Knowledgebase (FAQ) Index


About SpyShelter
Basic information about SpyShelter
SpyShelter is a real time protection application, which monitors vulnerable and weak spots in your system. Once a dangerous action is detected, SpyShelter will immediately stop it, before the execution of malicious code takes place. SpyShelter relies on detecting suspicious actions rather than using malware-database, therefore it can detect malware before anti-virus labs even discover the threat. SpyShelter protects against keyloggers, webcam loggers, trojans, RATs and other malicious applications which aim to steal your data. SpyShelter ensures that the sensitive data you enter and store on your computer will not get stolen by criminals for their own use.

Difference between SpyShelter Free Anti-Keylogger and paid versions
– Keystroke Encryption in SpyShelter Free Anti-Keylogger works only with popular browsers and it’s configuration options are limited.
Keystroke Encryption in SpyShelter Premium and SpyShelter Firewall (discontinued) supports all applications and is fully configurable.
– System Protection module is monitoring less actions than in SpyShelter Premium and SpyShelter Firewall (discontinued).
– Anti Kernel Mode Keylogger module disabled.
– Screen Protection module disabled
– Anti Sound Logger module disabled
– Anti WebCam Logger module disabled
– Internet Security module disabled
– User Defined Protected Files list is unavailable
– User Defined Trusted Signers list is unavailable
– Terminate option in alert window is unavailable
– Sandbox Mode is unavailable for SpyShelter Free Anti-Keylogger users.
– We do not guarantee Technical Support for Free version.
– In Free version it is impossible to turn off monitoring of individual actions.

Hardware and software requirements
Requirements are the same for SpyShelter Free Anti-Keylogger, SpyShelter Premium and SpyShelter Firewall (discontinued).
– Operating system: Windows XP/Vista/7/8/8.1/10 (32&64bit supported)
– Intel Pentium 300 MHz or higher (or equivalent)
– 256 MB available RAM
– 50 MB free space on the hard drive
– CD-ROM (if installed from the CD)
– Internet connection

How does the Keystroke Encryption work?
The SpyShelter Keystroke Encryption Driver encrypts all keystrokes in real time and sends them via safe tunnel directly to application on which your keyboard is focused, preventing dangerous applications from capturing them. Keystrokes are automatically decrypted once they reach the active window. We do not share detailed technical information about used encryption technique.
Click here to read more about Keystroke Encryption

Is it possible to remove keyloggers using SpyShelter?
SpyShelter is not an antivirus software so its goal is not to remove malware, but to stop it from executing malicious actions. SpyShelter does not scan your files – SpyShelter monitors actions that happen in your computer and allows to completely stop the suspicious ones before they are executed.

This approach allows to detect much more sophisticated threats than traditional anti-virus software, because SpyShelter does not rely on malware-signature database. Even if you had a keylogger in your system before installing SpyShelter, there is still a chance that SpyShelter will detects it action but we do not guarantee it. SpyShelter is meant to prevent infections rather than fight existing ones. There’s also keystroke encryption driver which will encrypt your keystrokes even if there were keyloggers installed before SpyShelter.

Is it safe to use SpyShelter with Anti-Virus software?
SpyShelter finds sophisticated threats against one’s personal data, which cannot be stopped by anti-virus and anti-spyware software. Anti-virus software relies on scanning files for malicious code, while SpyShelter focuses on detecting malicious actions. For full protection, install SpyShelter Premium or Firewall (discontinued) together with your anti-virus software. SpyShelter is very light, therefore you will not notice any increase of system resources.

Is SpyShelter compatible with my anti-virus?
We do our best to keep SpyShelter compatible with as many security applications as possible. Best way to find out if SpyShelter is compatible with 3rd party security software is to simply install it and SpyShelter together. You can evaluate SpyShelter Premium and SpyShelter Firewall (discontinued) for 14 days completely for free. We cannot guarantee compatibility since each system configuration is different. Also please note that if your anti-virus contain Real Time Protection/HIPS modules, you should turn them off if you plan to use SpyShelter because it might result in conflicts in your system!
In case you run into compatibility issues with your anti-virus software, please visit the Troubleshooting section of this page before reaching out to our Helpdesk.

