Software
Spyshelter Free 12.3
Installation
4.00 star(s)
Installation Feedback
Installation is straight forward
Interface (UI)
4.00 star(s)
Interface Feedback
The only thing which is not intuitive is when you want to clear a log, this option only appears when you right click on the log
Usability
4.00 star(s)
Usability Feedback
With the auto-allow Microsoft signed adding a Firewall HIPS is really a breeze, since I only had to allow a few other programs outbound internet access and launching other programs (e.g. the updater)
Performance and System Impact
4.00 star(s)
Performance and System Impact Feedback
Good uses less CPU as Microsoft Defender for example, 0.02 to 0.03 percent idle with spikes up to 0.40 percent when it intercepts something (on old i7 950 CPU with 8 GB RAM).
Protection
5.00 star(s)
Protection Feedback
I use the HIPS and Firewall with setting auto-allow Microsoft signed. For someone with an all Microsoft setup (Win10 + Defender+ Office + Edge + Store apps for media etc))this is a really nice addition to the other great software from Poland (Simple Windows Hardening and ConfigureDefender)
Pros
  1. It's a free software
  2. Low impact on system resources
  3. Easy to use
  4. Strong and reliable protection
  5. Blocks even brand new malware
  6. Works alongside other antivirus software
  7. Well designed, clear interface
Cons
  1. Not for beginners
  2. Short on configuration options
Software installed on computer
More than 6 months
Computer hardware
Self build from redundant PC's of relatives- Intel I7 970 with 8 GB RAM Nvidia GT730 and 2xSSD plus 2xHD
Overall Rating
4.00 star(s)
Disclaimer
  1. Any views or opinions expressed are that of the member giving the information and may be subjective.
    This software may behave differently on your device.

    We encourage you to compare these opinions with others and take informed decisions on what security products to use.
    Before buying a product you should consider factors such as price, ease of use, compatibility, and support. Installing a free trial version allows an antivirus to be tested in everyday use before purchase.

Lenny_Fox

Level 15
Verified
For people with a little PC-security experience running an all Microsoft setup (e.g. using Simple Windows hardening and Configure Defender) and feeling the need to add some additional protection (HIPS and Firewall), this is really a great add-on.

1605445362018.png
 

Nautilus

Level 1
What features is it lacking as compared to the paid version? Or maybe I should ask: what features does it have?
Last I remember, the free version was an anti-keylogger without kernel hooks. This looks quite different.
here is comparison chart between the various products they offer :

 

ichito

Level 10
Verified
Content Creator
What features is it lacking as compared to the paid version? Or maybe I should ask: what features does it have?
Last I remember, the free version was an anti-keylogger without kernel hooks. This looks quite different.
Here is what was changed in last free version.
Analysing the list of monitored actions we can see it's differ to officially mentioned features. Eventhoug we still have free long time developed app that offers solid protection.
BTW @Lenny_Fox thanks for review 👍
 

Lenny_Fox

Level 15
Verified
What features is it lacking as compared to the paid version? Or maybe I should ask: what features does it have?
Last I remember, the free version was an anti-keylogger without kernel hooks. This looks quite different.
I think most important features free is lacking is
1. Ability to kill the process which is flagged by the HIPS or FW module. FREE can only block or allow the intercepted action (by HIPS or FW)
2. Not able to fine tune monitored actions by HIPS.
3. I suspect HIGH level monitoring does not had all protections enabled in FREE version
4. Less granularity in FW rules

For moderate experienced users like me only the first is something worth considering paying for premium.
 

ichito

Level 10
Verified
Content Creator
I think most important features free is lacking is
1. Ability to kill the process which is flagged by the HIPS or FW module. FREE can only block or allow the intercepted action (by HIPS or FW)
2. Not able to fine tune monitored actions by HIPS.
3. I suspect HIGH level monitoring does not had all protections enabled in FREE version
4. Less granularity in FW rules

For moderate experienced users like me only the first is something worth considering paying for premium.
ad.1 I have to check it but I didn't notice that as I remeber
ad.2 Do you mean editing advanced rules of process in separate window of settings? I could normaly open it, change avaliable option and save it but I didn't check how behaviour of SS have been changed. To check.
ad 3. Level of protection does not depends on number of monitored action. It depends on used by SS trusted certificates (Allow MS, Auto high and Auto medium level) or only by user decision. That's when we don't tick "auto allow signed" in box on list of monitored actions. Here is the test how used level of protection affects on alerts and rules.
ad. 4 I could agree but only partiary - some action were removed but it looks thet they are still monitored (#48, 53, 54) and proper rules are created - e.g. blocking rule for STDUViewer and rules for Firefox - see below
SSfree 12.3_log.jpg

is free still only for 32 bit? that's the way it used to be. i bought a lifetime many years ago and ardently like this software.
Why do think so? It's working on my Win 7 64-bit normaly in version 12.3 and earlier 12.0.
 

ichito

Level 10
Verified
Content Creator
Ad1. Free does not allow to kill a process
Ad2. Free does not allow to disable a monitored action in the rules section, meaning SpyShelter does not monitor that action for all processes.
OK...agree with first point - it doesn't offers action "terminate"
201117100221_3.jpg
but...you can always use command "deny" and then find this one rule on rules tab, call context menu and use line "block the component execution". As an effect we can't launch process and interresting thing is - not listed monitored actions are stil working and as an example is action connected with described issue. If we use "deny" not presented action #53 (execution an application) start working what means that even not offered feature is working as hidden
201117102307_5.jpg
Similar situation we can observe with rules #48 and #54.

