Anti Keylogger

Alerts and Rules

Alerts and Rules are two of the main features in SpyShelter. After you install SpyShelter for the first time you will notice a lot of alerts appearing on screen.

SpyShelter allows you to create rules for every application on your PC. After detecting any suspicious activity, SpyShelter immediately stops it and displays an Alert Window similiar to the one below. The alert window contains detailed information about the suspicious action, and gives you the possibility to allow or deny the action. Alternatively, you can also terminate the process that initiated the action.

alert-iexploreExample of a SpyShelter Alert window

The component section gives detailed information about the application that is taking the potentially dangerous action. You can see its name, parent processes (processes which launched the component that is trying to take an action), and details (after pressing View Details in the alert window) such as signer or file hash. The alert window also contains a full path to the component that is attempting to carry out the action.

The Action Section shows details of the action the component is trying to take and gives you the option to allow/deny or terminate it.
Allow – Pressing this button will allow the application to take the action.
Deny – This option will not allow the application to take the action.
Terminate – This button will terminate the process which initiated the alert, and create a rule that will make it impossible to execute this particular action in the future. If there were any parent processes, SpyShelter will ask if you want to terminate them as well.

The Additional Options section is there to help you with managing the alerts. The “Remember my choice” option will save your choice in the Rules list. Enabling installer mode will help you install the software with significantly less alerts. You can also disable the monitoring of this particular action.

Please keep in mind that SpyShelter will sometimes alert you while using traditionally “safe” programs – this is because some of those applications require setting special hooks, and this might trigger SpyShelter. It is therefore recommended that you read all the information about the signer’s identity and the path to where the application is supposed to be installed.

As a rule of thumb, signed programs are safe although there may be some exceptions. If you are unsure about the action, you can check the application’s digital signature details. Usually applications with digital signature are safe. If you are not sure what action to take, it is generally recommended that you block the program. Many legitimate applications can work without some hooks. If you encounter any crashes or other issues with freshly blocked application, you can easily fix it by changing the saved rule from “denied” to “allowed” in the rules list – it is important to restart your system after modifying the rule.

The Rules tab shows a list of entries with detailed information about the actions taken. Every action taken in the Alert window, eventually ends up on the Rules list.

sps-rulesSpyShelter Rules tab

In the Rules tab, you can browse and manage the entries. You have the option to change a rule (from “denied” to “allowed” and vice-versa), remove it or check the file’s details.

You can adjust the column width, move them, arrange the entries alphabetically or use the search function at the bottom of the window to quickly find what you are looking for.
On top of that, you can manually create new rules, edit them, and even exclude folders and files – SpyShelter will ignore all the actions taken by excluded applications.

For maximum security, you should open up SpyShelter, go to Settings –> Security and change the option Certified Applications to Ask user mode. This will greatly increase the detection rate of dangerous actions, as well as false positives.