Hi jnthn, this is an excellent question SecureAPlus can block any untrusted dll that loaded using LoadLibrary Ex (LOAD_IGNORE_CODE_AUTHZ_LEVEL) based on our testing via C console program. We will do further testing on Microsoft Word and Excel and will keep you posted on the testing outcome Cheers, sinlam
Hello, when will the beta for the next version begin? I want to participate as I will be having a vacation from college (semester break )
Thanks for the quick reply. I'm really liking the concept of SecureAPlus for locking down Windows. XP users would benefit a lot from this program since support is nearing its end and good old Process Guard, eventhough it still works on XP, feels quite antiquated. Looking forward for the next beta.
Here's something about SecureAPlus that confounds me. When I have both SecureAPlus and SRP (I have a rather extensive Designated File Types list) active at the same time and then I try to execute something (like Zemana's AntiloggerFree_Setup_1.6.2.293.exe), SecureAPlus beats SRP to the punch blocking it. Win 8.1 64 bit. Later... Bob
Hi kupo, good to see you again You are most welcome to join our beta program The next beta program is tentatively to be held in about two months' time. I will announce in this forum once the beta program is launched. Hope it will fall within your vacation. Cheers, sinlam
Hi jnthn, thank you so much for your favorable comment about SecureAPlus You are most welcome to join the next beta Cheers, sinlam
Hi jnthn, Good news! We have tested the Excel macro attack and SecureAPlus is able to block an attack that load a library using LoadLibraryEx with LOAD_IGNORE_CODE_AUTHZ_LEVEL. You must first add Excel to the list of Restricted Application. "Restricted Application" means that any file that is created by trusted applications will not be automatically trusted. This is to prevent them from bringing any file that may harm your machine. For more information, you can refer to SecureAPlus faq #14 at https://secureaplus.secureage.com/Main/faq.php or SecureAPlus user guide page 59 at https://secureaplus.secureage.com/Main/resource_center.php under the section "SecureAPlus Collaterals". Please feel free to ask if you need further clarification Cheers, sinlam
SecureAPlus looks very interesting so I tried many time to install it...but always without success. I don't know why is it that I can't install properly whitelisting service...always while installation (XP and Vista both 32-bit) I can see pop-up with such info. And next matter...when i tried go directly from link on main screen to the "Help" file I got the info below Why only Adobe Reader is allowed to service your app?
Hi ichito, glad to see you again since the last SecureAPlus beta program So sorry to know that you are unable to install SecureAPlus despite of your several attempts. To help us diagnose your problem better, can you please zip the entire log folder and email to secureaplus@secureage.com? You can find the log folder in the following locations: For Windows Vista and above: C:\ProgramData\SecureAge Technology\SecureAge\log\ For Windows XP: C:\Documents and Settings\All Users\Application Data\SecureAge Technology\SecureAge\log\ Do you have any antivirus software or other security product installed on your machine? Some security product may block SecureAPlus whitelisting service from running. Thank you for pointing out the pdf file problem We will fix it and will let you know once it is done Cheers, sinlam
Does the Restricted Applications list support wildcard values for paths for adding executables ie, *\notepad.exe? And I think Kees has pointed out in a post to have SecureAPlus check upon install for applications protected by EMET. It would be a good feature to read EMET's registry (if it is installed) and check which executables are injected with EMET dll and add the list to Restricted Applications.
Hi jnthn, SecureAPlus currently only supports file name or file name with full path. The problem for using wildcard is it may potentially slow down the speed of the the system. We need to further investigate its performance implication before deciding whether to support wildcard values. We will also investigate Kees' suggestion on the EMET. I will keep all of you posted once the decision has been made Cheers, sinlam
Hitman pro mark sanotifier.exe as Trojan......but when check on virustotal it is clean....Anyone else with similar alerts.....?