What is a keylogger?
Click here to read more about keyloggers

Will my private data be safe thanks to SpyShelter?
During our tests and the ones conducted by many reviewers across the web, no commercial or custom made keylogger managed to bypass SpyShelter’s protection. It is our goal to provide the most powerful anti-keylogging software, which blocks both known and unknown malware.
Thanks to many extra features available in SpyShelter Premium and SpyShelter Firewall (discontinued), your personal data will be safe.

Will SpyShelter slow down my computer?
SpyShelter is one of the lightest applications you will ever use.
The truth is that every application working in the background slows downs PC a little bit, however SpyShelter is designed to work seamlessly – it uses only up to 50MB of system memory and up to 30MB of drive space.

Where can I find more information about SpyShelter features?
You can learn more about each module on Features Page and in SpyShelter Help File, which is available in “About” tab of the program.

Using SpyShelter
Alert Window
Click here to visit Alerts and Rules Page (It will open in a new tab).

Can I completely trust system processes like explorer.exe?
Basically, alerts initiated by system processes are safe, unless they are of unknown origin. Sophisticated malware can use injection techniques, which allow to inject malicious code into system processes and attempt to execute dangerous actions – malicious file can cover itself by using a system process name. SpyShelter protects your files from injections. Keep in mind that SpyShelter cannot undo injection once it happens.

Do you gather any data usage information?
We value privacy, therefore we do not gather any usage data nor collect any debugging information. SpyShelter may perform a license check to verify that the license is legally used.

How can I tell if action is dangerous?
Read the alert window carefully and check if the file is digitally signed. Signed files are usually legitimate however this is not always accurate. Also some less popular but safe applications can be safe. Every action out of the ordinary is potentially dangerous. Two examples:
– It is natural for Skype to request access to webcam – it would be impossible to make a video call without it.
– Downloaded document from the e-mail attachment should not want to intercept the sound from your microphone. Why would it want to capture your sound?
It is always safer to block the action if you do not trust it. If the block results in application instability(i.e. you have blocked legitimate action), you can simply go back to Rules tab, locate the Rule you have just created, click on it with your Right Mouse Button and allow the action. You can read more about managing alerts on Alerts & Rules page.

How to add a custom file scanning service?
In order to use other scanning service than Jotti, you must either install the application provided by file scanning service or know the syntax of the URL used to look up the results of scan.

Open up SpyShelter, go to Settings > Security > Configure external file analyzers , click on New button in top left corner and fill out the form. In the Name field, enter the name of your file analyzer – it can be any random name which will be displayed in SpyShelter.
In command line field, you need to point to the executable file of your scanner and include {FILEPATH} at the end of the command. Example:
C:\Program Files\JottiQ\JottiQ.exe {FILEPATH} – This will launch the JottiQ scanner and upload the suspicious file.

It is also possible to calculate the hash of the scanned file and check the results online, without scanning the file. To use this method, you need to enter the path of your target browser and input the URL of the website followed by either {MD5}, {SHA1} or {SHA256} macro’s. Example:
C:\Program Files (x86)\Mozilla Firefox\firefox.exe https://SomeFileScanningService.com/get_hash?sha256={SHA256} – This command will calculate the SHA256 of the suspicious file, launch Mozilla Firefox and open the website of the file scanning service, displaying the results for given SHA256.

Windows 10 users who wish to use Microsoft Edge to display results must use a different, specific syntax:
cmd.exe /c “start microsoft-edge:https://SomeFileScanningService.com/get_hash?sha256={SHA256}”.

