SpyShelter now available - what's new?

We’ve just released SpyShelter Download it now - if you’re a previous SpyShelter user you’ll be alerted to update, or you can install it now by installing it over your previous version of SpyShelter. No need to uninstall anything first.

What’s new?

  • SpyShelter 15 is now no longer in beta testing. Thank you for all your feedback via our helpdesk and forum so we could improve SpyShelter! Please keep providing feedback in our public forum so we can keep improving.
  • SpyShelter now supports PUP protection. PUP means “Potentially Unwanted Programs” and was requested by many SpyShelter fans. To turn this on, go to the Protection tab “Threat Protection” area (click the right side arrow), or leave it turned off if PUPs aren’t an issue for you. SpyShelter will now stop unwanted programs before they can even launch. If SpyShelter catches a program you want to install, just unquarantine it to use it by going to the Rules tab.
  • Now when threats or PUPs are quarantined, SpyShelter shows you an alert on the desktop, and an event. Previously you could only see this under SpyShelter’s Rules.
  • Go to SpyShelter’s settings to only show red dots and red event alerts for threats only, or unsigned executables and threats only.
  • SpyShelter has had many UI fixes and enhancements due to user reports and feedback.
  • The SpyShelter software already doesn’t collect any identifiable information, but for those who want an extreme level of privacy, SpyShelter now has a built-in extreme privacy mode for all free or paid users. A SpyShelter fan requested this mode via a private message in our forum, so we built it for that person. To use this mode, install SpyShelter from the Windows Terminal with the command /privacy. Now SpyShelter Threat Detection, Insights, and any other features that may send data (that’s already non-identifiable as is) are disabled from SpyShelter’s installation. Therefore, now even non-identifiable data isn’t sent anywhere when using SpyShelter while in /privacy mode. Unfortunately this causes you to miss out on any threat detection or insights, to it’s not recommended for most people. However, this mode may be useful for some work environments or IT requirements. To leave this privacy mode you have to uninstall SpyShelter and reinstall it with the /clean command.
  • SpyShelter yearly subscriptions are now live. Thanks for considering supporting our work on this project so we can keep building new features and improving SpyShelter! Unlike many subscription companies we make it easy to cancel your subscription. You can purchase, then immediately click “unsubscribe” in your email to cancel rebills if you prefer. We don’t make you have to contact us to cancel subscriptions.

Purchase SpyShelter Pro or Ultimate now.


Great work, even the bug that I forgot to report was fixed :slight_smile:

1 Like

I’m glad it’s fixed! I am curious what it was now. :slightly_smiling_face:

Every system restart , setting - When I’m unavailable - was set to - Allow all prompts - even if I set it to Allow all signed -

1 Like

Interesting. Well, I am glad it’s not doing that anymore. Sorry for the previous issue.

Good catch, that bug was indeed identified and fixed in 15.0.2.

Earlier, there was a message on one of the forums from a user who encountered failures when working with spyshelter in a standard user account. Since I use this type of user account, before updating the program, I would like to know how stable the program is in the SUA?

For our own forum and helpdesk we haven’t seen any reports on this issue. Was it our beta, or our new stable version?

If you are in contact with the person any details would be appreciated so we can investigate and try to reproduce the problem. SpyShelter should work fine in a SUA.

No, I do not know this user and was interested in his comment only because he wrote about the standard user account.
It was on the WildersSecurity forum, a comment by user bertazzoni on February 14th. SpyShelter 12 | Page 18 | Wilders Security Forums


Sounds like an older version from February. Hopefully the issue is solved, but if not we are glad to hear his feedback and details so we can solve it ASAP. It’s not acceptable if SUA users have issues with SpyShelter of course.

Our system is now notifying users to update to our latest version. If you experience any issues updating please let us know:

  1. Your Windows OS version
  2. What exactly you experienced, with any screenshots if possible
  3. What other security software you use

Feel free to send this to me privately in case it has private information. Just click my name in the forum and send me a private message.

We will then review any reported issues, and respond by Sunday or Monday at the latest. Thank you.

So, I have installed the new version 15, and I will note a few problems/inconveniences. I work in a standard user account (Windows 10 latest version 22H2).

  1. There is a problem with saving the program settings. After restarting the system, the program does not save the user’s settings, in particular, the autorun of the program is disabled (therefore its icon is missing from the tray), the dark theme is not saved (after restarting the program resets to the standard light theme), the Do Not Disturb setting is not saved (resets to the standard 3 hours), the auto-update setting of the program is also disabled.

