Hi guys and gals, I have just decided to add SpyShelter to my current config since I have a lifetime license wasting away, the only bad thing is i'm new to it so are there any known conflicts I should know about regarding my other security (sig below) and what are the best settings?
Iv too have a lifetime license and have been using it on and off for many years. Its rock solid program and already comes well configured. Just be sure to select high security for maximum protection. With this, prompts are still minimal but there will be allot of rules being created automatically as you run your programs for the first time. It will also ask you if you want to protect your downloads folder after you run a web browser for the first time. Very impressive indeed. Bottom line, set and forget Spyshelter handles the rest very effectively. The only things i changed manually were in - settings/security enable " auto block suspicious activity " - restricted apps/restricted apps list/ add " browser of choice " if not set automatically as mentioned earlier - restricted apps/folders with write access/ " c:\user\xxxxx\downloads\ " if not set automatically as mentioned earlier - settings/security ' disable " allow terminating Spyshelter via task manager "'
My settings are little bit different...as I remember (machine I'm writting from is not this where SS is installed) such features are "on" - "ask user" level - use hard hooks - block also child processes - block "dll" from outer/removable disk - in restricted apps list - all removable disk are included (based on Kees's hint) Some "tips&tricks": - if you run trusted app and receive an alert you can apply decision for all other behavior such process - if you install new trusted app you can enable "install mode" and thanks that you will avoid a lot of pop-ups about detected actions - if you upgrade some app and receive alert about changed version of process - apply old rules. SS is great app...I'm using it on 2 machines for more than 3 years and I'm still very glad how it works.
Ive noticed you cant run your browser in sandboxie if the browser is placed in spyshelters restricted apps(comes up with error saying firefox is running when it isnt.)Anyone know how to get around this?
@ellison64 You are correct. I dont believe there is a way. Firefox must be removed from "Restricted apps" in order to work. Keep in mind sandboxie has you covered. You might try to restrict the app in sandboxie such as "drop rights". or further confine the sandbox such as " Read only Access" to "c:\Windows\" @bo elam I have been able to run Spyshelter with Sandboxie. Have not tried firefox but in order to make chrome work i have the following settings im assuming it should be same settings so sorry if it doesn't work, but will give you an indication at least; - Remove browser from " Restricted apps/ restricted apps list " - Add " C:\Sandbox\ " to " Folders with write access " - Add "c:\Windows\inf\setupapi.app.log" to " Folders with write access " - Add "c:\Program Files (x86)\Google\chrome\application\" to " Folders with write access " Alternatively you could view '' File access Violations " right click on the items related to Firefox and select " Add write access to folder ......" Sandboxie template can remain as you like, i found changing settings did not affect Spyshelter, as long as your default Sandbox location has not been changed. Think that all of the top of my head, Hope this helps.
Thanks for the tips.Adding just the c:sandbox to the folders with write access seems to work.I know when installed spyshelter it said something about incompatibility with sandboxie and that it would alter some setting to get along with it.
1.How to access to the Gui from my user account ? I tried with admin rights but this doesn't work for me. 2. I also noticed that some firefox add-ons were blocked by SSP. How to unblock it ?
AdGuard?...hmmm...it's strange for me because I have AG as add-on in my Firefox also and I don't remember that it was blocked by SS. I have to replicate whole installation of AG from the beginning and observe what is happen at this time. Meantime please try to look at list of rules not necessary connected with Firefox...try to look on events log...and maybe you would find something curious? ------------------ edit: I've tried to do clean installation of AdGuard as Firefox add-on and I found nothing surprising. First screen - there are all rules connected with Firefox...no other rules connected with AdGuard. Next screen - SS alerts about only two actions connected with add-on installation - first just befor downloading install-file (main-1.0.2.9.xpi) to folder D:\Download, second when I tried drag'n'drop that file on desktop (to install on Firefox's window). As you can see nothing special was happened and all detected actions was easy to make decision. I don't know what was happened in your situation.