How to create rules for files in \system32 folder under 64 bit system?
Open up SpyShelter, go to Rules tab, press the ‘Create rules for a component’ button and then hit the ‘…’ button to open file selection window. Sysnative folder will be available just like below:
sysnative

How to verify if SpyShelter is working correctly?
-All modules should be turned on in the Protection tab. Keep in mind that your computer must be restarted after you install SpyShelter.
-While using your computer, you should see some Alert windows related to legitimate actions, which allow to define initial rules.
-You can download our Security Test Tool and test if modules are working correctly.

I have allowed an action that I shouldn’t allow. How can I block it?
Open up SpyShelter and go to Rules tab. Use the component name filter in the bottom-left of the screen to find the application quickly. Right click on the record and choose Make it denied option.

I have blocked an action that I shouldn’t block. How can I undo it?
Open up SpyShelter and go to Rules tab. Use component name filter in the bottom-left of the screen to find the application quickly. Right click on the record and choose the Make it allowed option.

Is there any way to reduce the number of alerts?
You can lower the security level in Settings, but we do not recommend it. Alerts number will decrease as the Rules list is being filled with more entries. It is wiser to spend 5 extra seconds on allowing/blocking actions in order to create a good rules list than compromising your security.
However if you are sure that you want to lower your security settings, open up SpyShelter, go to Settings > Security and Select Medium Security Mode in the Certified Applications dropdown menu.

Manually Created Rules (Custom Rules)
It is possible to manually define rules for applications before they are executed. Open up SpyShelter, go to Rules tab and press “Create rules for component” button createcustomrule.

This button will open up a Window which allows to specify path to the file (component) and define which actions should be allowed and denied. Leaving the action in ‘Default’ state will raise an Alert if this action occurs.

custom-rules

Updating SpyShelter
There are currently two ways of delivering updates:

1) Automatic Updates – It is possible to turn on Automatic Updates in SpyShelter. Open SpyShelter, go to Settings > General tab and Enable Automatic Update option. When your Operating System starts, SpyShelter will check if there is an update available. If there is, update will be performed automatically in background. Once it completes itself, you will be asked to restart your computer.

2) Manual Updates – By default, SpyShelter will notify you about new version of SpyShelter once it is released. The update prompt window leads to our website where you can download a full installer of SpyShelter (setup file). Launching an installer while SpyShelter is installed will result in updating current installation.

Which security mode is the safest?
Auto allow – Medium security level
Medium security level is a very convenient option for beginner users. SpyShelter is going to automatically allow potentially safe actions (based on internal rules) and alert about potentially dangerous ones. This mode might allow sophisticated malware to infect your system and therefore is not recommended.

Allow Microsoft
This security level will allow all the processes, which are digitally signed by Microsoft. All actions taken by non-signed applications will raise an alert window. Harmful applications like commercial keyloggers can obtain digital signatures from Microsoft, therefore this mode is not recommended for casual PC users.

Auto allow – High security level
This is the most balanced choice. It provides much higher detection rate than Medium security level. In this mode you are going to see a lot more alerts than in Medium security mode. We recommend this option for all users. Remember, once a rule is created, you will no longer be disturbed with alerts concerning the same action.


Ask user
This is the highest protection mode. SpyShelter will alert about every action monitored. This mode significantly increases the amount of alerts.

What is the difference between TDI and WFP firewall (discontinued) drivers?
Windows XP users should use TDI driver, while Windows Vista/7/8/10 should use WFP driver. SpyShelter detects your system version and uses recommended driver automatically. You can read more about them on the internet. While it is possible to change the currently selected Firewall driver, we strongly advise to not do it.

Licensing
Basic licensing information
SpyShelter Firewall (discontinued) and SpyShelter Premium are distributed as trial versions. Trial versions of SpyShelter have all features unlocked for 14 days from the moment of installation. To legally use SpyShelter beyond trial period, a valid license key must be used to activate the software.

SpyShelter Licenses can be obtained on our Purchase Page. Although the price is listed in Euro (€), once you click on Buy Now button, you will be able to display the price in your preferred currency and pay using it.
SpyShelter License can also be obtained through one of our Partnered Resellers.

