SpyShelter Celebrates It’s 8th Birthday - Have you ever tried this program?

SpyShelter Celebrates It’s 8th Birthday - Have you ever tried this program?

  • Yes

    Votes: 30 33.3%
  • No

    Votes: 50 55.6%
  • No, however I'm planning to give it a try

    Votes: 10 11.1%

  • Total voters
    90
  • Poll closed .
Status
Not open for further replies.

ichito

Level 11
Verified
Top Poster
Content Creator
Well-known
Dec 12, 2013
541
Would you care to share a couple tips about proper Spyshelter usage?
My tips...
- if you have clean system you can first enable for some time "allow Microsoft app" level what gives you something like "leran/training mode"...than "ask user" is the best
- enable (settings) "run start of SS as service"
- make the list of user's protected files/folders what can protect your own documents/locations
- add vulnerable processes (browsers, media players, etc.) and location (mainly for downloaded or your temporary content) to restricted
- exclude security apps processes from keystroke encryption
- if you have firewall version check the list of parrents/children processes in "Aplication Execution Control" tab (Rules)...
- and perhaps many others that are the result of users own experience and needs :)
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
My tips...
- if you have clean system you can first enable for some time "allow Microsoft app" level what gives you something like "leran/training mode"...than "ask user" is the best
- enable (settings) "run start of SS as service"
- make the list of user's protected files/folders what can protect your own documents/locations
- add vulnerable processes (browsers, media players, etc.) and location (mainly for downloaded or your temporary content) to restricted
- exclude security apps processes from keystroke encryption
- if you have firewall version check the list of parrents/children processes in "Aplication Execution Control" tab (Rules)...
- and perhaps many others that are the result of users own experience and needs :)
Thanks. Good tips!
Can you give me some insight into how SpS handles things like powershell and cmd.exe etc?
 
F

ForgottenSeer 58943

Wow, I haven't used this program in many years. I remember at the time I was working in Europe, and ran into the developer of this like the month he released it. He introduced it to me and sold me few lifetime licenses for cheap. I used it for a long time then eventually forgot about it and/or moved on to other solutions.

Glad to hear it's still around, and thriving.
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
Wow, I haven't used this program in many years. I remember at the time I was working in Europe, and ran into the developer of this like the month he released it. He introduced it to me and sold me few lifetime licenses for cheap. I used it for a long time then eventually forgot about it and/or moved on to other solutions.

Glad to hear it's still around, and thriving.
Yup, it's pretty good.
 
  • Like
Reactions: Weebarra

ichito

Level 11
Verified
Top Poster
Content Creator
Well-known
Dec 12, 2013
541
Thanks. Good tips!
Can you give me some insight into how SpS handles things like powershell and cmd.exe etc?
There are few threads on forums that contain info about things you aksed...e.g. one on MT
Q&A - spyshelter premium combo
I have in my settings such processes included to the restricted list and to this time have no issue...so I think it works as expected :)
 
  • Like
Reactions: Weebarra and shmu26

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
There are few threads on forums that contain info about things you aksed...e.g. one on MT
Q&A - spyshelter premium combo
I have in my settings such processes included to the restricted list and to this time have no issue...so I think it works as expected :)
That's an interesting idea to add them to restricted. At first, I didn't like the idea, because sometimes it will cause failures in installation/uninstallation of applications. But I read the threads you linked me to, and they say that if there is a block, you will get a notification about. That's good.
 
  • Like
Reactions: Weebarra

outlawxtorn

Level 6
Verified
Content Creator
May 29, 2017
264
I use the firewall version with voodoo shield pro and windows defender(win 10). Works really well and feels light.
 
  • Like
Reactions: shmu26

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
There are few threads on forums that contain info about things you aksed...e.g. one on MT
Q&A - spyshelter premium combo
I have in my settings such processes included to the restricted list and to this time have no issue...so I think it works as expected :)
I tried adding cmd.exe to restricted, but it causes some intel integrated graphics processes to run restricted. I am not sure that is good.

EDIT: The truth is that SpyShelter mainly controls what processes do, after they execute. So trying to make it function like an anti-exe program is missing the point. I think I will leave well enough alone.
 
Last edited:
  • Like
Reactions: Weebarra

ichito

Level 11
Verified
Top Poster
Content Creator
Well-known
Dec 12, 2013
541
I tried adding cmd.exe to restricted, but it causes some intel integrated graphics processes to run restricted. I am not sure that is good.

EDIT: The truth is that SpyShelter mainly controls what processes do, after they execute. So trying to make it function like an anti-exe program is missing the point. I think I will leave well enough alone.
Yes, you are right...SS can show some issue of restricted apps but I didn't find perfect security app so I 'm consoius of compromise I've done.
SS can control process befor executing by scanning on Virus Scan Jotti service or other which you prepare but of course - SS can controll process after executing because it doesn't analyse binar code of process, it analyses behaviour of process like HIPS/BB can do. And now my question - after reading your post should I think that anti-exe can control process before it will be executed?
:sneaky:
 
  • Like
Reactions: Weebarra and shmu26
5

509322

I tried adding cmd.exe to restricted, but it causes some intel integrated graphics processes to run restricted. I am not sure that is good.

Harmless

EDIT: The truth is that SpyShelter mainly controls what processes do, after they execute. So trying to make it function like an anti-exe program is missing the point. I think I will leave well enough alone.

To make it function as an anti-exec all you have to do is set security to "Ask User" when it is installed or clear all the existing rules.

It's pretty simple.
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
And now my question - after reading your post should I think that anti-exe can control process before it will be executed?
:sneaky:
My post was not worded so well, let me try to say it more clearly:
Anti-exe mainly controls whether a process can execute or not, and with vulnerable processes, it will try to control which command line string is allowed to execute.
Whereas SS mainly controls what the process will do, after it executes. Like @Lockdown said, it can control execution, too, but that is not the main thing that SS is all about.
 
  • Like
Reactions: Weebarra

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
Anyone know why I get a prompt about "services" every time Windows Defender updates definitions?
 
5

509322

Anyone know why I get a prompt about "services" every time Windows Defender updates definitions?

Services.exe loads the Malware Protection Kernel Services Library driver with every definitions update.

Research it.
 
  • Like
Reactions: shmu26

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
And what do you guys say about running SS at auto allow high security?
 
5

509322

And what do you guys say about running SS at auto allow high security?

It is going to allow execution of trusted but vulnerable programs. Explorer will be allowed to launch anything.

Install the trial and observe the difference between High Security and Ask User. Carefully study the difference in the rules created in the two modes. Delete all the rules and start from scratch. Do this until you are quite familiar with what to expect.
 
  • Like
Reactions: shmu26

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
It is going to allow execution of trusted but vulnerable programs. Explorer will be allowed to launch anything.

Install the trial and observe the difference between High Security and Ask User. Carefully study the difference in the rules created in the two modes. Delete all the rules and start from scratch. Do this until you are quite familiar with what to expect.
Let's say a signed process like Google Chrome or MS Word starts doing something unusual. You will still get a prompt, right?

EDIT: On second thought, this won't always protect, because SS makes generic rules. So for instance if MS Word once executed another process, it will be allowed in the future to execute any trusted process, and that process will be able to do any action that it once did. So you can't know where it will end up. I am starting to see the benefits of Ask User...
 
Last edited:
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top