What a pity,you are not the developer from SSF. I have reported a few bugs to the developers usinng their "helpdesk", they just ignore it. For example, I send them an sample that bypass SSF's protection, they just said SSF is OK, they will not spend time on that.
I use SpyShelter Firewall because I find its logging useful under certain circumstances, so I was interested in your experience with it. I noticed that installing SSFW on one W10 system breaks extensions (uBlock Origin and LastPass) in Microsoft Edge.
Sample One 1. Create an empty *.txt file and rename it with"Let's run the game!"(no .txt) 2.Copy the file to desktop and Documents. 3.Run the sample! Use it as your own risk!!! Sample Two Just run it(If you don't allow it to run,OK,SSF win ), and then you will find encrypted by sample. Here is a pdf file to show Kinds of Antivirus softwares' result while suffered sample one! https://www.upload.ee/files/7145756/Result.pdf.html
I have While i have instaled SSFW winpatrol dont wanna lunch its popup for half s and off.. I can't install WireShark, instalator just rage freeze after lunch cant also run TCPview from internals suite.
Can you give some more details? Are you saying that SS doesn't protect against ransomware? We already knew about this.
It does protect against the execution of unknown\untrusted programs - which includes ransomware. However, if the user allows the unknown\untrusted file execution, then it does not detect file encryption - but at the same time - it should protect files placed into protected folders from being encrypted. There are those that are paranoid that a normally trusted file that is digitally signed and download from a trusted website will turn out to be ransomware. It's possible, but not likely. And most security products are going to miss the sample as well if they fully whitelist on the basis of the digital certificate alone.
Oh...well I don't expect any application to protect against idiocy. Why would you allow something that you that you did not cause?
SpyShelter Premium block it from the beginning to end, but it still succeed to add an entry at auto-start. I've recorded a video to show it. https://www.upload.ee/files/7165966/Video_2017-06-27_165448.wmv.html
Did you give this video to SpyShelter support ? Did you try it with SpyShelter set to "Ask User" in Security Settings ?
The malware is still running, so it keeps trying to create the autorun key. Deny only terminates a single action. If the malware keeps trying to do the same thing over-and-over you will get an alert for each time it tries to do it. In this case, the malware attempts to create the autorun key over-and-over and each time you select Deny, it blocks the autorun key creation 1 time. Tick "Remember my choice" at the bottom of the alert to create a permanent block (or allow) rule. If that does not solve the issue, then select Terminate. It should kill the process.
Try one more time, but this time tick "Remember my answer." If autorun key is still created, then it appears that it is a legitimate bug; SpyShelter is not preventing an autorun key creation in HKCU. Because of language, I have always found it best to supply to Datpol: 1. video 2. sample
OK...interesting but we can see that anyone have mentioned about those things below which are offered in window of alert...user should know and use not only allow/deny button - the command "Analyze file with ViruScan.Jotti.org"...it couldn't be maybe helpful in this case but can give some advice about allow/deny decision - option "Apply the choice to all actions for current component" means That can be important because malware can use legal process in next steps what we can see in movies - explorer.exe in 60 (first movie) and 45 sec. (second movie). "Apply for all actions" could probably finish infection. - the button "Terminate" that means something diferent as "Deny" - it doesn't block single alerted action but kill parent (here - malicious) process - in Settings/Advanced we have the options "Terminate child processes"...also those known and legal...and perhaps more interesting "Terminate all instances" that should "kill all processes with the same path as the suspicious process". Probably it would be worth to check this tricks also.
