SpyShelter Celebrates It’s 8th Birthday - Have you ever tried this program?

SpyShelter Celebrates It’s 8th Birthday - Have you ever tried this program?

  • Yes

    Votes: 30 33.3%
  • No

    Votes: 50 55.6%
  • No, however I'm planning to give it a try

    Votes: 10 11.1%

  • Total voters
    90
  • Poll closed .
Status
Not open for further replies.

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
Services.exe loads the Malware Protection Kernel Services Library driver with every definitions update.

Research it.
What about excluding C:\ProgramData\Microsoft\Windows Defender\Definition Updates from SS protection?
 

ichito

Level 11
Verified
Top Poster
Content Creator
Well-known
Dec 12, 2013
541
What about excluding C:\ProgramData\Microsoft\Windows Defender\Definition Updates from SS protection?
For me...not needed but maybe for you necessary becuse of some issue. If not - exclude only connected with such folder processes...or/and make rule allow for all action...or/and exclude important processes in keystroke encryption settings.
 
  • Like
Reactions: shmu26

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
What about excluding C:\ProgramData\Microsoft\Windows Defender\Definition Updates from SS protection?
Actually, this didn't work.
When you exclude a folder, what it really does is exclude all the files that are in the folder at that time. It does not exclude files that will be created in the future.
 
5

509322

Actually, this didn't work.
When you exclude a folder, what it really does is exclude all the files that are in the folder at that time. It does not exclude files that will be created in the future.

Plus, there is no way to "un-exclude" a folder. You have to reload rules without the folder exclusion or reinstall the program.
 
  • Like
Reactions: shmu26
5

509322

SS support told me a trick: you sort rules by path, hold down shift, select the rules, and delete them.

There should be no rules since the folder has been excluded from monitoring. That's the whole point of excluding a folder.
 
  • Like
Reactions: shmu26
5

509322

@shmu26

To get no alert for the Windows Defender signature driver load during an update, you would have to disable monitoring for services.exe - and not exclude the ProgramData folder. Services.exe is doing the executing and not MpKls*.sys. So excluding the folder does nothing.
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
@shmu26

To get no alert for the Windows Defender signature driver load during an update, you would have to disable monitoring for services.exe - and not exclude the ProgramData folder. Services.exe is doing the executing and not MpKls*.sys. So excluding the folder does nothing.
Excluding services.exe doesn't sound so good. Better to put up with the minor headache of a daily prompt, it seems to me.
 

ichito

Level 11
Verified
Top Poster
Content Creator
Well-known
Dec 12, 2013
541
Excluding services.exe doesn't sound so good. Better to put up with the minor headache of a daily prompt, it seems to me.
What rules for services.exe you have?...maybe some number of action?
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
What rules for services.exe you have?...maybe some number of action?
services.exe does not exist as such in the list of rules.

I switched from Windows Defender to Avast, and so far, so good.
I made this switch because there are other users on this computer, sometimes, and they are noobs who will get confused by prompts.
But the strange thing is that after a clean reinstall of SpyShelter, the other user account now has a completely separate set of rules. I even had to re-enter my license, it is treating the second user as completely separate.
It was not this way with the first installation.
 
5

509322

@shmu26

I would send a report to support about the way SpyShelter is behaving between the two accounts and also the spooler folder.

There is some kind of issue with SpyShelter in a standard account, but I am not exactly sure what it is. Member @marzametal knows.

If you re-activate SpyShelter more than 3 or 6 times (I can't remember which), they have been known to deactivate the license. They've done it to me so I can confirm.
 
Last edited by a moderator:
  • Like
Reactions: shmu26

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
@shmu26

I would send a report to support about the way SpyShelter is behaving between the two accounts and also the spooler folder.

There is some kind of issue with SpyShelter in a standard account, but I am not exactly sure what it is. Member @marzametal knows.

If you re-activate SpyShelter more than 3 or 6 times (I can't remember which), they have been known to deactivate the license. They've done it to me so I can confirm.
Reports were sent.
Thanks for the heads-up about license deactivation.
 
5

509322

Reports were sent.
Thanks for the heads-up about license deactivation.

You might want to inform them that you are a tester and that you will be installing\uninstalling probably more than what their usual licensing allows.

I told them and they reactivated my licenses no problem.
 
  • Like
Reactions: shmu26

ichito

Level 11
Verified
Top Poster
Content Creator
Well-known
Dec 12, 2013
541
services.exe does not exist as such in the list of rules.
That's why I've asked about rules/numbers of actions.
But the strange thing is that after a clean reinstall of SpyShelter, the other user account now has a completely separate set of rules. I even had to re-enter my license, it is treating the second user as completely separate.
It was not this way with the first installation.
Did you try to enable option "Launch the program as a service (early start)"?
 
  • Like
Reactions: shmu26

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
That's why I've asked about rules/numbers of actions.

Did you try to enable option "Launch the program as a service (early start)"?
1 Sorry, I still don't understand how to answer your question. I have lots of rules, each with its own number. And in the list of monitored actions, all actions are enabled.
What specific info are you asking?

2 I have enabled launch as service.
 
5

509322

1 Sorry, I still don't understand how to answer your question. I have lots of rules, each with its own number. And in the list of monitored actions, all actions are enabled.
What specific info are you asking?

2 I have enabled launch as service.

Datpol will tell you that they don't officially\completely support the standard user account. There is some kind of limitation or issue when using it in a SUA.
 
  • Like
Reactions: shmu26

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
Datpol will tell you that they don't officially\completely support the standard user account. There is some kind of limitation or issue when using it in a SUA.
Although the SUA is maintaining its own rules list, and its own level of protection (auto-allow versus ask user), nevertheless it shares the same restricted apps rules. Weird. This might actually be to my advantage, because I can put the SUA on a lower level of protection (less prompts to spook the noobs).
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top