SpyShelter version 12.7 released

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,057
SpyShelter version 12.7 is live now!

You can find new SpyShelter Silent, Premium and Firewall editions there: Download Page.

For recent Windows releases encryption in console applications is disabled by default due to possible compatibility reasons, it can be enabled on demand however it’s rarely used or desired feature among users.

(free version will be updated in next weeks)

12.7 (12/Oct/2021)
  • Improved support for Windows 11
  • Fixed bug with black screen while OS loading
  • Compatibility fixes
 

ichito

Level 11
Verified
Top Poster
Content Creator
Well-known
Dec 12, 2013
541
External monitors are not covered by SpyShelter.
I'm not using more than one monitor/screen but I don't think your opinion is true. The matter can be in marked entry in keystroke encryption settings (it's default option) so it could be interesting to check other settings.

211025101139_1.jpg
 

kC77

Level 5
Verified
Well-known
Aug 16, 2021
230
I'm not using more than one monitor/screen but I don't think your opinion is true. The matter can be in marked entry in keystroke encryption settings (it's default option) so it could be interesting to check other settings.

View attachment 261493
i have just tested enabling screen phantom & removing the <system processes> rule and tested again
still only the main display is blacked out when screenshotting.

(i then re-added the <system processes> rule)
 

kC77

Level 5
Verified
Well-known
Aug 16, 2021
230
another weird issue ive come across relating to "restricted apps"... not sure if this is expected behaviour? (normally id expect any (non microsoft signed) application that needs internet access gets prompted for) (im in the allow MS mode)

Ive figured out the issue, but not sure if its expected? (appears that using restricted mode is actually less secure?)

if i use MSEDGE in "restricted mode" should any applications EDGE launches then get full internet access without creating additional rules? (seems a security hole when thinking restricted mode is more secure!)


on my work machine we use a MSP remote management platform called Solarwinds N-able, its a website i access using MSEDGE and I had previously had MSEDGE in restricted mode thinking it was more secure, but i found a odd issue, that using the platform, when MSEDGE calls up the software to remote connect to servers, i found it never prompted for anything, the remote software below just launched and worked fine, no rules got created, no pop ups or prompts, nothing in spyshelter, it had just allowed it to run & access the internet.

the path to the executables that EDGE launches is
C:\Users\username\AppData\Local\Take Control Viewer\TakeControlRDViewer.exe


So in restricted mode, yes im more secure in that edge can only write to the specified folders, but its a huge problem if ANY .exe that MSEDGE launches is just granted full access to do what it wants to do

Once i removed MSEDGE from restricted mode, when i click on the remote button, I then correctly got plenty of pop ups asking for rules to be created to TakeControlRDViewer.exe

Is this by design or is this not normal?
 
Last edited:

Jan Willy

Level 11
Verified
Top Poster
Well-known
Jul 5, 2019
544
another weird issue ive come across relating to "restricted apps"... not sure if this is expected behaviour? (normally id expect any (non microsoft signed) application that needs internet access gets prompted for) (im in the allow MS mode)

Ive figured out the issue, but not sure if its expected? (appears that using restricted mode is actually less secure?)

if i use MSEDGE in "restricted mode" should any applications EDGE launches then get full internet access without creating additional rules? (seems a security hole when thinking restricted mode is more secure!)


on my work machine we use a MSP remote management platform called Solarwinds N-able, its a website i access using MSEDGE and I had previously had MSEDGE in restricted mode thinking it was more secure, but i found a odd issue, that using the platform, when MSEDGE calls up the software to remote connect to servers, i found it never prompted for anything, the remote software below just launched and worked fine, no rules got created, no pop ups or prompts, nothing in spyshelter, it had just allowed it to run & access the internet.

the path to the executables that EDGE launches is
C:\Users\username\AppData\Local\Take Control Viewer\TakeControlRDViewer.exe


So in restricted mode, yes im more secure in that edge can only write to the specified folders, but its a huge problem if ANY .exe that MSEDGE launches is just granted full access to do what it wants to do

Once i removed MSEDGE from restricted mode, when i click on the remote button, I then correctly got plenty of pop ups asking for rules to be created to TakeControlRDViewer.exe

Is this by design or is this not normal?
I assume this has something to do with the location of the exe-file: ...AppData\Local\... This location is excluded from the restriction mode. See the tab Folders with write access in the SS program.

Schermafbeelding 2021-10-25 184717.jpg
 
Last edited:

kC77

Level 5
Verified
Well-known
Aug 16, 2021
230
had confirmation from support that its by design .... if you run an app in restricted mode, then any child process that has no rules it spawns will have full access without prompts to everything/internet...

1635245157339.png
 
Last edited by a moderator:

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top