Interesting hendy advised that SAP runs through SBox'd browser alerting for malware landing from my browser... the review I've read states <<offers virtually no protection from phishing or many of the Web-based malware threats >>
SAP currently does not protect against phishing website, but it can protect you if the the phishing website secretly install malware to your machine, and trying to execute this malware from your machine.
hard to know what was in the mind of the reviewer writing < no protection ...many of the Web-based malware threats >
How does SAP run through Sandboxie considering that Sandboxie does not have a template for SAP.... Can anyone confirm SAP communicates through SBoxie...
Sandboxie's 'FAQ Virus' page says this about it: Q. Can the anti-virus detect a virus in the sandbox? A. Yes. Files contained in the sandbox are stored in the hard disk, typically in the folder SANDBOX in drive C. Programs under the supervision of Sandboxie can only operate within this folder, but there is nothing special about the folder itself. The anti-virus software may detect viruses as they arrive into this folder, or at any later time. http://www.sandboxie.com/index.php?FAQ_Virus
Do you run SAP and or SBoxie. I run Norton + SBoxie. Norton Toolbar is degraded running browser Sandbox'd. SBoxie has a Template for Norton and yet features of Norton are degraded w browser SBox'd. AppGuard makes an Exception for SBoxie. EXE Radar Pro and HitmanProAlert add a line to SBoxie config Full File Access. SBoxie Templates and or SBoxie config are for apps to be able to communicate without affects of SBoxing. Does SBoxie have a SAP Template ? Does SAP code for SBoxie ? SAP UAV is not SAP's only module. What about SAP whitelisting engine. Since, UAV is cloud scan. Detection is cloud based...but, at some point SAP has to communicate back to my machine. If I'm SBox'd 99% of the time. How does SAP run through SBoxie ? Does SBoxie anti-virus FAQ refer to resident based anti-virus defs or cloud based anti-virus defs ? I also run Shadow Defender...what happens to SAP actions once I come out of Shadow Mode. How do I make Folder\File Exceptions within Shadow Defender ? and SBoxie ?
I am running SAP and Sandboxie with browsers set as forced programs. Sorry bjm_ but can't answer other questions. However, it seems to me that the sandbox is providing protection for browsing and that if malware happens to bypass the sandbox, SAP is in place to hopefully act on it. Also, as the FAQ says, an AV program may well know about suspicious files entering the sandbox since it can be monitored by it, or it might find it on a system scan if the sandbox hasn't been emptied. That might be a bit of a simplistic view of the protection compared to the details you need but I think the protection covers the bases as far as I can see.
Thanks...appreciate your interest and info. The developer posted that SAP works through my SBox'd browser preventing malware from landing. Since, SBoxie will isolate my browser thereby preventing nasty from landing. What does SAP do ? The concept is for SAP to protect me from the nasty in my browser / program SBox. hendy suggested... that was possible. Just asking for clarification. SBoxie does not have a Template for SAP nor does SAP (afaik) code for SBoxie.
geez - SAP in a box for active purpose - omg. thats like closing the door but leave the window open for guest. any antimalware in a box is worth nuts for the system. concerning your questions - get some basics, investigate yourself to clarify. and dont put words on me i never wrote dude. btw full quotes are not nice, only cite what you rely on.
SAP basically works like other AntiVirus. It may prompt you when it detects something suspicious, even if you are using SandBox. I understand where you are coming from. Although sandboxie did not prompt you for suspicious malware, it actually protecting you by putting the malware into the sandbox. If you install SAP, you can think like as if you have double protection. SAP helps to notify you when there is something suspicious, and Sandboxie is helping your to contain the malware in the sandbox.
So, perhaps I misunderstood your earlier comment regarding that SAP will act on nasty in my browser sandbox. So, for clarity SAP UAV will act as Norton acts....but, if a drive lands in my sandbox ...will SAP whitelist engine respond / act on the nasty content in my sandbox. And when I dump sand. Will changes to whitelist remain. Basically, will SAP communicate through SBoxie. btw ~ In order for Norton to act on downloads for example in my sandbox. SBoxie makes a consideration for Norton via Norton Template. Sandboxie does not have an SAP Template ? Remain confused as to how SAP UAV is able to run through my browsers (or application) sandbox. Remain confused as to whether SAP anti-executable runs through my sandbox'd processes.
Yes, you are right, SAP will act as Norton acts. If there is a homepage that secretly install and execute a payload on your browser, regardless whether it is sandboxed, SAP will prompt you. May be the question is what about if you really want to download and install a new software? When you try to execute a newly downloded file, SAP will prompt you (if it is sandboxed, you will see the file path is in the sandbox path). When you trust it, it will remain trusted, even after you dump the sandbox. The same thing happen you you don't trust it, it will remain untrusted after you dump the sandbox. The reason is that because SAP marks the file based on the file properties (such as its fingerprint, file size), not the path where the file is stored. Since SAP does not depends on file location, so it will work seamlessly on the sandbox (as you know, sandbox usually redirects the files to another location).
Much appreciation for your time and interest. Trying to get my toys to play with SBoxie is a challenge sometimes. Still a head scratcher that SAP acts like Norton without a Template. The whitelist app I'm running now does not run through SBoxie. It'll act on processes outside the sandbox. Thanks again for holding my hand regarding SBoxie. I'll have to ponder "redirects the files to another location". What ever I recover from the sandbox goes to the intended destination. Granted, the sandbox resides at C:\Sandbox\user\DefaultBox So, SAP trust / un-trust will remain after I dump sand. Even if I do not recover from sandbox. There would be no download (for example) to marry with SAP trust tag....after I dump sandbox. SAP sees the download and acts like Norton and acts as if there's no sandbox. But, when I dump the sand. There's no download sans recovery. How can "it" remain trusted or untrusted when there is no "it" ?
SAP assumes that all files on the system are clean when installing it for the first time ? Reason I ask is because I have a situation where I was able to run several files without any prompts or warnings, those files are detected by SAP scanner btw when I scan those files manually (multiple AV's find them as threat), so I guess the files were whitelisted after first initial full system scan. When I run new files everything works as it should. Using v.3.3.3 with no offline AV. Also what does this Universal Status mean ? It's been like that for hours. When I click on "Complete Scan" nothing happens, same with "Retrieve Last Scan" tho with that one it displays "Refreshing.." for a second and goes back to "Wait for the server to process the information..." http://i.imgur.com/3BBJfEd.png
The trust will remain because SAP only remember the properties of the file (such as the file size and fingerprint), not the entire physical file.
You are right, initially SAP assumes that all files on the system are clean. After the initial full system scan completed (the initial whitelist happened at the same time as the initial full system scan), it will submit the hashes to the Universal AV server. If Universal AV detected there are some malwares, it will notify the user. Recently our server encounters a very heavy workload due to the high number of new people signing up. Your hashes may be still in queue for scanning. If you want us to help you to check, you can send us your SecureAPlus Id to secureaplus@secureage.com.
When it prompt you whether to trust the file or not, you can review the path. This is for display purpose, so that the user can review and decide whether to trust the file or not. Subsequently, you can edit the trust level by right clicking on the file name in Windows Explorer (you will see a context menu, and you can select the trust level).
Thanks for the info and few hours ago that status changed to "Your computer is free from malware!" , that said I just pressed "Retrieve last scan" and again it goes to "Wait..." Never mind, I get it, hope you guys upgrade/move your servers soon because I like what I'm seeing , keep it up !
epic fail - error by design if malware is already present and recognizes SAP it will block its access - or such antivirus-sites were blocked in general - normal practice.
