For people with a little PC-security experience running an all Microsoft setup (e.g. using Simple Windows hardening and Configure Defender) and feeling the need to add some additional protection (HIPS and Firewall), this is really a great add-on.
SpyShelter Free
- Thread starter Lenny_Fox
- Start date
What features is it lacking as compared to the paid version? Or maybe I should ask: what features does it have?
Last I remember, the free version was an anti-keylogger without kernel hooks. This looks quite different.
Last I remember, the free version was an anti-keylogger without kernel hooks. This looks quite different.
here is comparison chart between the various products they offer :
Best Free Antispyware Software 2026 | Download SpyShelter
Download SpyShelter Antispyware FREE software. Get instant protection against spyware. Easy to use.
Here is what was changed in last free version.
SpyShelter 12.3 Released
SpyShelter version 12.3 is live now! New version of SpyShelter brings support for Windows October 2020 Update. You can either update via SpyShelter directly or download new installer from our Download Page. IMPORTANT NOTE: Due to issue in new buggy Windows API introduced in 20H1 and 20H2 (not...
malwaretips.com
BTW @Lenny_Fox thanks for review
I think most important features free is lacking is
1. Ability to kill the process which is flagged by the HIPS or FW module. FREE can only block or allow the intercepted action (by HIPS or FW)
2. Not able to fine tune monitored actions by HIPS.
3. I suspect HIGH level monitoring does not had all protections enabled in FREE version
4. Less granularity in FW rules
For moderate experienced users like me only the first is something worth considering paying for premium.
is free still only for 32 bit? that's the way it used to be. i bought a lifetime many years ago and ardently like this software.
ad.1 I have to check it but I didn't notice that as I remeber
ad.2 Do you mean editing advanced rules of process in separate window of settings? I could normaly open it, change avaliable option and save it but I didn't check how behaviour of SS have been changed. To check.
ad 3. Level of protection does not depends on number of monitored action. It depends on used by SS trusted certificates (Allow MS, Auto high and Auto medium level) or only by user decision. That's when we don't tick "auto allow signed" in box on list of monitored actions. Here is the test how used level of protection affects on alerts and rules.
SpyShelter 11
I just installed 11.4 RC on Windows 10 X64 Pro version 1709 and it set itself to Medium Security Level after installation. During the installation...
www.wilderssecurity.com
Why do think so? It's working on my Win 7 64-bit normaly in version 12.3 and earlier 12.0.
Ad1. Free does not allow to kill a process
Ad2. Free does not allow to disable a monitored action in the rules section, meaning SpyShelter does not monitor that action for all processes.
Ad2. Free does not allow to disable a monitored action in the rules section, meaning SpyShelter does not monitor that action for all processes.
OK...agree with first point - it doesn't offers action "terminate"
but...you can always use command "deny" and then find this one rule on rules tab, call context menu and use line "block the component execution". As an effect we can't launch process and interresting thing is - not listed monitored actions are stil working and as an example is action connected with described issue. If we use "deny" not presented action #53 (execution an application) start working what means that even not offered feature is working as hidden
Similar situation we can observe with rules #48 and #54.
According to second point - I still don't know what you mean. Here is a comparison of context menu in free and firewall version - they are the same (although each view of rules list offers different number of commands)
- Jan 16, 2017
- 1,470
- 13,500
- 2,379
@ichito you stated in changelog of free version of some features being added and some removed. Some firewall related features were removed but I don't understand technical details. I want to ask if the firewall in free version is still sufficient for regular users?
Yes, I think so...it allows
- detect internet connection in/out
used also by parent/child processes
- it offers creation of custom single/group rules using advanced rules setting window and box on the top
- if you use zone settings you can choose "undefined" and by this way all accesses without rules are prompted
- in network activity tab you can enter into listed connection and see recent serwvers list...each one you can block (adress IP or host name)
- Jan 16, 2017
- 1,470
- 13,500
- 2,379
This does look like a pretty good product though.
