SpyShelter Free

Product name
Spyshelter Free 12.3
Installation (rating)
4.00 star(s)
User interface (rating)
4.00 star(s)
Accessibility notes
The only thing which is not intuitive is when you want to clear a log, this option only appears when you right click on the log
Performance (rating)
4.00 star(s)
Core Protection (rating)
5.00 star(s)
Additional Protection notes
I use the HIPS and Firewall with setting auto-allow Microsoft signed. For someone with an all Microsoft setup (Win10 + Defender+ Office + Edge + Store apps for media etc))this is a really nice addition to the other great software from Poland (Simple Windows Hardening and ConfigureDefender)
Positives
    • Freeware
    • Low impact on system resources
    • Easy to use
    • Strong and reliable protection
    • Detects or blocks in the wild malware
    • Compatible with other anti-virus software
    • Well designed, clear and easy to use interface
Negatives
    • Not for beginners
    • Short on configuration options
Time spent using product
Computer specs
Self build from redundant PC's of relatives- Intel I7 970 with 8 GB RAM Nvidia GT730 and 2xSSD plus 2xHD
Overall rating
4.00 star(s)

Lenny_Fox

Level 22
Thread author
Verified
Top Poster
Well-known
Oct 1, 2019
1,120
For people with a little PC-security experience running an all Microsoft setup (e.g. using Simple Windows hardening and Configure Defender) and feeling the need to add some additional protection (HIPS and Firewall), this is really a great add-on.

1605445362018.png
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
What features is it lacking as compared to the paid version? Or maybe I should ask: what features does it have?
Last I remember, the free version was an anti-keylogger without kernel hooks. This looks quite different.
 

Nautilus

Level 2
Apr 27, 2020
86
What features is it lacking as compared to the paid version? Or maybe I should ask: what features does it have?
Last I remember, the free version was an anti-keylogger without kernel hooks. This looks quite different.
here is comparison chart between the various products they offer :

 

ichito

Level 11
Verified
Top Poster
Content Creator
Well-known
Dec 12, 2013
541
What features is it lacking as compared to the paid version? Or maybe I should ask: what features does it have?
Last I remember, the free version was an anti-keylogger without kernel hooks. This looks quite different.
Here is what was changed in last free version.
Analysing the list of monitored actions we can see it's differ to officially mentioned features. Eventhoug we still have free long time developed app that offers solid protection.
BTW @Lenny_Fox thanks for review 👍
 

Lenny_Fox

Level 22
Thread author
Verified
Top Poster
Well-known
Oct 1, 2019
1,120
What features is it lacking as compared to the paid version? Or maybe I should ask: what features does it have?
Last I remember, the free version was an anti-keylogger without kernel hooks. This looks quite different.
I think most important features free is lacking is
1. Ability to kill the process which is flagged by the HIPS or FW module. FREE can only block or allow the intercepted action (by HIPS or FW)
2. Not able to fine tune monitored actions by HIPS.
3. I suspect HIGH level monitoring does not had all protections enabled in FREE version
4. Less granularity in FW rules

For moderate experienced users like me only the first is something worth considering paying for premium.
 

ichito

Level 11
Verified
Top Poster
Content Creator
Well-known
Dec 12, 2013
541
I think most important features free is lacking is
1. Ability to kill the process which is flagged by the HIPS or FW module. FREE can only block or allow the intercepted action (by HIPS or FW)
2. Not able to fine tune monitored actions by HIPS.
3. I suspect HIGH level monitoring does not had all protections enabled in FREE version
4. Less granularity in FW rules

For moderate experienced users like me only the first is something worth considering paying for premium.
ad.1 I have to check it but I didn't notice that as I remeber
ad.2 Do you mean editing advanced rules of process in separate window of settings? I could normaly open it, change avaliable option and save it but I didn't check how behaviour of SS have been changed. To check.
ad 3. Level of protection does not depends on number of monitored action. It depends on used by SS trusted certificates (Allow MS, Auto high and Auto medium level) or only by user decision. That's when we don't tick "auto allow signed" in box on list of monitored actions. Here is the test how used level of protection affects on alerts and rules.
ad. 4 I could agree but only partiary - some action were removed but it looks thet they are still monitored (#48, 53, 54) and proper rules are created - e.g. blocking rule for STDUViewer and rules for Firefox - see below
SSfree 12.3_log.jpg

is free still only for 32 bit? that's the way it used to be. i bought a lifetime many years ago and ardently like this software.
Why do think so? It's working on my Win 7 64-bit normaly in version 12.3 and earlier 12.0.
 

ichito

Level 11
Verified
Top Poster
Content Creator
Well-known
Dec 12, 2013
541
Ad1. Free does not allow to kill a process
Ad2. Free does not allow to disable a monitored action in the rules section, meaning SpyShelter does not monitor that action for all processes.
OK...agree with first point - it doesn't offers action "terminate"
201117100221_3.jpg
but...you can always use command "deny" and then find this one rule on rules tab, call context menu and use line "block the component execution". As an effect we can't launch process and interresting thing is - not listed monitored actions are stil working and as an example is action connected with described issue. If we use "deny" not presented action #53 (execution an application) start working what means that even not offered feature is working as hidden
201117102307_5.jpg
Similar situation we can observe with rules #48 and #54.