One license can be activated on one PC, specifically one per operating system. Your license will still be valid if you, for example, change operating system. However, if you are using dual-boot on your PC (using 2 or more systems at the same time on the same computer), you will need 2 separate licenses to use SpyShelter on both operating systems. The same goes for virtual machines.

Second-hand licenses bought from other users are not considered to be legitimate licenses.

After you complete placing your order for SpyShelter license, your license information will be delivered to the specified e-mail address together with an invoice. License key is located in key.txt attached file.

If you are unable to activate your license, please check the Troubleshooting section – My license key does not work, what should I do?

Can I use SpyShelter Free Anti-Keylogger in my company?
Yes, you can. SpyShelter Free Anti-Keylogger is completely free to use for both normal and commercial users. Keep in mind that we do not provide technical support for SpyShelter Free Anti-Keylogger users.

Can SpyShelter Firewall (discontinued) license be used to activate SpyShelter Premium?
No. SpyShelter Firewall (discontinued) and SpyShelter Premium are different products and they require separate licenses.

How to extend current one year license?
One year licenses cannot be extended. One year license key is valid for one year from the moment it was generated. Once your License expires, you should purchase a new one.

I bought the SpyShelter license key. How to activate it?
1. Install SpyShelter Premium or SpyShelter Firewall (discontinued) (SpyShelter Firewall license key is not compatible with SpyShelter Premium!) and restart your PC.

2. Open up SpyShelter, go to About tab and hit the “Activate” button.

3. If you bought your license after July 14 2016, enter your license key in Key field and leave the “Name” field blank , just like on the screenshot below.
newkey

If you have purchased license key before July 14 2016, you have to enter your full name in the Name field and license key in the Key field. Both the Licensee’s full name and license key can be found in the order confirmation e-mail message. License key can be found in key.txt attachement.

Note: Your full name must be exactly the same as the one you submitted while purchasing SpyShelter. Changing single character will stop the activation from happening.

Example:

spyshelter-license-name

license-key
I have lost my license key, what should I do?
Check your E-mail inbox to see if you still have the order confirmation e-mail from us. Both the Licensee’s full name and License Key can be found in the order confirmation e-mail message. License key is inside key.txt file attached to the e-mail message.

If you do not have this e-mail message, please contact our Helpdesk, with your full name, e-mail address used while placing the order and approximate date of purchase.

If I increase the quantity of licenses on the checkout page, will I receive more license keys or just one?
If you increaste the quantity in a single order, you will receive a single license key valid for the specified amount of Computers.

For example, placing an order like the one below will result in generating a single license key, valid for 3 Computers.

3-1-year-licenses
If I buy a second-hand license key, will you generate a new license key bound to my name?
SpyShelter license key is sold to a Person/Company and reselling SpyShelter license key to another person/company violates our terms, therefore such keys will not be reissued under new name. Moreover, using second hand key may lead to blocking the license.

Is it possible to upgrade SpyShelter Premium to SpyShelter Firewall (discontinued)?
It is possible, however due to various factors, the price of such upgrade is calculated in each case individually. If you want to upgrade to SpyShelter Firewall (discontinued), contact our Helpdesk and provide information about:
1. Current type of license you use
2. Type of license you wish to upgrade to
3. Quantity of licenses

Refund Policy
Every person who bought SpyShelter may ask for a refund within 14 day period from the date of initial order, without providing any reason at all.
You may ask us for a refund using our Helpdesk

Transferring license key to another device
It is possible to transfer the license to a different device, by simply uninstalling SpyShelter from the computer on which the license is currently active.

What happens after one year license expires?
You will be informed about upcoming expiration date of your license. After your current license expires, protection will be automatically disabled until you activate new License Key.

