Primary Response SafeConnect Beta

Sana Security Primary Response SafeConnect Beta

http://www.sanasecurity.com/

http://www.pcmag.com/article2/0,1895,1911010,00.asp

http://www.sanasecurity.com/products/sc/features.php

http://www.sanasecurity.com/reg/beta/registration.php?source=web-betacard-amdtv2-reg
...

 

Sounds really interesting. One detail however, look at the picture ...

The links show "XP", about Primary Response SafeConnect Minimum System Requirements, but that's only after beta-registration, on the download link, that you learn about XP pro.

Cheers,
nicM

 

i thought id post some screenshots, enjoy:

http://img452.imageshack.us/img452/1726/one6jo.jpg

http://img452.imageshack.us/img452/9844/two1cv.jpg

http://img452.imageshack.us/img452/2237/three6vd.jpg

example alert:

http://img68.imageshack.us/img68/3498/four2kb.jpg

 

Windows Key Code

Enjoy more if you have your Windows key code handy!

I needed it upon reboot when installed and when uninstalled. And when installed again.

Have no idea if typical.

Got WinXP Pro SP2 message window stating needed to be activated ~ yes, no, log off.
So, went to the blue online activation screens, entered key, then proceeded.


Will post other experiences maybe tomorrow evening - difficult install for me - maybe due to having ProcessGuard on sys.
Found easy work-around.

But then hours of other settings, not SafeConnect, but RegDefend - why? All had been fine before the SC beta install.
Where a few SC settings to accept, make. Majority Sys registry startup items.

Also, upon startup, reboot, an additional 20 sec. with just desktop wallpaper, but usually just 2 vertical lines color and height of taskbar ~ 1.5 inch from either side of screen in the taskbar area before see usual load sequence.

I had big pause along with that 'pause' first time happened.


Do have some sort of backup. I'm relying on RollBack Rx PRO.
...

 

Re: Windows Key Code

i had no such issues however after a while i decided to ditch safeconnect anyways, i didnt rele like it.

 

I had been thinking of taking a look at this but ... neither experience is that positive.

Could you give a run done of what you thought of the features offered - might take a look at a later build

 

Anybody else has tried it? I wanted to try it after I installed Rollback Rx but I have no XP Pro, and it will not run on XP home!

 

I know this is a little old here. But I just now downloaded it and have it up and running. Anyone here still using it? If not why?

 

I am thinking of trying it out, but I have my concerns.

I first came upon the product this evening, after reading this article: http://vlaurie.com/computers2/Articles/new_paradigm.htm. The article points to a PC Magazine review article about SafeConnect, which is noted in this thread, supra -- http://www.pcmag.com/article2/0,1895,1911010,00.asp -- and the reader may wish to read the entries that appear in the following as well: http://forum.sysinternals.com/forum_posts.asp?TID=4828.

Since "SafeConnect" is offered for sale now, $24.95 -- I must presume it is out of beta. I had been thinking of trying it out since it utilizes a lesser known strategy -- a "behavior approach" as opposed to a "signature-based" approach that requires constant scans, and it is ostensibly targeting all kinds of malware.

The program is supposed to complement anti-virus software and, indeed, it is being marketed in a separate package as a specific complement to Symantec's own anti-virus software. I like the feature that ranks specific apps according to severity and in that regard it incorporates a feature found in RegRun. But I am concerned whether this product can get along with various other security products such as SSM and ProcessGuard and with rootkit detectors such as Icesword and Gmer. Would SafeConnect attempt to quarantine the bunch and, perhaps, even worse, cause the whole system to freeze? If so, this would suggest that the behavior approach employed by Sana Security is not that sophisticated. Of course, Sana Security is promoting SafeConnect as a complement to anti-virus software and, in that respect, the Company could well argue that SafeConnect is designed to protect a computer from all malware, except for that malware specifically targeted by AV software and that a system should have nothing more in the way of security other than a good AV and SafeConnect. I would not, at this point, however, be willing to gamble my computer's security on both SafeConnect and an AV alone -- in my case, Kaspersky (Resident) and NOD32 (on demand).

