If we could change SpyShelter, or add a new feature, what changes/features would you want to see?
For the right-click tray icon menu, rather than just the enabled/disabled, allow also a selection of times to disable after which enabled resumes. Ten, thirty and sixty minutes and Always with the latter requiring a revisit to uncheck it.
Optionally (in opposition to the KISS principle), a tray notification could open with a "Screen Protection will resume in 30 seconds with OK and Resume Time Out choices. Selecting either closes the notification or it closes in 30 seconds or later re-opens the 30 second alert again.
In Events, separate the Path from App Info and display it separately in the side panel as done for drivers. Having to click > to discover the path is tedious when having to investigate multiple events evoked by a single process. In Activity and Rules, the path is displayed without that extra click.
Cheers.
1 Like
Thank you for taking the time to write these suggestions! Our team will review them.
Suppressing individual events within the events tab
Screenshot protection application whitelist
Options for creating windows firewall entries allowed/blocked per publisher/process
Change the icon back to the legacy one (much better icon)
Options for virus total lookup (with option to use our own api key)
3 Likes
great suggestions 
1 Like
Very helpful, thank you for your posts everyone! Any other feedback is appreciated, please continue to post any ideas/feedback.
I will second the suggestions of cyanide! Great suggestions. I for one would like to see the screenshot app whitelisting. Cheers!
2 Likes
Thank you. We will keep investigating to see if these ideas are possible.
2 Likes
Why not bring back the excellent network monitor from SS Firewall? I always use it to get a quick overview of all apps that are connected to the web. You should also be able to block apps from making outbound connections and bring back the ââblock network trafficââ option in the trayicon! In other words, SS 15 should also be able to act like a firewall.
There should also be a separate tab for file/folder protection, where you can easily add folders that should be protected against reading/writing, and you should be able to make a list of trusted processes that can access protected folders.
And why not add ââout of the boxââ protection against infostealers? Normally speaking, these infostealers will search for files on disk related to certain apps, in order to steal data. What if SS simply blocked untrusted apps from getting access to these folders? And not to forget, some infostealers are a bit more advanced and will also try to read browser memory, so reading of process memory of certain processes should be blocked for untrusted apps/processes.
Thank you for your feedback on network monitoring and firewall features.
For Infostealers, did you know we have a âFile Integrity Controlâ feature? It may be able to do what you want already. Go to our âProtectionâ window, then scroll down and choose âFile Integrity Controlâ. Next click the little icon for settings next to âProtected Filesâ.
Now try stealing info from one of those files with another app that isnât allowed.
For memory though, it may be more difficult to prevent. Iâm not sure. But, if an executable is new and launching that reads the memory to steal info our Paranoid mode should prevent it from ever launching.
Yes, Iâm actually surprised that SS 15 hasnât got any firewall features. Any anti-logger or behavior blocker should have this. And it doesnât have to be all complicated, it could be a simple firewall, similar to TinyWall, but with a network monitor like GlassWire and Portmaster.
To clarify, Iâm still on an old Win 10 version, so I havenât been able to test SS 15 yet. I didnât know you already had a file/folder protection feature. However, you guys could make a list of folders that should be protected against infostealers.
And IMO, SS should be focused on blocking malware that is already running on the machine, that is what a behavior blocker does. So if AVâs misses anything, then SS 15 can still save the day. SS Classic did have an option to block process memory reading, but you couldnât specify which process to protect, so I turned this feature off otherwise it would become too chatty.
1 Like
Thanks for taking the time to provide this info and feedback! Our team will review this and discuss your post.
To give an example of what type of apps are often targeted by infostealers, see links. Especially the second link has a huge list of targeted apps.
So if SS only allows trusted apps access to these app folders, and blocks all other apps, it should in theory block most infostealers from getting access to data. This is even better than to simply block outbound connections, because Iâm sure some infostealers might try to bypass firewall.
https://www.sonicwall.com/blog/unmasking-the-dot-net-infostealer-a-deep-dive-into-its-techniques
Cool idea! Thanks for sharing this info. Infostealers are purely evil.
Yes, it would be a major selling point for SS. This way people donât even have to think about what folders they should protect against infostealers that are trying to steal data from popular apps.
BTW, I have a couple of questions:
1 Is it possible to disable certain features in SS? I have already explained that I donât want SS to act like a whitelisting tool or AV, so is it possible to disable this feature?
2 And is it possible to choose which registry keys should be monitored?
3 About the screenshot protection, is it possible to allow trusted apps from making screenshots?
Yes, you can absolutely disable our features.
Go to our âProtectionâ tab and switch off âThreat Protectionâ.
No, it is not possible to pick specific registry keys. Thanks for your feedback on that.
It is not possible to allow trusted apps to make screenshots at this time. Thanks for your feedback.
1 Like
Any news on this?
Just asking!
About disabling Threat Protection, I assume this will disable the cloud based AV?
And what about disabling Application Security Control? Will this disable the whitelisting feature? But I assume app behavior is still being monitored, except for trusted system processes?
And yes, it would be nice if you could enable/disable or even add registry keys yourself that should be monitored. Think of AutoRuns, which does a pretty good job showing all important registry keys.
And about screenshot monitoring, it would make sense to allow certain apps to make screenshots, otherwise this feature is pretty much useless, because youâre not going to keep enabling/disabling this feature every single time, know what I mean?
https://www.softpedia.com/get/System/System-Info/AutoRuns.shtml
BTW, what about the ability to block malware from terminating certain processes?
And about my LOLBins idea, malware will often launch certain system processes like svchost.exe or explorer.exe to perform process hollowing, with the goal to inject code into trusted system processes. This gives them a chance to bypass the firewall for example.
If you would simply block untrusted apps from launching these system processes (LOLBins), you have in fact already tackled the process hollowing problem, at least with certain type of malware.