Hi ichito, we have tested opening the pdf help file with other pdf readers and they can be opened without any problem. From the error message as shown in your screen capture, it is most likely due to file association problem. You can associate the file by doing the following: 1. Do a mouse right-click on the .pdf file, and select "Open with…" option from the drop-down menu. 2. Select "Choose default program..." option from the drop-down menu. 3. Select the pdf reader that you want to open the file with. Tick the checkbox of "Always use the selected program to open this kind of file". Then click on the "OK' button. 4. The file is opened by the pdf reader that you have selected. 5. At the Window Explorer, you will see all the pdf file is associated with the selected pdf reader. Thereafter, you can double-click on the .pdf file directly to open it. You can also open the SecureAPlus help file. Hope this helps. Cheers, sinlam
Hi bfriend, thank you for your feedback. We have used Hitman Pro to scan sanotifier.exe several times in Windows 7 32-bit and 64-bit environment but it was not detected as a malware. Below is a screen shot of the scanning result. If it is not much of a hassle to you, is it possible to make a screen shot of the scanning result? This will help us a lot. Thanks Cheers, sinlam
Attached screenshot...I don't know something is wrong....1st scan detected it as a Trojan...2nd scan clean and 3rd scan again detected it as a Trojan.....
Hi bfriend, thank so much for the screen shot. It is indeed strange that the three scanning results vary from one another. May I know which Windows OS you are using? We will investigate further and will keep you posted. It is most likely to be a false positive. Cheers, sinlam
Hi siketa, doesn't seem like it is being fixed since bfriend managed to get the same scanning result It is kind of strange that the scanning results vary... Cheers, sinlam
Hi bfriend, We finally managed to reproduce the scanning result after trying it out on several different scenarios. Phew! We have also scanned sanotifier.exe with VirusTotal and other antivirus software and all detected it to be safe. We have then made a report to HitmanPro that this file is safe, as seen in the screen capture below. Hope this will be fixed soon. Please feel free to ask if you need further clarification Cheers, sinlam
Hmmm... I added xyplorer.exe to restricted apps, and set SAP to lockdown mode. It alerts when checking for executable file properties. But when checking file properties using explorer, no prompts. Is this normal? edit: a few times, just opening xyplorer would make SAP notify about blocking a file in my downloads folder. I currently have two executables in the folder and when opening xyplorer, SAP would prompt about blocking execution from either of the two executables... Weird behaviour lol. By the way, would future versions have context menu integration for 32-bit file managers on 64-bit systems to check Trust Levels for files/folders?
Hi guys, The latest SecureAPlus Version 2.0.20 is now available Feel free to try it out and give any comment. Here are some of the changes: 1. The "Do not ask what to do when dealing with untrusted file" option is removed from the Application Whitelisting Advanced Settings. You can chooose this feature, which is now known as "Lockdown Mode", from the context menu of SecureAPlus tray icon. 2. Trust all mode is added to the context menu of SecureAPlus tray icon. 3. Two speed options, Fast and Slow, are now available for the background initial whitelisting. The current default setting is Slow. 4. You can now import whitelist database in the small setup file, "SecureAPlusSetup.exe" too. The steps to do it is the same as the big setup file. Please refer to SecureAPlus Installation Guide for more information. 5. If the installer detects a whitelist database file, it will prompt the user whether to import whitelist database. You can visit https://secureaplus.secureage.com/Main/release.php to view the latest changelog. If you have any feedback or comment, please feel free to post it in this forum or email us at secureaplus@secureage.com. Cheers, sinlam
Hi Kelvin, glad that you like the enhancements We must thank you for some of the good suggestions you have given, especially the Lockdown Mode and the Trust All Mode If you have any suggestion or feedback, feel free to shoot Cheers, sinlam
Hi jnthn, No worries, it is perfectly normal to receive no prompting from SecureAPlus when using Windows Explorer Since majority of our users are using Windows Explorer, we have done some customization for Windows Explorer to reduce SecureAPlus' prompting so as to improve the user's experience. But this customization is only based on Windows Explorer's behavior and may not be applicable to other third-party explorer like xyplorer. This could also explain the weird behavior you are experiencing on xyplorer As far as I understand, the 64-bit file manager has almost all the same features as the 32-bit file manager. Perhaps you can share with me why do you need to run 32-bit file managers on 64-bit systems? Hope to hear more feedback coming... Cheers, sinlam