Sana Security, it seems to me, markets itself essentially as a Company that offers computer security for big business. Indeed, one of the questions it poses for those who would like to trial SafeConnect is whether one's Company has more than 5,000 employees or less than 5,000 -- and this, for the Company's $24.95 product.

Still, if Sana Security is offering SafeConnect for $24.95, it is obviously targeting the home user, whether the home user is a home office or simply a person who utilizes the computer for personal use.

Nonetheless, I would still be willing to trial this product as a complement to my basic repertoire of HIPS, AV, Firewall and so forth, if I can have some assurance that the program won't destabilize my entire system. Sana Security appears to be a solid Company that will be around for quite a while and from what I can gather, i.e., from what I have gleaned from articles about the Company on the internet, Sana Security has been in the forefront of computer security research.

 

Is Primary Response SafeConnect a Cyberhawk competitor? Thats what it looks like to me.

dja2k

 

Hmm
Looks to be using the PrevX model. ??
Maybe better of with PX: no conflicts here.

 

This is further to my post in this thread, dated November 9, 2006, supra. I installed SafeConnect on November 10, 2006 and it has been in use on my computer since that date. I purchased the product today. First to report, I have found no conflict between "Primary Response SafeConnect" and with either ProcessGuard or System Safety Monitor, the latter two of which are both running simultaneously on my system. They, too, get along well together -- at least on my machine.

There are essentially no prompts with SafeConnect, unlike there are with ProcessGuard and System Safety Monitor (of which I am familiar), and with other HIPS or CIPS (of which I am not familiar) but which other users have indicated, in this forum, are a distinctive feature of this or that sophisticated security app. But, this is not to say that there is no configuring to be done with SafeConnect. Actually, there is at least a little configuring to be done, although much less than is the case with the aforementioned HIPS security applications and as is the case with various firewalls -- perhaps most notably, Jetico. But, that configuration that is to be done is essential if SafeConnect is not to present a problem with the proper running of other security apps. In that regard, I would (1) recommend adding all one's important security executables in the "allowed" section of SafeConnect aber schnell once SafeConnect is up and running if the executable has not already been listed in the "allowed" sector or in the "monitored" sector of SafeConnect after installation, and I would (2) treat those executables as fully "trusted." A fully trusted executable is represented in SafeConnect's GUI as a single green square. This should prevent, and more, I feel safe with saying, given my recent observations, will prevent SafeConnect from accidentally treating any particular security app executable as malware and thence promptly halting its execution and subsequently quarantining it. Note: given SafeConnect's quick action in intercepting actual or suspected malware, SafeConnect does not automatically remove any executable and, indeed, I do not see that automatic removal/deletion is even an option in the "settings" sector of SafeConnect. This is clearly a good thing.

I would also like to point out that SafeConnect does not have what one would perceive as an explicit learning mode. Rather, it is one that operates automatically on installation. In that respect, it is quite unlike ProcessGuard which does have an explicit, manual learning mode. Moreover, SafeConnect's automatic learning mode does not, it is evident to me, list all or even most of the executables in its "allowed" and "monitored" sectors; and, those executables that SafeConnect does list in its "allowed" and "monitored" sectors are placed in various categories -- all of which are invariably given values substantially less than "fully trusted." How it is that SafeConnect initially determines the particular trust value or values of a particular executable, I haven't a clue, but it is evidently something programmed into the application and not simply happenstance. Thus the user can and must, ultimately and significantly, alter the permission values manually so that a particular security application does not suddenly come to a disconcerting halt. SafeConnect, I have reason to believe, has a hair trigger when it comes to responding to anything that even remotely looks like actual malware or potential malware or something that it just simply doesn't like. More on this immediately below --

