
    execute an application:
    C:\Program Files\Secure Folders\SecureFolders.exe
    Parameters: /op:install_driver_registry
     
  18. spearpoint

    spearpoint Registered Member

    Joined:
    Feb 14, 2021
    Posts:
    12
    Location:
    Bulgaria
    FYI: Secure Folders won't really hide your folders. They are visible in safe mode and you can see them with "everything" search engine. Try Anvide Seal Folder, if you need to actually hide your folders.
     
  19. Marine Recon

    Marine Recon Registered Member

    Joined:
    Feb 26, 2021
    Posts:
    2
    Location:
    Los Angeles,CA
    RE: Disable Monitored Actions - Yes, You Can Disable Monitored Actions - Do The Following:
    1. Select "Settings" Tab
    2. Select "List of Monitored Actions" Tab
    3. De-select any monitor setting

    You can also select which monitored action to apply on a per item basis under the Rules tab.

    https://www.spyshelter.com/wp-content/uploads/slider/spyshelter-anti-keylogger-rules.png
     
  20. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    14,422
    Location:
    The Netherlands
    Thanks, so if I understood correctly, it didn't alert in either medium and high security mode, a bit weird since this is not well known software. We really need an option in SS to manage the whitelist.

    To clarify, I don't care about hiding data from people, you could rather use encryption software for that. But for me it's about protecting data against (untrusted) processes that are running on the system.
     
  21. co22

    co22 Registered Member

    Joined:
    Nov 22, 2011
    Posts:
    398
    Location:
    router
    yes it wont alert in those mode.the only way to manage this is a what @Marine Recon said

    "Settings" Tab
    "List of Monitored Actions"
    uncheck "Auto-allow the action for a component signed by a trusted signer"
     
  22. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    14,422
    Location:
    The Netherlands
    Yes I now see it, I missed that post.

    Yes this is indeed an option, thanks.
     
  23. ichito

    ichito Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    1,964
    Location:
    Poland - Cracow
    This is not an avaliable option in free version...it reffers only to Firewall.
     
  24. ichito

    ichito Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    1,964
    Location:
    Poland - Cracow
    https://www.spyshelter.com/blog/spyshelter-12-5-released/
     
  25. moredhelfinland

    moredhelfinland Registered Member

    Joined:
    Mar 31, 2009
    Posts:
    110
    Location:
    Finland
    Many ppl seems to say, that anti-keyloggers are useless, because dedicated AV/suites should detect those.
    It always good to have an anti-keylogger, when your fav AV does not detect it, or cant handle basic kernel mode keyboard handling.
    My friend lost his Steam account, only because he didnt have a anti-keylogger.
    -sepik
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.