According to second point - I still don't know what you mean. Here is a comparison of context menu in free and firewall version - they are the same (although each view of rules list offers different number of commands)
201117101651_4.jpg
 

ichito

Level 10
Verified
Content Creator
@ichito you stated in changelog of free version of some features being added and some removed. Some firewall related features were removed but I don't understand technical details. I want to ask if the firewall in free version is still sufficient for regular users?
Yes, I think so...it allows
- detect internet connection in/out
201117164726_1.jpg201117165730_2.jpg
used also by parent/child processes
201117165442_1.jpg
- it offers creation of custom single/group rules using advanced rules setting window and box on the top
- if you use zone settings you can choose "undefined" and by this way all accesses without rules are prompted
- in network activity tab you can enter into listed connection and see recent serwvers list...each one you can block (adress IP or host name)
201117171212_3.jpg
 

Deletedmessiah

Level 24
Verified
Content Creator
Yes, I think so...it allows
- detect internet connection in/out
View attachment 249190View attachment 249192
used also by parent/child processes
View attachment 249191
- it offers creation of custom single/group rules using advanced rules setting window and box on the top
- if you use zone settings you can choose "undefined" and by this way all accesses without rules are prompted
- in network activity tab you can enter into listed connection and see recent serwvers list...each one you can block (adress IP or host name)
View attachment 249206
Thanks for the info.
 

Lenny_Fox

Level 15
Verified
@ichito A picture tells more than a thousend words

1605643158179.png


I liked the idea of auto-allowing Microsoft signed and enabling auto-blocking of suspicious actions. To prevent me from shooting myself in the foot I tried to enable only user-land based protection rules. I have set UAC to deny elevation of unsigned and running Microsoft Defender on Max, so executables are sort of whitelisted. Spyshelter HIPS could monitor user land / medium IL processes not turning rogue. This is only possible in the paid version (which I understand, not complaining).

@LDogg after using it for 6 months I can confirm it is a nice program. Spyshelter has a good data base of trusted vendors to make this a quiet HIPS in HIGH or MEDIUM mode. With my extra Exploit Protection settings most Microsoft applications are only allowed to load Microsoft Signed DLL's. Combined with Simpel Windows Hardening this raises some extra barriers for Microsoft programs to turn rogue (hence the auto-allow M$-signed).
 
Last edited:

ichito

Level 10
Verified
Content Creator
@ichito A picture tells more than a thousend words

I liked the idea of auto-allowing Microsoft signed and enabling auto-blocking of suspicious actions. To prevent me from shooting myself in the foot I tried to enable only user-land based protection rules. I have set UAC to deny elevation of unsigned and running Microsoft Defender on Max, so executables are sort of whitelisted. Spyshelter HIPS could monitor user land / medium IL processes not turning rogue. This is only possible in the paid version (which I understand, not complaining).
Haha...it was an "attack by obfuscation"...first you wrote about rules tab not list of monitored :) and yes...a picture is more informative :) Already I know what you mean. Yoe are right - disabling monitoring of an action is not allowed in free version but...always is some "but" :)...sometime you can bypass this limitation editing advanced rules (if needed behaviour is avaliable).
 

Lenny_Fox

Level 15
Verified
If using Spyshelter's firewall do I need to turn OFF Windows's default firewall or Spyshelter's FW needs Windows's default firewall to work?
It is so long ago I installed SpyShelter, but when my memory serves me right the setup offers an option to use WFP (Windows Filtering Platform) and or an óther driver (forgot the name). I know I use WPF for certain, but don't remember whether that was the default. I did not turnoff windows FW (thinking Windows FW also uses WFP).

BTW still using SpyShelter HIPS + FW with auto-allow Microsoft signed.
 

HarborFront

Level 55
Verified
Content Creator
There's an image of Spyshelter free which I downloaded from the net. What does TDI firewall driver means? If I choose TDI firewall driver does that mean I can disable Windows firewall? Will Spyshelter auto disable Windows firewall here?

Assuming I choose WFP firewall driver does that means I can disable Windows firewall ie WFP CANNOT be disabled. Here can I still use Spyshelter firewall?
 

Attachments

  • SpyShelter-Personal-Free_19.png
    SpyShelter-Personal-Free_19.png
    47.8 KB · Views: 12
Last edited:

Lenny_Fox

Level 15
Verified
There's an image of Spyshelter free which I downloaded from the net. What does TDI firewall driver means? If I choose TDI firewall driver does that mean I can disable Windows firewall? Will Spyshelter auto disable Windows firewall here?

Assuming I choose WFP firewall driver does that means I can disable Windows firewall ie WFP CANNOT be disabled. Here can I still use Spyshelter firewall?
Sorry something lost in translation, I intended to post that I have kept it enabled.
1606375429154.png
 

HarborFront

Level 55
Verified
Content Creator
Ok found the answer between using TDI and WFP firewall driver as below in FAQ 2.14

What is the difference between TDI and WFP firewall drivers?

Windows XP users should use TDI driver, while Windows Vista/7/8/10 should use WFP driver. SpyShelter detects your system version and uses recommended driver automatically. You can read more about them on the internet. While it is possible to change the currently selected Firewall driver, we strongly advise to not do it.

 
Last edited:
Top