According to second point - I still don't know what you mean. Here is a comparison of context menu in free and firewall version - they are the same (although each view of rules list offers different number of commands)
201117101651_4.jpg
 

ichito

Level 11
Verified
Top Poster
Content Creator
Well-known
Dec 12, 2013
541
@ichito you stated in changelog of free version of some features being added and some removed. Some firewall related features were removed but I don't understand technical details. I want to ask if the firewall in free version is still sufficient for regular users?
Yes, I think so...it allows
- detect internet connection in/out
201117164726_1.jpg201117165730_2.jpg
used also by parent/child processes
201117165442_1.jpg
- it offers creation of custom single/group rules using advanced rules setting window and box on the top
- if you use zone settings you can choose "undefined" and by this way all accesses without rules are prompted
- in network activity tab you can enter into listed connection and see recent serwvers list...each one you can block (adress IP or host name)
201117171212_3.jpg
 

Deletedmessiah

Level 25
Verified
Top Poster
Content Creator
Well-known
Jan 16, 2017
1,469
Yes, I think so...it allows
- detect internet connection in/out
View attachment 249190View attachment 249192
used also by parent/child processes
View attachment 249191
- it offers creation of custom single/group rules using advanced rules setting window and box on the top
- if you use zone settings you can choose "undefined" and by this way all accesses without rules are prompted
- in network activity tab you can enter into listed connection and see recent serwvers list...each one you can block (adress IP or host name)
View attachment 249206
Thanks for the info.
 

Lenny_Fox

Level 22
Thread author
Verified
Top Poster
Well-known
Oct 1, 2019
1,120
@ichito A picture tells more than a thousend words

1605643158179.png


I liked the idea of auto-allowing Microsoft signed and enabling auto-blocking of suspicious actions. To prevent me from shooting myself in the foot I tried to enable only user-land based protection rules. I have set UAC to deny elevation of unsigned and running Microsoft Defender on Max, so executables are sort of whitelisted. Spyshelter HIPS could monitor user land / medium IL processes not turning rogue. This is only possible in the paid version (which I understand, not complaining).

@LDogg after using it for 6 months I can confirm it is a nice program. Spyshelter has a good data base of trusted vendors to make this a quiet HIPS in HIGH or MEDIUM mode. With my extra Exploit Protection settings most Microsoft applications are only allowed to load Microsoft Signed DLL's. Combined with Simpel Windows Hardening this raises some extra barriers for Microsoft programs to turn rogue (hence the auto-allow M$-signed).
 
Last edited:

ichito

Level 11
Verified
Top Poster
Content Creator
Well-known
Dec 12, 2013
541
@ichito A picture tells more than a thousend words

I liked the idea of auto-allowing Microsoft signed and enabling auto-blocking of suspicious actions. To prevent me from shooting myself in the foot I tried to enable only user-land based protection rules. I have set UAC to deny elevation of unsigned and running Microsoft Defender on Max, so executables are sort of whitelisted. Spyshelter HIPS could monitor user land / medium IL processes not turning rogue. This is only possible in the paid version (which I understand, not complaining).
Haha...it was an "attack by obfuscation"...first you wrote about rules tab not list of monitored :) and yes...a picture is more informative :) Already I know what you mean. Yoe are right - disabling monitoring of an action is not allowed in free version but...always is some "but" :)...sometime you can bypass this limitation editing advanced rules (if needed behaviour is avaliable).
 

Lenny_Fox

Level 22
Thread author
Verified
Top Poster
Well-known
Oct 1, 2019
1,120
If using Spyshelter's firewall do I need to turn OFF Windows's default firewall or Spyshelter's FW needs Windows's default firewall to work?
It is so long ago I installed SpyShelter, but when my memory serves me right the setup offers an option to use WFP (Windows Filtering Platform) and or an óther driver (forgot the name). I know I use WPF for certain, but don't remember whether that was the default. I did not turnoff windows FW (thinking Windows FW also uses WFP).

BTW still using SpyShelter HIPS + FW with auto-allow Microsoft signed.
 

HarborFront

Level 71
Verified
Top Poster
Content Creator
Oct 9, 2016
6,010
There's an image of Spyshelter free which I downloaded from the net. What does TDI firewall driver means? If I choose TDI firewall driver does that mean I can disable Windows firewall? Will Spyshelter auto disable Windows firewall here?

Assuming I choose WFP firewall driver does that means I can disable Windows firewall ie WFP CANNOT be disabled. Here can I still use Spyshelter firewall?
 

Attachments

  • SpyShelter-Personal-Free_19.png
    SpyShelter-Personal-Free_19.png
    47.8 KB · Views: 599
Last edited:

Lenny_Fox

Level 22
Thread author
Verified
Top Poster
Well-known
Oct 1, 2019
1,120
There's an image of Spyshelter free which I downloaded from the net. What does TDI firewall driver means? If I choose TDI firewall driver does that mean I can disable Windows firewall? Will Spyshelter auto disable Windows firewall here?

Assuming I choose WFP firewall driver does that means I can disable Windows firewall ie WFP CANNOT be disabled. Here can I still use Spyshelter firewall?
Sorry something lost in translation, I intended to post that I have kept it enabled.
1606375429154.png
 

HarborFront

Level 71
Verified
Top Poster
Content Creator
Oct 9, 2016
6,010
Ok found the answer between using TDI and WFP firewall driver as below in FAQ 2.14

What is the difference between TDI and WFP firewall drivers?

Windows XP users should use TDI driver, while Windows Vista/7/8/10 should use WFP driver. SpyShelter detects your system version and uses recommended driver automatically. You can read more about them on the internet. While it is possible to change the currently selected Firewall driver, we strongly advise to not do it.

 
Last edited:

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top