Look at this : http://img1.uploadhouse.com/fileuploads/19517/19517231bc575f01dd5a5d061a967cec15505ad6.jpg
I must say that the ability to block extensions from key-logging is kinda interesting. I do wonder if it makes sense to block this, because don´t extensions have full access to browser data anyway? But anyway, I remember that it also caused problems for me, when I used SS a couple of months ago.
This feature is the answer for the issue below and is included in SS/SSFw from v. 8.9/2.9 https://www.wilderssecurity.com/threads/a-keylogger-that-bypasses-even-spyshelter.356851/ @Ashanta is it issue from screenshot and next mentioned by Rasheed? If "yes" you have the answer...is normal SS behaviour.
@ ichito, yes I remember that thread, I will read it again. I wonder how such a key-logger could be used, is it only to spy on other users of the PC, or could it also send data to a hacker? I can´t remember which problem this feature caused, I think it stopped some app or extension from working, and I couldn´t find a quick way to fix it.
This is the answer from SpyShelter Support : About Firefox plugin issues, here is the answer from FAQ. This is a safety measure in order to deal with browser extension based keyloggers. It blocks browser extenions from capturing keystrokes. However if you are sure that nobody will try to install any keylogging software on firefox and you do not visit suspicious websites nor download suspicious files you might just turn it off and benefit from extensions you find useful. In order to do so, open up SpyShelter > Settings > List of Monitored Actions and tick off action code 58
Quote from their site "Supported operating systems Windows XP 32 & 64 bit (SP2 and SP3), Windows Vista 32 & 64 bit, Windows 7 32 & 64 bit, Windows 8 32 & 64 bit, Windows 8.1 32 & 64 bit" Quote from inside the program under restricted apps. "Note: Windows 8 64bit is not fully supported." Can someone explain what this means after I have installed it on my 8.1 64 bit system?
I've opened up a ticket with the developers, just wanted to mention it here too... 1) How to un-grey/activate "Block dll loading from removable drives" and "Use hard hooks"? These have been greyed out from the moment I installed. 2) After a day or so using SSP, I no longer receive any alerts, regardless of "Auto Allow / Ask User" Certified App dropdown, Hooks Guard Mode, or "Auto-block suspicious behaviour" settings. Now its a prick to install anything, since SSP will break the install. I would have to disable protection just to install an application. The only thing I did in between day 1 and 2 was uninstall Online Armor Premium. I went overboard and did a fresh install too, so hmmph... no success yet... fresh install of Windows.
BTW, which apps are you guys running restricted? And is it true that they will run with "low integrity" on Win 7/8?
i dont know about un-grey/activate part. and about that spyshelter that break installing,what error you get? are you get below error? "windows cannot access specified device,path,or file you may not have appropriate permissions to access the item " if yes, then read this,i set SSF to ask user then i try to run AIMP3 SS give me below alert if you check current component can execute any application and also checked remember my choice then choice Deny action. then you are not able to install or run any program except those that have allowed rule in SSF You must go to spy shelter setting ->rules tab-> application execution control tab find explorer.exe and delete deny rule that have only "*" Then you back normal way! Component C:\Windows\explorer.exe is trying to execute an application: C:\Program Files\AIMP3\AIMP3.exe ActionType Code: 53 TechInfo: 33,2024,0 Do you want to allow execution? By this trick i just force SSF to just allow run whitelisted item and block everything else (block instaling new software,pervent unknkown software) that is somthing like SRP of windows
I had too many apps installed. If I remember correctly from my conversation with a SSP tech support member... I had Zemana AntiLogger installed, along with Online Armor (the version prior to the latest Emsisoft release which drops OA altogether). Removing ZAL didn't do the trick, the popups were still not showing. So I removed OA, and unticked "Auto-block suspicious behaviour". The SSP tech support person said that the grey unactivated options are not related no Windows 7, hence they are unavailable to activation. Because I had to remove OA, and I still like EAM, I didn't have the care factor required to try another one... so went with Windows 7 Firewall with Advanced Security plus Binisoft Windows Firewall Control.