Does SafeConnect work? Well, at least with all my security executables safely pegged as fully trustworthy, I haven't heard one of them yet complain. So, at least, SafeConnect leaves my other security applications alone. But, that doesn't tell me whether the program will actually prevent the execution of known or suspected anomalous executables from running. Still, I believe that I can safely say that SafeConnect does work -- or, at least, isn't snoozing when it should be working. For, the other day when I attempted to load up my copernic metasearch engine, SafeConnect immediately shot up a message informing me that the copernic metasearch engine program is a "pup" -- see http://www.webopedia.com/TERM/P/PUP.html -- where the term 'pup' is -- in computer lingo -- a generic acronymn for an unwanted program. A "pup," then, is not necessarily bad. It can be innocuous or, as in the case of the copernic metasearch engine, actually helpful. Think of the term 'weed.' On one definition, the term 'weed' equals by definition 'merely an unwanted plant.' To some a particular weed is a thing of beauty. To others it is an eyesore. Thus, the action of SafeConnect leads me to conclude that it has the propensity, at least, of preventing the execution of anything the least bit suspicious. Apart from the copernic matter, SafeConnect has not alerted me to anything else, to date. So, SafeConnect is not picking up on so-called false positives. Whether it is missing "true negatives," however, I don't know and can't say for certain -- but, then, no one can truly say with absolute certainty that there isn't some malware on one's machine, but for the fact that one's machine inexplicably slows down and/or crashes, and one's resident and on-demand security apps fail to detect anything amiss.

I did not continue with the installation of the copernic metasearch engine as I was a bit nonplussed to see the program targeted at all by a security app. I also discovered several copernic dlls in SafeConnect's quarantine, once I took a look at SafeConnect's quarantine sector. This would lead me to infer that Copernic is not necessarily bad, but that Copernic is by design, as is perhaps the case with any other metasearch engine, a program that elicits executables and dlls that have many of the same attributes of trojans. In any event, it appears to me that SafeConnect does work quite well and, as it also appears to be stable, as well as non-intrusive and as I have found it to be compatible with other security apps, such as PG, SSM, DW, RegDefend and Kaspersky, so long as SafeConnect is properly configured, it is not a bad addition to one's security arsenal, given the distinctive way in which it operates.

One further note: Sana Security's site sets forth that updates -- for a program such as SafeConnect -- are a thing of the past -- due to the manner of its operation. Still, the program has an update tab, which, when I click on it, repeatedly informs me that the program cannot connect to the server and that the update is incomplete. Does this mean that there is an update which I cannot, for some reason, obtain? I have no problem updating any other security app, many of which, apart from ProcessGuard and DefenseWall, require constant updates, as do my AV security application and various anti-spyware programs. I also confirmed that I was connected to the internet when I clicked on the update tab. I then attempted to ascertain whether any of my security apps was preventing the update executable from running, but I had granted SafeConnect full permissions with all HIPS. Thus, this may be a glitch in the program, a slight problem with my installation, a problem with Sana Security's server or a non-problem as there are, simply, no updates to be had. But, in the last case, I would assume that the update executable would at least be able to connect to Sana Security's server and then respond that there are no updates available at this time. Further, if as the Company states repeatedly and emphatically in its description of the product, on its website, that updates are unnecessary with this program and are a thing of the past, I would wonder why there would be need for a "check for updates" tab at all in the SafeConnect program. Perhaps this is an unnecessary appendage that a programmer forgot to remove or thought better to keep in if for no other reason than that if or when the program evolves further, the update tab happens to provide the most expedient way for one to obtain those updates.

I will contact Sana Security tomorrow and seek an answer, which I will then relate to one and all in this thread.

 

I have, unfortunately, nothing yet to report as to why, once I click on the "update" tab, I am unable to connect to Sana Security's server. But, apart from that, I wish to point out what appears to be an incompatibility between "SafeConnect" and a hardening app called "Computer Security Tool." When "SafeConnect" is enabled, it is impossible to view the GUI of "Computer Security Tool." "CST" is apparently opened since the icon appears in the system taskbar, but clicking on it will not bring up the CST screen. In order to get CST to operate normally, one has to first terminate CST; and this cannot be done by simply clicking the "close" option on the CST tab, in the system tray. The program has to be forcibly terminated via Task Manager (as one option). Once that is done, then SafeConnect has be be disabled. Once SafeConnect is disabled, CST will open. I do not know if this apparent incompatibility is simply a peculiarity with my machine. But, if anyone out there has both Sana Security's SafeConnect and the hardening tool, CST, I would like to know if he or she has encountered a similar problem.

 

I completely agreee with you from just looking at it (have not tried it though).

I also would like to know if anyone has ever compared it to CyberHawk in all aspects (effectiveness, resource usage, usability, privacy and so on).