How to protect a process from being accessed by kernel level permissions, only protecting a single process and not protecting everything else? To be more specific and simple, I am a novice
This is an interesting idea. I don’t believe anyone has ever asked us this question before.
Is it OK if the process can’t start at all, or is it allowed to start?
I might be wrong, but I think he/she is referring to process memory reading.
The problem is that most system processes need to read process memory, so it’s probably not a good idea to implement such a feature.
You will either get too many alerts or prevent the Windows OS from working correctly. And besides, malware often make use of code injection, so it’s way more important to protect against this stuff.
2 Likes
Good point! We have found some security monitoring features can definitely give off way too many alerts, for example Registry Monitoring. Because apps are almost constantly accessing the Windows Registry.
1 Like
Sorry about the typo, I have corrected it.
And yes, that’s why it makes sense to only monitor registry keys that are often abused by malware, and trusted processes should be allowed to make changes, unless you’re running in Paranoid Mode of course. Did you check out AutoRuns? It monitors a list of important regkeys.
https://www.softpedia.com/get/System/System-Info/AutoRuns.shtml
1 Like
Autoruns could be an interesting event type to monitor. Thanks for sharing this.
And by the way… I run in “Paranoid” mode. 
To clarify, I assume that SpyShelter is already monitoring most or all of these registry keys right?
And even in Paranoid Mode, system processes should still be able to modify the registry, otherwise you might break things.
But other apps should not be allowed to modify stuff. For example, a browser like Edge should not automatically be allowed to create a task in the Task Scheduler. It often does this to make Edge auto-update, but if you don’t want this, it should be blocked. 
Our current version monitors Registry changes. However, we found people aren’t using this feature much so we are going to remove it as we move our software in another direction with major new features coming in the next 30 days or so.
Thanks for your feedback about “Task Scheduler” etc… we will look at that too.
We should have a SpyShelter update out in a day or so.
I already responded in the other thread, but removing the registry monitor is a bit weird. Like I said, the registry keys monitored by AutoRuns are often abused by malware, like for example the Task Scheduler.
And I would love to know what direction SS is going? Like I said, in my view, SS should be a behavior blocker that monitors app behavior, nothing more, nothing less. It should not become an AV or whitelisting tool.
So basically, SS should protect against: code injection, keylogging, screen/clipboard/microphone access, file/folder access, registry modification, service/driver loading and network access.
I responded in the other thread about Registry. Please check, and thank you for your feedback on that.
I think we are moving more towards visibility, then working to bring back more Classic functionality that is actually functional with modern Windows versions. A lot of the features in our Classic software are no longer functional, or the app won’t launch/run at all anymore. But as mentioned in the other thread, we continue to support older Classic users like yourself.
Microsoft has changed Windows over time and the major changes have made us have to redesign how SpyShelter works. It’s not trivial and it will take us time to keep improving and adding new features, but the new features will actually work with modern Windows versions vs not working at all (as it is with SpyShelter Classic).
Thanks for your patience while we work towards these goals and we appreciate public user feedback like yours so we can understand how to keep moving forward and improving.
I already responded in the other thread. SS 15 only misses protection against keyloggers and code injection, that’s it. You guys do monitor file/folder access, screen/microphone/webcam access, service/driver loading and registry modification. So the basics are already there. I’m not sure what you mean with visibility though. 
You will see what I mean in the next update I think. Hopefully you like it!
Why are you being so secretive? 
Like I said, SS should be focused on offering protection against malware, but of course process and network monitoring would be a nice extra bonus.
1 Like