  2. There are not enough localizations in other languages (besides English).

  3. I also use a Kaspersky Antivirus Free. Surprisingly, the Spyshelter marks Kaspersky anti-virus files as unsigned, so there is concern that the Spyshelter may somehow react in conflict to the actions of the antivirus, even if I marked the antivirus as Trusted. There is a suggestion to you that the files of ALL antivirus programs should be immediately marked in the Spyshelter as Trusted in order to avoid possible problems with unsigned files of some antiviruses (such as this with Kaspersky).

Surprisingly, if you do not restart the system, but only turn it off and turn it on again, then all the settings of the spike shelter are saved, the theme is also saved.

I’ll add one idea. It would be nice if the activity monitor also Spyshelter checked the program caches for viruses on Virustotal, and showed the result of the check, and if some program has a large detection (more than 10 antiviruses identify the program as malicious, while at least 2 detections from well-known and large developers (such as Kaspersky, Bitdefender, ESET, Norton), then such a program would automatically be quarantined by Spyshelter.

It feels that some other app is preventing SpyShelter from modifying the registry settings and modify files on disk (or restores changed values after restart). Please check that none of anti-virus apps installed on you PC reports that and add C:\Program Files\SpyShelter\SpyShelter.exe into the exclusion list if possible.

As for the threat/malware checking - SpyShelter 15 Threat Protecion module does just that exactly as you described. Give it a try!

@DMTag we were able to partially reproduce the issue under Standard User Account and it only affects the first restart post installation. All subsequential computer restarts should not affect your settings anymore.

1 Like

@Alex Yes, I watched the program, and then all the settings are saved, starting with the second reboot.

Yes, I know, this is a very useful and important security module. When I talked about the results of the virus scan on Virustotal, I meant that the activity monitor, perhaps it can be implemented visually as it is done, for example, in the Autorans program (and, if I’m not mistaken, in the Process Explorer program). That is, the activity monitor will show that this program has been checked for Virus potential and the result of the check is, for example, 0/50 (out of 50 antiviruses, none sees a threat) or 10/50 (10 antiviruses consider the program malicious). And the user would receive a warning that he has a dangerous program in his system. I do not know which antivirus engine is embedded in the Threat Protection module, but if this is not a hash check for Virustotal, then perhaps it would be possible to add such a file check for Virustotal.

1 Like

Interesting idea. Have you found this virus potential feature to be accurate? We try to avoid false positives.

1 Like

There will always be a chance of false positives, but there are several factors that minimize this probability. There are antivirus programs that have had a high reputation and authority all over the world for many years and the detection of these programs is highly accurate. These are such antiviruses as Kaspersky, Bitdefender, ESET, Norton. What is the probability that the file that all these antiviruses point to as malicious is actually malicious? The probability is very high. We can say that there is at least a 99% probability that this file is malicious, because 4 different reputable antivirus labs have pointed this out to us.
Even if not all 4, but only 2 reputable antivirus labs indicate that a file is malicious, then this is already a reason not to run this file, or run it in a limited environment (sandbox).
In addition to reputable antivirus programs, there are many other small antivirus companies that often make mistakes and sin with false positives, however, sometimes it is in these small antiviruses that the detection of a new malicious file appears for the first time, which is still unknown even to reputable antiviruses.
Thus, there is an unspoken rule that if a file is identified by 10 (or more) antiviruses as malicious, and at least 3 of these 10 antiviruses are reputable antiviruses (I wrote the four reputable antiviruses above), then it is very likely that the file is really dangerous and it is not recommended to run it on the system. In this case, it will be good if the spyshelter automatically quarantines such a program. If the detection of 3 to 9 antiviruses, among which there is only 2 reputable antivirus, then the user should receive a pop-up message that there is a suspicious program in the system (and information about checking this program with antiviruses), which may pose a danger, and the user himself decides how to be with this program.
If the detection is 1-2, if there is a reputable antivirus among them, then it can be considered false.
If there is not a single reputable antivirus among the detections, and there are 10 or more detections, then the user receives a warning that there is a suspicious program in the system that may pose a danger, and the user decides what to do with it. If there are from 3 to 9 detections and there is not a single reputable antivirus among them, then the user does not receive warnings, since this is a false alarm with a high probability.

This scheme minimizes false positives.

Thanks for taking the time to write that. I have worked with the VirusTotal API before, and last time I checked they didn’t allow API users to take action on any VirusTotal data.

So, for example… let’s say that 10 engines detect a file as malware we could alert the user, but we could not take any action.

One option with SpyShelter could be to let users add their own VirusTotal API key, but still, we are not allowed to block something based on the rule. However, I believe that if you used our Paranoid mode, perhaps this could work out because you could then make a decision on allow/deny in addition to the VirusTotal data.

Also, if you click any icon in SpyShelter and view it in the side drawer, we make the hash there visible and easy to copy so you can paste it into VirusTotal currently or any other hash security search service.

We will consider your feedback and discuss as a team, thank you.