~LDogg
~LDogg
@ichito A picture tells more than a thousend words
I liked the idea of auto-allowing Microsoft signed and enabling auto-blocking of suspicious actions. To prevent me from shooting myself in the foot I tried to enable only user-land based protection rules. I have set UAC to deny elevation of unsigned and running Microsoft Defender on Max, so executables are sort of whitelisted. Spyshelter HIPS could monitor user land / medium IL processes not turning rogue. This is only possible in the paid version (which I understand, not complaining).
@LDogg after using it for 6 months I can confirm it is a nice program. Spyshelter has a good data base of trusted vendors to make this a quiet HIPS in HIGH or MEDIUM mode. With my extra Exploit Protection settings most Microsoft applications are only allowed to load Microsoft Signed DLL's. Combined with Simpel Windows Hardening this raises some extra barriers for Microsoft programs to turn rogue (hence the auto-allow M$-signed).
I liked the idea of auto-allowing Microsoft signed and enabling auto-blocking of suspicious actions. To prevent me from shooting myself in the foot I tried to enable only user-land based protection rules. I have set UAC to deny elevation of unsigned and running Microsoft Defender on Max, so executables are sort of whitelisted. Spyshelter HIPS could monitor user land / medium IL processes not turning rogue. This is only possible in the paid version (which I understand, not complaining).
@LDogg after using it for 6 months I can confirm it is a nice program. Spyshelter has a good data base of trusted vendors to make this a quiet HIPS in HIGH or MEDIUM mode. With my extra Exploit Protection settings most Microsoft applications are only allowed to load Microsoft Signed DLL's. Combined with Simpel Windows Hardening this raises some extra barriers for Microsoft programs to turn rogue (hence the auto-allow M$-signed).
Last edited:
Haha...it was an "attack by obfuscation"...first you wrote about rules tab not list of monitored
and yes...a picture is more informative Already I know what you mean. Yoe are right - disabling monitoring of an action is not allowed in free version but...always is some "but" ...sometime you can bypass this limitation editing advanced rules (if needed behaviour is avaliable).If using Spyshelter's firewall do I need to turn OFF Windows's default firewall or Spyshelter's FW needs Windows's default firewall to work?
Last edited:
It is so long ago I installed SpyShelter, but when my memory serves me right the setup offers an option to use WFP (Windows Filtering Platform) and or an óther driver (forgot the name). I know I use WPF for certain, but don't remember whether that was the default. I did not turnoff windows FW (thinking Windows FW also uses WFP).
BTW still using SpyShelter HIPS + FW with auto-allow Microsoft signed.
There's an image of Spyshelter free which I downloaded from the net. What does TDI firewall driver means? If I choose TDI firewall driver does that mean I can disable Windows firewall? Will Spyshelter auto disable Windows firewall here?
Assuming I choose WFP firewall driver does that means I can disable Windows firewall ie WFP CANNOT be disabled. Here can I still use Spyshelter firewall?
Assuming I choose WFP firewall driver does that means I can disable Windows firewall ie WFP CANNOT be disabled. Here can I still use Spyshelter firewall?
Attachments
Last edited:
Sorry something lost in translation, I intended to post that I have kept it enabled.
Ok found the answer between using TDI and WFP firewall driver as below in FAQ 2.14
What is the difference between TDI and WFP firewall drivers?
Windows XP users should use TDI driver, while Windows Vista/7/8/10 should use WFP driver. SpyShelter detects your system version and uses recommended driver automatically. You can read more about them on the internet. While it is possible to change the currently selected Firewall driver, we strongly advise to not do it.
What is the difference between TDI and WFP firewall drivers?
Windows XP users should use TDI driver, while Windows Vista/7/8/10 should use WFP driver. SpyShelter detects your system version and uses recommended driver automatically. You can read more about them on the internet. While it is possible to change the currently selected Firewall driver, we strongly advise to not do it.
Last edited:
You may also like...
-
Microsoft Defender Antivirus feat AI Defender- Started by Shadowra
- Replies: 13
-
Paid vs Free Antivirus in 2026: What are you using, and is it worth paying for?- Started by Bot
- Replies: 61
-
Defender Hardening Console (part of Hawk Eye Analysis Platform)- Started by Trident
- Replies: 62
-
