SpyShelter Premium best settings

Discussion in 'other anti-malware software' started by Overkill, Dec 10, 2013.

  1. Overkill

    Overkill Registered Member

    Joined:
    Mar 16, 2012
    Posts:
    2,134
    Location:
    USA
    Hi guys and gals,
    I have just decided to add SpyShelter to my current config since I have a lifetime license wasting away, the only bad thing is i'm new to it so are there any known conflicts I should know about regarding my other security (sig below) and what are the best settings?
     
  2. TS4H

    TS4H Registered Member

    Joined:
    Nov 5, 2013
    Posts:
    512
    Location:
    Australia
    Iv too have a lifetime license and have been using it on and off for many years. Its rock solid program and already comes well configured. Just be sure to select high security for maximum protection. With this, prompts are still minimal but there will be allot of rules being created automatically as you run your programs for the first time. It will also ask you if you want to protect your downloads folder after you run a web browser for the first time. Very impressive indeed. Bottom line, set and forget Spyshelter handles the rest very effectively.

    The only things i changed manually were in

    - settings/security enable " auto block suspicious activity "
    - restricted apps/restricted apps list/ add " browser of choice " if not set automatically as mentioned earlier
    - restricted apps/folders with write access/ " c:\user\xxxxx\downloads\ " if not set automatically as mentioned earlier
    - settings/security ' disable " allow terminating Spyshelter via task manager "'
     
  3. ichito

    ichito Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    1,485
    Location:
    Poland - Cracow
    My settings are little bit different...as I remember (machine I'm writting from is not this where SS is installed) such features are "on"
    - "ask user" level
    - use hard hooks
    - block also child processes
    - block "dll" from outer/removable disk
    - in restricted apps list - all removable disk are included (based on Kees's hint)
    Some "tips&tricks":
    - if you run trusted app and receive an alert you can apply decision for all other behavior such process
    - if you install new trusted app you can enable "install mode" and thanks that you will avoid a lot of pop-ups about detected actions
    - if you upgrade some app and receive alert about changed version of process - apply old rules.
    SS is great app...I'm using it on 2 machines for more than 3 years and I'm still very glad how it works.
     
  4. Overkill

    Overkill Registered Member

    Joined:
    Mar 16, 2012
    Posts:
    2,134
    Location:
    USA
    Thanks guys for your replies, much appreciated!:thumb:
     
  5. ellison64

    ellison64 Registered Member

    Joined:
    Oct 5, 2003
    Posts:
    2,499
    Ive noticed you cant run your browser in sandboxie if the browser is placed in spyshelters restricted apps(comes up with error saying firefox is running when it isnt.)Anyone know how to get around this?
     

    Attached Files:

  6. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    3,768
    Location:
    Nicaragua
    Hi Ellison, Sandboxie and Spyshelter dont work together. I don't think there's a workaround.

    Bo
     
  7. TS4H

    TS4H Registered Member

    Joined:
    Nov 5, 2013
    Posts:
    512
    Location:
    Australia
    @ellison64

    You are correct. I dont believe there is a way. Firefox must be removed from "Restricted apps" in order to work. Keep in mind sandboxie has you covered. You might try to restrict the app in sandboxie such as "drop rights". or further confine the sandbox such as " Read only Access" to "c:\Windows\"

    @bo elam

    I have been able to run Spyshelter with Sandboxie. Have not tried firefox but in order to make chrome work i have the following settings im assuming it should be same settings so sorry if it doesn't work, but will give you an indication at least;

    - Remove browser from " Restricted apps/ restricted apps list "
    - Add " C:\Sandbox\ " to " Folders with write access "
    - Add "c:\Windows\inf\setupapi.app.log" to " Folders with write access "
    - Add "c:\Program Files (x86)\Google\chrome\application\" to " Folders with write access "

    Alternatively you could view '' File access Violations " right click on the items related to Firefox and select " Add write access to folder ......"

