SpyShelter 10

Discussion in 'other anti-malware software' started by Mops21, Jul 30, 2015.

  1. ichito

    ichito Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    1,998
    Location:
    Poland - Cracow
    I think 10.9.8 on 64-bit was without issues...it looks they were on 32-bit although I'm not completely sure.
     
  2. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    18,014
    Location:
    The Netherlands
    No new features, no improvements to the GUI, very boring!
     
  3. Jerry666

    Jerry666 Registered Member

    Joined:
    May 28, 2002
    Posts:
    176
    Yes , but it works well , so no complaints
     
  4. ichito

    ichito Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    1,998
    Location:
    Poland - Cracow
    Rose-colour? :rolleyes:
     
  5. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    18,014
    Location:
    The Netherlands
    The logging system has to be one of the worst ever seen in any HIPS. And no option to auto-block certain behaviors. :thumbd:

    That's true.
     
  6. ichito

    ichito Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    1,998
    Location:
    Poland - Cracow
    OK...it's true that is no others command/option you can get from mouse menu except "view log file" - it gives you logged action listed in Notepad. As regards to auto-block option...right, no way to find specific feature called "auto-block behaviour (e.g.) rule #xx" but you can create group rules based on action listed in advanced rule window.
    - in "Rules" click right button somewhere on the list and from menu chose "Create rule fo a component"
    - you get new "empty" window without name of process and specific rules - everything on default settings
    - you can make your own rule/pattern for each action (allow/block/default) and at the end save everything with the name you want
    - then you can use saved pattern for any app/process you want/need just loading after opening rules windows to edit settings.
    180417110013_1.jpg
    That's the way for detected actions but you can create your own rule for connection also and than load it when you need - the box "Custom network rule"-"Select" and "Create" button.
     
  7. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    18,014
    Location:
    The Netherlands
    The thing what's so ridiculous about the log window is that you only get to see the ActionType which is a freaking number, they didn't bother to fix this in almost 10 years. And even if App Execution Control is disabled you will see it being logged.

    Speaking of App Execution Control, there is no way to fine tune it, like with EXE Radar. And we should be able to block certain behaviors automatically on a global level. For example, I want to auto-block outgoing connections and read/write access to protected folders, I do not want to see any alerts! I would love to see certain features of GlassWire, BlackFog and Win Firewall Control being incorporated, I miss this type of innovation.
     
  8. Jerry666

    Jerry666 Registered Member

    Joined:
    May 28, 2002
    Posts:
    176
    Hi Rasheed , does Black fog work alongside of spyshelter firewall , or do I have to use only one ether Black Fog or Spyshelter ?
    Thanks
     
  9. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    18,014
    Location:
    The Netherlands
    I'm guessing it will work alongside it because it's not really a HIPS.
     
  10. ichito

    ichito Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    1,998
    Location:
    Poland - Cracow
    Hmmm...I don't know...do you remember that phrase? - ""view log file" - it gives you logged action listed in Notepad"?...you perhaps didn't look inside log file. Short (only 3 minut of activity) quotation from it in which you can find description of action instead of it number only
    It's clear - at this time is not possible create some action/rule from log file what would be convinient sometimes.
    - How did you disable "App Execution Control"?
    - Auto-block of read/write access to protected folders is not reasonable for me...how would you save files inside? Perhaps that is the reason of lack such feature :)
     
  11. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    18,014
    Location:
    The Netherlands
    I don't want to view the log file, I want SS to show me the ActionType in text! And yes, the ability to block or unblock straight from the log window is a must have. But the developers don't care.

    I disabled it via Settings, because App Execution Control in its current state is useless to me. Instead of alerting about all child processes, it should rather only monitor vulnerable system processes. And auto-blocking is another must have, you give only a couple, let's say 10 apps permission to access protected folders and you block all others, no alerts needed.
     
  12. ichito

    ichito Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    1,998
    Location:
    Poland - Cracow
    SS it's a "HIPS-like" created app and its main feature is to alert about detected uknown/suspicious events...for me it stands in oposite to auto-creating rules feature like "auto-block" or "auto-allow". BTW auto-allow can be tuned using diferent levels of protections because SS has the builtin wide base of trusted vendors/signers.
    And one more time about disabling App Execution Control - where it can be done?...I can't find that...
     
  13. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    18,014
    Location:
    The Netherlands
    Yes, but a good HIPS will give you an option to auto-block or to alert about certain behavior, remember Neoava Guard who also had an excellent event log system? The weird thing is, if you look at the current quality of SS, it's already quite high, so I'm sure that the developer has got the skill to improve things, but for some reason he refuses to do this. And I already did answer your question, go to Settings --> List of Monitored Actions --> Disable ActionType 53, and it will stop giving useless process execution alerts that will drive you insane.
     
  14. ichito

    ichito Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    1,998
    Location:
    Poland - Cracow
    Look at this small tool called Folder Firewall Blocker...I've found it today and I'm impressed how smart it works :)
    http://www.snapfiles.com/get/folderfirewall.html
     
  15. Nizarawi

    Nizarawi Registered Member

    Joined:
    May 26, 2008
    Posts:
    137
    any lifetime offre for the firewall version ?
     
  16. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    18,014
    Location:
    The Netherlands
    I don't see what's so impressive about it. It makes more sense to block ALL apps (no matter what folder) except for trusted ones, like browsers and download managers. This is exactly what tools like WFC and TinyWall offer, and SpyShelter should have also offered an auto-block function!

    Did it work for you? Because I was a bit surprised you asked me this question. Like I said, App Execution Control in its current form is useless. It should alert about all child processes being spawned by exploitable apps (browsers, media players, document readers), and it should only alert about apps trying to create suspicious child processes like explorer.exe, svchost.exe, cmd.exe and powershell.exe, for example.
     
  17. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    18,014
    Location:
    The Netherlands
    Auto-blocking is a must have because I have separate data partition that only a few trusted apps need access to. All other apps should be blocked. BTW, about the ActionType, even in the Rules tab it's displayed as a number instead of text! You can see it when you switch to the classic view, what a joke. Take a look at this screenshot of Neoava Guard, this is how it should have been. It displays the app icon (Module) and event/action-type in text. Why didn't the developers fix this in almost 10 years?
     

    Attached Files:

  18. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    18,014
    Location:
    The Netherlands
    No, they have stopped offering this. BTW, another thing that SpyShelter lacks is the ability to block terminating of processes. And it also doesn't monitor when services and drivers are being disabled. Other weird things: in the network activity monitor you can not see active connections.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.