Troubleshooting
Windows says that SpyShelter is unsigned and the program does not work.
This issue concerns versions of SpyShelter older than 10.8.5. Windows 10 1607 (Anniversary Update) users who made a clean windows installation must have Secure Boot disabled in order to use SpyShelter. Users who updated their previous installation to 1607 do not need to disable Secure Boot. This is a temporary solution for SpyShelter version 10.8.4.

Some programs have stopped working after I installed SpyShelter.
– Make sure that you have not blocked those applications. Open SpyShelter, go to Rules tab and find entries associated with those applications. If you blocked them, remove those rules or Allow those actions by pressing Right Mouse Button on a rule and selecting ‘Make it allowed’ option.
– Go to Keystroke Encryption > Advanced > Switch to Better compatibility mode and restart your PC. This setting applies to Keystroke Encryption feature only and it will not have any effect on other modules.
– If methods above did not help you, contact us using our Helpdesk

Web browsers have stopped working.
– Go to Keystroke Encryption > Advanced > Switch to Better compatibility mode and restart your PC. This setting applies to Keystroke Encryption feature only and it will not have any effect on other modules.
– Some security applications are offering browser extensions which are supposed to improve their security. Go to SpyShelter Rules tab, hit the ‘Exclude folder’ button, navigate to your browser installation folder and choose ‘exclude existing files and any future files in this folder’ option.
– If methods above did not help you, contact us using our Helpdesk

Anti-KernelModeLogger module is grayed out in Protection tab and cannot be enabled.
Anti-KernelModeLogger module requires Keystroke Encryption driver to be installed. Simply run a SpyShelter installer (if you have SpyShelter Premium – then download SpyShelter Premium installer from our website, if SpyShelter Firewall (Discontinued) – then download SpyShelter Firewall), and install keystroke encryption driver.

Anti-virus software detects SpyShelter as potentially malicious.
If you downloaded SpyShelter directly from our website, then this is a false positive detection. Installers downloaded from our website are always safe. Please report false positive to your anti-virus publisher and remove the SpyShelter from your anti-virus quarantine.
Sometimes, anti-virus applications are automatically marking SpyShelter as malware right after we release an update. It may take few days for anti-virus publishers to take the false positive flag off. The more reports the publisher of given anti-virus receives, the faster this false detection will be dealt with.

“Failed to connect to driver” error after installing SpyShelter.
This error message shows up in few cases:
1. You try to run SpyShelter right after installation. You need to restart your system in order to be able to use SpyShelter.
2. You are using unsupported Windows 10 Insider Preview build.
3. 3rd party security software has corrupted SpyShelter’s installation. If this happens, uninstall SpyShelter, restart your PC, disable 3rd party security software, and install SpyShelter again.
If you are unable to resolve your issue, please contact us for further assistance at our Helpdesk

.

FireFox browser extensions not working correctly.
SpyShelter’s Action Code 58 blocks browser extensions from capturing keystrokes. If you are sure that nobody will try to manually install any keylogging software in Firefox and you do not download suspicious plugins, you might just turn it off.
Open up SpyShelter and go to Settings > List of Monitored Actions and tick off action code 58

How can I contact SpyShelter support?
Visit our Helpdesk at https://www.spyshelter.com/helpdesk/ and create a New Ticket.

How long do I have to wait for reply from SpyShelter Support?
We usually reply in a few hours. We do our best to not cross the 24-hour deadline (during business days). However, it might take longer if question concerns SpyShelter Free, since we do not guarantee support for this product. If you think you waited too long for a reply, please check status of your ticket manually. It is possible that the e-mail notification about staff reply went to the SPAM folder of your inbox.
We prioritize tickets of SpyShelter Users who bought their licenses. Please note that if you own a free license from a giveaway or any other contest, the response time may take more time if our Helpdesk is busy.

Keystroke Encryption settings are not displayed anywhere in the program.
This is because you have chosen not to install Keystroke Encryption In order to add Keystroke Encryption driver to your existing installation, simply download and run SpyShelter installer (setup.exe for SpyShelter Premium or fwsetup.exe for SpyShelter Firewall). This will allow you to update your installation with Keystroke Encryption.

updatedriver
This operation does not reinstall your SpyShelter – it will only add Keystroke Encryption driver, so all settings and rules are safe.