    Sandboxie template can remain as you like, i found changing settings did not affect Spyshelter, as long as your default Sandbox location has not been changed.

    Think that all of the top of my head, Hope this helps.
     
    Last edited: Dec 12, 2013
  8. ellison64

    ellison64 Registered Member

    Joined:
    Oct 5, 2003
    Posts:
    2,499
    Thanks for the tips.Adding just the c:sandbox to the folders with write access seems to work.I know when installed spyshelter it said something about incompatibility with sandboxie and that it would alter some setting to get along with it.
     
  9. Ashanta

    Ashanta Registered Member

    Joined:
    Aug 21, 2007
    Posts:
    659
    Location:
    Europe
    1.How to access to the Gui from my user account ? I tried with admin rights but this doesn't work for me.

    2. I also noticed that some firefox add-ons were blocked by SSP. How to unblock it ?
     
  10. ichito

    ichito Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    1,485
    Location:
    Poland - Cracow
    Which add-ons do you mean? In never noticed such behaviour...
     
  11. Ashanta

    Ashanta Registered Member

    Joined:
    Aug 21, 2007
    Posts:
    659
    Location:
    Europe
    For example, AdGuard that I installed on yesterday.
     
  12. ichito

    ichito Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    1,485
    Location:
    Poland - Cracow
    AdGuard?...hmmm...it's strange for me because I have AG as add-on in my Firefox also and I don't remember that it was blocked by SS. I have to replicate whole installation of AG from the beginning and observe what is happen at this time.
    Meantime please try to look at list of rules not necessary connected with Firefox...try to look on events log...and maybe you would find something curious?
    ------------------
    edit:
    I've tried to do clean installation of AdGuard as Firefox add-on and I found nothing surprising. First screen - there are all rules connected with Firefox...no other rules connected with AdGuard.

    Sample-0001.jpg

    Next screen - SS alerts about only two actions connected with add-on installation - first just befor downloading install-file (main-1.0.2.9.xpi) to folder D:\Download, second when I tried drag'n'drop that file on desktop (to install on Firefox's window).

    Sample-0002.jpg

    As you can see nothing special was happened and all detected actions was easy to make decision. I don't know what was happened in your situation.
     
    Last edited: Jun 11, 2014
  13. Ashanta

    Ashanta Registered Member

    Joined:
    Aug 21, 2007
    Posts:
    659
    Location:
    Europe
  14. Ashanta

    Ashanta Registered Member

    Joined:
    Aug 21, 2007
    Posts:
    659
    Location:
    Europe
    Do you have access to the Main screen with your user account ??
     
  15. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,026
    Location:
    The Netherlands
    I must say that the ability to block extensions from key-logging is kinda interesting. :)

    I do wonder if it makes sense to block this, because don´t extensions have full access to browser data anyway? But anyway, I remember that it also caused problems for me, when I used SS a couple of months ago.
     
  16. marzametal

    marzametal Registered Member

    Joined:
    Mar 19, 2014
    Posts:
    731
    Wow, just figured out what the hell restricted apps section means in SSP. This is kinda groovy!
     
  17. ichito

    ichito Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    1,485
    Location:
    Poland - Cracow
    This feature is the answer for the issue below and is included in SS/SSFw from v. 8.9/2.9 :)
    https://www.wilderssecurity.com/threads/a-keylogger-that-bypasses-even-spyshelter.356851/

    @Ashanta
    is it issue from screenshot and next mentioned by Rasheed? If "yes" you have the answer...is normal SS behaviour.
     
    Last edited: Jun 12, 2014
  18. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,026
    Location:
    The Netherlands
    @ ichito, yes I remember that thread, I will read it again. :)

    I wonder how such a key-logger could be used, is it only to spy on other users of the PC, or could it also send data to a hacker? I can´t remember which problem this feature caused, I think it stopped some app or extension from working, and I couldn´t find a quick way to fix it.
     
