How to protect a process from being accessed by kernel level permissions, only protecting a single process and not protecting everything else? To be more specific and simple, I am a novice
This is an interesting idea. I don’t believe anyone has ever asked us this question before.
Is it OK if the process can’t start at all, or is it allowed to start?
I might be wrong, but I think he/she is referring to process memory reading.
The problem is that most system processes need to read process memory, so it’s probably not a good idea to implement such a feature.
You will either get too many alerts or prevent the Windows OS from working correctly. And besides, malware often make use of code injection, so it’s way more important to protect against this stuff.
2 Likes
Good point! We have found some security monitoring features can definitely give off way too many alerts, for example Registry Monitoring. Because apps are almost constantly accessing the Windows Registry.
1 Like
Sorry about the typo, I have corrected it.
And yes, that’s why it makes sense to only monitor registry keys that are often abused by malware, and trusted processes should be allowed to make changes, unless you’re running in Paranoid Mode of course. Did you check out AutoRuns? It monitors a list of important regkeys.
https://www.softpedia.com/get/System/System-Info/AutoRuns.shtml
1 Like
Autoruns could be an interesting event type to monitor. Thanks for sharing this.
And by the way… I run in “Paranoid” mode. 
To clarify, I assume that SpyShelter is already monitoring most or all of these registry keys right?
And even in Paranoid Mode, system processes should still be able to modify the registry, otherwise you might break things.
But other apps should not be allowed to modify stuff. For example, a browser like Edge should not automatically be allowed to create a task in the Task Scheduler. It often does this to make Edge auto-update, but if you don’t want this, it should be blocked. 
Our current version monitors Registry changes. However, we found people aren’t using this feature much so we are going to remove it as we move our software in another direction with major new features coming in the next 30 days or so.
Thanks for your feedback about “Task Scheduler” etc… we will look at that too.
We should have a SpyShelter update out in a day or so.