Keystrokes are encrypted in every application.
– Check Process Filter tab of Keystroke Encryption. The default and recommended setting is Do not encrypt keystrokes of processes specified below:. Make sure that you use this option.
– Go to Keystroke Encryption > Advanced tab and Check the Better compatibility mode and restart your PC.
– If methods above did not help you, contact us using our Helpdesk

Microsoft Office does not start
– Make sure that you have not blocked those applications. Open SpyShelter, go to Rules tab and find entries associated with those applications. If you blocked them, remove those rules or Allow those actions by pressing Right Mouse Button on a rule and selecting ‘Make it allowed’ option.
– Go to Keystroke Encryption > Advanced tab and Check the Better compatibility mode and restart your PC.
– If methods above did not help you, contact us using our Helpdesk

My license key does not work, what should I do?
If you are unable to activate your license, please follow these instructions:
-In the Name field, use your full name to register the license. Your full name must be exactly the same as the one you submitted while purchasing SpyShelter. In the order confirmation e-mail message you can find the name associated to your license key.

spyshelter-license-name

license-key

– Make sure you are trying to activate the correct product. SpyShelter Premium license will not work with SpyShelter Firewall. If you bought a SpyShelter Premium license then you must use it on SpyShelter Premium. The same rule applies to SpyShelter Firewall license.

– Make sure your SpyShelter version is up to date.

If problems still persists, please click here to contact us

Operating system does not start after installing SpyShelter.
It is one-in-a-million situation. It happens when a special set of circumstances occur in your system and there is a serious conflict between security applications. The best thing you can do is to boot into safe mode, and turn off SpyShelter protection (SpyShelter does not work in safe mode, however you can still run it and change the settings). Once you do this, restart your PC and your Windows should start normally. Then, go to our website and contact us immediately, so we can analyze the issue and look for possible fixes.

SpyShelter does not add *RESTRICTED* tag to applications running in restricted mode
This is the window title issue only. Adding *RESTRICTED* tag into window title sometimes may not be possible. One of the reasons why it sometimes is impossible is the protection against memory modification integrated into the application.

If you run a restricted application and it is listed inside the SpyShelter’s “Executed as restricted” tab, then everything is fine.

SpyShelter is not recognized by Windows Action Center.
Windows Action Center currently does not recognize SpyShelter products. If SpyShelter protection is enabled, then you are protected.

Steam Overlay does not show up while using SpyShelter.
– Go to Keystroke Encryption > Advanced tab and Check the Better compatibility mode and restart your PC.
– If methods above did not help you, contact us using our Helpdesk

TeamViewer issues with SpyShelter.
By default, SpyShelter self-defense module makes it impossible to operate SpyShelter remotely. However, you can make it work – go to Settings>Security and enable Decrease self-defense to improve compatibility with third party software option and restart your PC.

VMPLAYER.exe VMWARE.exe QQ.exe entries listed in Keystroke Encryption Process Filter.
Those processes are known to cause issues with SpyShelter’s keystroke encryption driver therefore they are added to the exception list by default, even if you do not have those applications installed.

“You have exceeded the maximum number of activations allowed for the entered code.”
This message is displayed when you attempt to activate your SpyShelter license on more devices than your license is allowed to. You have to uninstall SpyShelter from one of your machines to activate it on another, or buy a new license key.
If you are unable to uninstall SpyShelter from your computer due to hardware failure, contact us at our Helpdesk and provide order number.

What does “rule was not created, because file does not exist” notification mean?
“Rule was not created, because file does not exist” notification shows up when SpyShelter is unable to calculate SHA-1 hash of the file. It occurs when the driver registering function was called but driver was not present at registered path, and because of that SpyShelter is not able to create rule. It happens occasionally but it is not a bug.