You can make specific rules for applications, but most people will not know how to do it. There are some usability issues in that regard. Otherwise it is good enough.
SpyShelter Celebrates It’s 8th Birthday - Have you ever tried this program?
- Thread starter Bot
- Start date
- Status
You can make specific rules for applications, but most people will not know how to do it. There are some usability issues in that regard. Otherwise it is good enough.
- Dec 12, 2013
- 542
My tips...
- if you have clean system you can first enable for some time "allow Microsoft app" level what gives you something like "leran/training mode"...than "ask user" is the best
- enable (settings) "run start of SS as service"
- make the list of user's protected files/folders what can protect your own documents/locations
- add vulnerable processes (browsers, media players, etc.) and location (mainly for downloaded or your temporary content) to restricted
- exclude security apps processes from keystroke encryption
- if you have firewall version check the list of parrents/children processes in "Aplication Execution Control" tab (Rules)...
- and perhaps many others that are the result of users own experience and needs
- Jul 3, 2015
- 8,153
Thanks. Good tips!My tips...
- if you have clean system you can first enable for some time "allow Microsoft app" level what gives you something like "leran/training mode"...than "ask user" is the best
- enable (settings) "run start of SS as service"
- make the list of user's protected files/folders what can protect your own documents/locations
- add vulnerable processes (browsers, media players, etc.) and location (mainly for downloaded or your temporary content) to restricted
- exclude security apps processes from keystroke encryption
- if you have firewall version check the list of parrents/children processes in "Aplication Execution Control" tab (Rules)...
- and perhaps many others that are the result of users own experience and needs
Can you give me some insight into how SpS handles things like powershell and cmd.exe etc?
Wow, I haven't used this program in many years. I remember at the time I was working in Europe, and ran into the developer of this like the month he released it. He introduced it to me and sold me few lifetime licenses for cheap. I used it for a long time then eventually forgot about it and/or moved on to other solutions.
Glad to hear it's still around, and thriving.
Glad to hear it's still around, and thriving.
- Jul 3, 2015
- 8,153
- Jul 3, 2015
- 8,153
One year from now, when the newly purchased discount licenses will finish, you can put your lifetime licenses up for sale...
- Dec 12, 2013
- 542
There are few threads on forums that contain info about things you aksed...e.g. one on MT
Q&A - spyshelter premium combo
I have in my settings such processes included to the restricted list and to this time have no issue...so I think it works as expected
- Jul 3, 2015
- 8,153
That's an interesting idea to add them to restricted. At first, I didn't like the idea, because sometimes it will cause failures in installation/uninstallation of applications. But I read the threads you linked me to, and they say that if there is a block, you will get a notification about. That's good.There are few threads on forums that contain info about things you aksed...e.g. one on MT
Q&A - spyshelter premium combo
I have in my settings such processes included to the restricted list and to this time have no issue...so I think it works as expected
- Jul 3, 2015
- 8,153
I tried adding cmd.exe to restricted, but it causes some intel integrated graphics processes to run restricted. I am not sure that is good.There are few threads on forums that contain info about things you aksed...e.g. one on MT
Q&A - spyshelter premium combo
I have in my settings such processes included to the restricted list and to this time have no issue...so I think it works as expected
EDIT: The truth is that SpyShelter mainly controls what processes do, after they execute. So trying to make it function like an anti-exe program is missing the point. I think I will leave well enough alone.
Last edited:
- Dec 12, 2013
- 542
Yes, you are right...SS can show some issue of restricted apps but I didn't find perfect security app so I 'm consoius of compromise I've done.
SS can control process befor executing by scanning on Virus Scan Jotti service or other which you prepare but of course - SS can controll process after executing because it doesn't analyse binar code of process, it analyses behaviour of process like HIPS/BB can do. And now my question - after reading your post should I think that anti-exe can control process before it will be executed?
Harmless
To make it function as an anti-exec all you have to do is set security to "Ask User" when it is installed or clear all the existing rules.
It's pretty simple.
- Jul 3, 2015
- 8,153
My post was not worded so well, let me try to say it more clearly:And now my question - after reading your post should I think that anti-exe can control process before it will be executed?
Anti-exe mainly controls whether a process can execute or not, and with vulnerable processes, it will try to control which command line string is allowed to execute.
Whereas SS mainly controls what the process will do, after it executes. Like @Lockdown said, it can control execution, too, but that is not the main thing that SS is all about.
That statement is true of all HIPS, behavior blockers, and behavioral monitoring.
The difference is that HIPS is the most powerful in the right hands.
Last edited by a moderator:
Services.exe loads the Malware Protection Kernel Services Library driver with every definitions update.
Research it.
It is going to allow execution of trusted but vulnerable programs. Explorer will be allowed to launch anything.
Install the trial and observe the difference between High Security and Ask User. Carefully study the difference in the rules created in the two modes. Delete all the rules and start from scratch. Do this until you are quite familiar with what to expect.
- Jul 3, 2015
- 8,153
Let's say a signed process like Google Chrome or MS Word starts doing something unusual. You will still get a prompt, right?
EDIT: On second thought, this won't always protect, because SS makes generic rules. So for instance if MS Word once executed another process, it will be allowed in the future to execute any trusted process, and that process will be able to do any action that it once did. So you can't know where it will end up. I am starting to see the benefits of Ask User...
Last edited:
- Status
Similar threads
