SS is not default-deny and signature-based app so the essence of its protection is to ask user about each detected action...that's the base of building list of rules. So SS by showing alot of alerts help users what does not menas "is not user-friendly".
My main issue with SSF is that often the firewall component does not work. If I detect my networks so that they are listed in SSF, switching both Wifi and VPN to blocked, nothing is blocked regardless of setting. The firewall component has no effect at all.
SpyShelter Firewall has memory protection for all code injection exploits, so that would be read and write access to any Microsoft process or application blocking very cool, which is the 'System Protection' security module which also has application restriction rules for blocking applications the same as OSArmor etc. this also means it can block Computer exploits, I've add all known computer exploited applications to rules list such as 'powershell, rundll32.exe, msiexec.exe' and UAC bypass DLL Hijacking method Kevin mitnick uses process 'sysprep.exe' also I added to the list for blocking exploits. And have also stolen more exploits from OSArmor rules list and have added two more processes for Cryptolocker family process 'vssadmin' and 'bcdedit' and much much more! Code: //Block command-line strings used by Cryptolocker family [%PROCESSCMDLINE%: *rundll32*Shell32.dll*Control_RunDLL*\*.exe*] [%PROCESSCMDLINE%: *rundll32*javascript:*] [%PROCESSCMDLINE%: *rundll32*;*eval*(*] [%PROCESSCMDLINE%: *vssadmin*Delete*Shadows*/All*/Quiet*] [%PROCESSCMDLINE%: *bcdedit*/set*recoveryenabled* No*] [%PROCESSCMDLINE%: *bcdedit*/set*bootstatuspolicy*ignoreallfailures*] [%PROCESSCMDLINE%: *bcdedit*-set*loadoptions*DDISABLE_INTEGRITY_CHECKS*] [%PROCESSCMDLINE%: *bcdedit*/deletevalue*safeboot*/set*safeb
I have no issues with SpyShelter Firewall it blocks File Sharing and NetBIOS Information ports '139,135, 445, 137, 138,' and pings at port number '7' to the Computer I tested firewall Yesterday! You have to add the rules for firewall manually!
I think you are misunderstanding what I'm saying, or perhaps I am just a colossal idiot. But if you click on the detect network zones button in SSF (see here) it should detect what you're using to connect with. In my case that's both a VPN and wifi, in most cases since I'm always connected to a VPN. Changing the permission on both of those zones to "blocked" should block all connection to/from those zones, right? In my case it does not. There is no difference whether those are set to allowed or blocked. Of course, this is without going into any sort of granularity with the firewall but just the blacked adapter permissions. Am I missing something?
If you know your VPN IP Address could you input your IP range in rule? I don't have that version of SpyShelter Firewall also, so I have to setup it manually. I don't use VPN Networks, but I have my own WIFI Network router I'm thinking it should be the same thing? My rules are below hope this helps! Network rule: 192.168.1.2-192.168.1.100 Don't block my router this address '192.168.1.1' and then block my own Computer and all computers connected to my Network! And I still have internet connection right now!
Does spyshelter have a ip blocklist like agnitums outpost firewall? Looking for a replacement for outpost.
When you find a good replacement let me know , so far SSF has been as good as I could find , ben working well for the past 2 years .
I get the impression that SS does not block memory reading and writing as strongly as AppGuard. That's why I became interested in AG, but I could never figure out how it worked, it looked too complex to me.
Sometimes you like certain apps, and sometimes you don't. I get a headache just from reading AG's help file.
Yeah, there is something about that help file that leaves you scratching your head, feeling "maybe I'm just stupid after all."
Yes exactly, and I don't like that feeling. Tools like EXE Radar and SpyShelter are somehow easier to understand, at least for me.
I used to be perplexed by Appguard, until Lockdown explained it to me. Now it just works no pop ups etc. The memory guard is simple. It 's easy, you just add apps to the guard list and tick the memguard boxes. If you are talking about under the hood, I don't care. I've tested it and it works. That's all I need to know.
Same here. Lockdown is da man. There are some little things you need to know or figure out on your own, such as that "guarded apps list" overrides "user space" list. So if you have an item ticked on both of them, the guarded apps list wins. That's within the conceptual grasp of the ordinary mortal.
BTW, one of the reasons that I believe AG's MemGuard is more advanced, is because if you block memory reading with SS, a tool like Process Explorer continues to work correctly. I believe that you mentioned that AG will correctly block Process Explorer from monitoring all processes.
There is something wrong with this version...I saw signals from users that 10.9.8 crashes different systems including my Vista (32-bit). At this time I will rather wait and stay with v. 10.9.7
