Skip to main content
Hi Guys

 

I find a on polish website SpyShelter simulation for testing for example keyloggers:

link for this testing software - http://www.spyshelter.com/download/AntiTest.zip

 

It's rather strange that WR automatically add this app to "allow processes" under "system control"

and let this software to capture all traffic on the my keyboard.

 

Please let me know what you think about this guys and why this is trust app?
Hi Sebastian_ITPS



Sebastian_ITPS wrote:



"Please let me know what you think about this guys and why this is trust app?"

 

 


And why this file is a good one?

 

I know that this so called test didn't create any additional file and didn't try send this logs outside but still.
"And why this file is a good one?"

This file is not a threat.

In any case, you can set the option "monitor" or "block" via WSA

 

The testing tools are not simulating malware accurately.

 

JoeJ VP Endpoint Solutions Engineering :

"In any event, screen grabbers and keyloggers are almost irrelevant these days when it comes to real malware. Threats are using much more advanced techniques which is what WSA focuses on protecting: man in the browser attacks, memory injection, system call hooking, and a myriad of other approaches. They tend to not use the obvious ones like screen capture/keylogging because they generate too much data and are too easy to detect as malicious behaviors. WSA excels at blocking the most advanced techniques and has been doing so for years without any threats bypassing it."
Thank you for the answer.
Thank Sebastian

 

Happy to help

 

Best regard, Petr.
I hope for sanity sake this program works.  Since I went wi-fi I have keylogger issues I fight every keystroke I type.  Techs think there is nothing wrong. Let them remote service and they tell me it is fixed.  I go to login to an account and away we go - characters flying into wrong places, having to reset passwords due to lock out security.  Even typing this message I have had to deal with my keystrokes flipping around.  So, I downloaded SpyShelter. Do you recommend WSA as well?  They, Webroot, installed touchfreeze.  I use laptop, Toshiba, and they insult my intelligence telling me I have caps lock on or that my hand is htting my mouse.  Not the case.  HELP!!!  Many thanks to any advice/guidance the community can provide.  
Given the recent bank hacking with loss estimates of hundreds of million dollars up to 2 billion, I think the statement  "In any event, screen grabbers and keyloggers are almost irrelevant these days when it comes to real malware. Threats are using much more advanced techniques which is what WSA focuses on protecting: man in the browser attacks, memory injection, system call hooking, and a myriad of other approaches. [...........] needs reconsiddring.

What I read about that hack is that they used a vulnerability of unpatched version of MS Word, but also inserted key loggers and transmitted screen grabs about every 2 seconds.

 

B.t.w. I get no warning from WR when running key_sim from Zamana, that test just collects all keys I type and even macro generated inputs. The test does not collect Password inputs generated by LastPass.



What does happen though, is that after a boot I cannot run that test again. I wonder whether that somewhat late blocking is done by WR. The message I get is something like  windows cannot find the path or you may not have access. Renaming the directory containg that test exe, enables running it again.

Reply