  19. Ashanta

    Ashanta Registered Member

    Joined:
    Aug 21, 2007
    Posts:
    659
    Location:
    Europe
    This is the answer from SpyShelter Support :


    About Firefox plugin issues, here is the answer from FAQ.

    This is a safety measure in order to deal with browser extension based keyloggers. It blocks browser extenions from capturing keystrokes.
    However if you are sure that nobody will try to install any keylogging software on firefox and you do not visit suspicious websites nor download suspicious files you might just turn it off and benefit from extensions you find useful.

    In order to do so, open up SpyShelter > Settings > List of Monitored Actions and tick off action code 58
     
  20. controler

    controler Guest

    Quote from their site

    "Supported operating systems
    Windows XP 32 & 64 bit (SP2 and SP3), Windows Vista 32 & 64 bit, Windows 7 32 & 64 bit, Windows 8 32 & 64 bit, Windows 8.1 32 & 64 bit"

    Quote from inside the program under restricted apps.

    "Note: Windows 8 64bit is not fully supported."

    Can someone explain what this means after I have installed it on my 8.1 64 bit system?
     
  21. marzametal

    marzametal Registered Member

    Joined:
    Mar 19, 2014
    Posts:
    731
    I've opened up a ticket with the developers, just wanted to mention it here too...
    1) How to un-grey/activate "Block dll loading from removable drives" and "Use hard hooks"? These have been greyed out from the moment I installed.
    2) After a day or so using SSP, I no longer receive any alerts, regardless of "Auto Allow / Ask User" Certified App dropdown, Hooks Guard Mode, or "Auto-block suspicious behaviour" settings. Now its a prick to install anything, since SSP will break the install. I would have to disable protection just to install an application. The only thing I did in between day 1 and 2 was uninstall Online Armor Premium.

    I went overboard and did a fresh install too, so hmmph... no success yet... fresh install of Windows.
     
  22. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,026
    Location:
    The Netherlands
    BTW, which apps are you guys running restricted? And is it true that they will run with "low integrity" on Win 7/8? :)
     
  23. co22

    co22 Registered Member

    Joined:
    Nov 22, 2011
    Posts:
    253
    Location:
    router
    i dont know about un-grey/activate part.

    and about that spyshelter that break installing,what error you get? are you get below error?

    "windows cannot access specified device,path,or file you may not have appropriate permissions
    to access the item "

    if yes, then read this,i set SSF to ask user then i try to run AIMP3 SS give me below alert
    if you check current component can execute any application
    and also checked remember my choice
    then choice Deny action.
    then you are not able to install or run any program except those that have allowed rule in SSF
    You must go to spy shelter setting ->rules tab-> application execution control tab
    find explorer.exe and delete deny rule that have only "*"
    Then you back normal way!

    Component C:\Windows\explorer.exe
    is trying to execute an application:
    C:\Program Files\AIMP3\AIMP3.exe
    ActionType Code: 53 TechInfo: 33,2024,0
    Do you want to allow execution?



    By this trick i just force SSF to just allow run whitelisted item and block everything else :) :)
    (block instaling new software,pervent unknkown software)
    that is somthing like SRP of windows
     
    Last edited: Sep 4, 2014
  24. marzametal

    marzametal Registered Member

    Joined:
    Mar 19, 2014
    Posts:
    731
    I had too many apps installed. If I remember correctly from my conversation with a SSP tech support member... I had Zemana AntiLogger installed, along with Online Armor (the version prior to the latest Emsisoft release which drops OA altogether). Removing ZAL didn't do the trick, the popups were still not showing. So I removed OA, and unticked "Auto-block suspicious behaviour".

    The SSP tech support person said that the grey unactivated options are not related no Windows 7, hence they are unavailable to activation.

    Because I had to remove OA, and I still like EAM, I didn't have the care factor required to try another one... so went with Windows 7 Firewall with Advanced Security plus Binisoft Windows Firewall Control.
     
Loading...