Hi there, missing a public roadmap in view of the fact that it is of course difficult to make suggestions when these have perhaps already been taken into account in the planning.
The whole SpyShelter is quite marginal (which is not a bad thing in that sense), but to be able to use the software effectively, a few things are missing? I know it’s still beta, but since I haven’t found anything in the forum so far.
I’ll just ask. e.g. “Host process for Windows services launch/terminate” is listed in activities and also via terminal view. Behind this is of course the “svchost.exe” with numerous functions, some of which need to be blocked.
As things stand at present, this is not really possible because there is no insight. Same counts for "xx proccesses launched by e.g. DESKTOP-XXX or NT-Authority where you can currently only see the pids.
Are there any plans to display additional information to block single threads and connections? As example “Create.SBCommand wanted to access the Internet” or “svchost has done this or that”, do you want to do action xy? to have more control about unwanted bahavior?
Another Question is… as example for Crashlytics there are files that occur repeatedly in many products. Crashhandler, for example, whether from Unity, Breakpad, Crashpad and many others.
As a question of understanding, is it generally possible to define file names that are then blocked for once? Instead of creating a new rule for each individual file and if so, would it be possible to implement something like this? Otherwise it can quickly become confusing.
Thank you for your feedback on considering giving more control over Svchost and blocking single threads. Our team will look at what options are available.
We haven’t tried this yet because we wouldn’t want SpyShelter to easily cause a blue screen, or some kind of serious error that could make your PC unable to boot, or wake up from sleep. Putting rules on threads can cause unexpected issues.
You ask “is it generally possible to define file names that are then blocked for once”? If I understand correctly, you are saying you want to make a rule where any app with a certain .exe name can’t launch?
For example, you could put in a rule like “block setup.exe by file name only”, and anything named setup.exe could never launch no matter the hash, publisher, or app description?
Sorry for the long answer delay here. Thanks for the update :]
“For example, you could put in a rule like “block setup.exe by file name only”, and anything named setup.exe could never launch no matter the hash, publisher, or app description?”
Yes, in short, it would be correct. The question was whether something like this is possible (maybe in the future)
–
Correct. Any news in this regard? Svchost was just an example.
Activity Window/Terminal as example:
Terminate “host process for windows services” (svchost.exe)
Launch “Background Task Host” (backgroundtaskhost)
Launch “Widgets.exe”
Launch “Windows Problem Reporting” (wermgr.exe)
The question is why? Or why does a process access the Internet and which process triggered the request?
Old Spyshelter has given a bit more additional information why each process was launched.If we stay in the example of the Svchost.exe or as example conhost.exe file, it would be good to know what, when and why each process is launched to block or allow them effective (e.g. for MS telemetry which I personally wouldn’t describe as “Safe”).
That of course you have to care that users do not destroy their system themselves is understandable.