Update SpyShelter Celebrates It’s 8th Birthday - Have you ever tried this program?

SpyShelter Celebrates It’s 8th Birthday - Have you ever tried this program?

  • Yes

    Votes: 30 33.3%
  • No

    Votes: 50 55.6%
  • No, however I'm planning to give it a try

    Votes: 10 11.1%

  • Total voters
    90
  • Poll closed .
Status
Not open for further replies.

shmu26

Level 85
Verified
Trusted
Content Creator
Jul 3, 2015
8,104
31,064
Services.exe loads the Malware Protection Kernel Services Library driver with every definitions update.

Research it.
What about excluding C:\ProgramData\Microsoft\Windows Defender\Definition Updates from SS protection?
 

ichito

Level 10
Verified
Content Creator
Dec 12, 2013
480
2,785
What about excluding C:\ProgramData\Microsoft\Windows Defender\Definition Updates from SS protection?
For me...not needed but maybe for you necessary becuse of some issue. If not - exclude only connected with such folder processes...or/and make rule allow for all action...or/and exclude important processes in keystroke encryption settings.
 

shmu26

Level 85
Verified
Trusted
Content Creator
Jul 3, 2015
8,104
31,064
What about excluding C:\ProgramData\Microsoft\Windows Defender\Definition Updates from SS protection?
Actually, this didn't work.
When you exclude a folder, what it really does is exclude all the files that are in the folder at that time. It does not exclude files that will be created in the future.
 
5

509322

Actually, this didn't work.
When you exclude a folder, what it really does is exclude all the files that are in the folder at that time. It does not exclude files that will be created in the future.

Plus, there is no way to "un-exclude" a folder. You have to reload rules without the folder exclusion or reinstall the program.
 
5

509322

SS support told me a trick: you sort rules by path, hold down shift, select the rules, and delete them.

There should be no rules since the folder has been excluded from monitoring. That's the whole point of excluding a folder.
 
5

509322

@shmu26

To get no alert for the Windows Defender signature driver load during an update, you would have to disable monitoring for services.exe - and not exclude the ProgramData folder. Services.exe is doing the executing and not MpKls*.sys. So excluding the folder does nothing.
 

shmu26

Level 85
Verified
Trusted
Content Creator
Jul 3, 2015
8,104
31,064
@shmu26

To get no alert for the Windows Defender signature driver load during an update, you would have to disable monitoring for services.exe - and not exclude the ProgramData folder. Services.exe is doing the executing and not MpKls*.sys. So excluding the folder does nothing.
Excluding services.exe doesn't sound so good. Better to put up with the minor headache of a daily prompt, it seems to me.
 

ichito

Level 10
Verified
Content Creator
Dec 12, 2013
480
2,785
Excluding services.exe doesn't sound so good. Better to put up with the minor headache of a daily prompt, it seems to me.
What rules for services.exe you have?...maybe some number of action?
 

shmu26

Level 85
Verified
Trusted
Content Creator
Jul 3, 2015
8,104
31,064
What rules for services.exe you have?...maybe some number of action?
services.exe does not exist as such in the list of rules.

I switched from Windows Defender to Avast, and so far, so good.
I made this switch because there are other users on this computer, sometimes, and they are noobs who will get confused by prompts.
But the strange thing is that after a clean reinstall of SpyShelter, the other user account now has a completely separate set of rules. I even had to re-enter my license, it is treating the second user as completely separate.
It was not this way with the first installation.
 
5

509322

@shmu26

I would send a report to support about the way SpyShelter is behaving between the two accounts and also the spooler folder.

There is some kind of issue with SpyShelter in a standard account, but I am not exactly sure what it is. Member @marzametal knows.

If you re-activate SpyShelter more than 3 or 6 times (I can't remember which), they have been known to deactivate the license. They've done it to me so I can confirm.
 
Last edited by a moderator:

shmu26

Level 85
Verified
Trusted
Content Creator
Jul 3, 2015
8,104
31,064
@shmu26

I would send a report to support about the way SpyShelter is behaving between the two accounts and also the spooler folder.

There is some kind of issue with SpyShelter in a standard account, but I am not exactly sure what it is. Member @marzametal knows.

If you re-activate SpyShelter more than 3 or 6 times (I can't remember which), they have been known to deactivate the license. They've done it to me so I can confirm.
Reports were sent.
Thanks for the heads-up about license deactivation.
 
5

509322

Reports were sent.
Thanks for the heads-up about license deactivation.

You might want to inform them that you are a tester and that you will be installing\uninstalling probably more than what their usual licensing allows.

I told them and they reactivated my licenses no problem.
 

ichito

Level 10
Verified
Content Creator
Dec 12, 2013
480
2,785
services.exe does not exist as such in the list of rules.
That's why I've asked about rules/numbers of actions.
But the strange thing is that after a clean reinstall of SpyShelter, the other user account now has a completely separate set of rules. I even had to re-enter my license, it is treating the second user as completely separate.
It was not this way with the first installation.
Did you try to enable option "Launch the program as a service (early start)"?
 

shmu26

Level 85
Verified
Trusted
Content Creator
Jul 3, 2015
8,104
31,064
That's why I've asked about rules/numbers of actions.

Did you try to enable option "Launch the program as a service (early start)"?
1 Sorry, I still don't understand how to answer your question. I have lots of rules, each with its own number. And in the list of monitored actions, all actions are enabled.
What specific info are you asking?

2 I have enabled launch as service.
 
5

509322

1 Sorry, I still don't understand how to answer your question. I have lots of rules, each with its own number. And in the list of monitored actions, all actions are enabled.
What specific info are you asking?

2 I have enabled launch as service.

Datpol will tell you that they don't officially\completely support the standard user account. There is some kind of limitation or issue when using it in a SUA.
 

shmu26

Level 85
Verified
Trusted
Content Creator
Jul 3, 2015
8,104
31,064
Datpol will tell you that they don't officially\completely support the standard user account. There is some kind of limitation or issue when using it in a SUA.
Although the SUA is maintaining its own rules list, and its own level of protection (auto-allow versus ask user), nevertheless it shares the same restricted apps rules. Weird. This might actually be to my advantage, because I can put the SUA on a lower level of protection (less prompts to spook the noobs).
 
Status
Not open for further replies.
Top