PrimaryResponse SafeConnect Beta is now open

[jeremy_pickett]

Sana Security would like to invite you to participate in beta program of our flagship client security software, PrimaryResponse SafeConnect. The beta program is for version 3.5 which has a number of new features, bug fixes, and product enhancements.

What's new in 3.5 Beta:

• Activity Monitoring - SafeConnect now exposes and records configuration changes to the machine as well as its own activities providing the end user feedback on what various programs are doing.
• Efficacy Improvements - there have been many small and large improvements to the SafeConnect behavioral malware detection and removal engine, including: early boot time component removal; improved handling of malicious drivers and alternative data streams support; desktop modification detection and clean up; and many others.
• Real time Malware Identification and Classification - SafeConnect now leverages the community of users to help identify detected malware. Once malware is detected behaviorally SafeConnect can check if someone has already detected this particular malware and retrieve its name and description from Sana's community information. Submission of suspicious samples will continue working based on user preferences as in the previous versions.
• Performance Improvements - several performance improvements have been made to the product including lower boot time overhead, improved interaction with AV scans, and faster malware removal.
• One button support log submission - to improve interaction with Sana's customer support SafeConnect can now automatically collect and submit logs to Sana's support with a click of a button.
• In addition 3.5 fixes numerous bugs reported from the field in earlier versions of SafeConnect.

Beta Requirements

• Windows XP 32-Bit, 500 MB RAM
• Windows Vista 32-bit, 500 MB RAM
• Windows Vista 64-bit, 1 GB RAM

• Previous versions of SafeConnect must be uninstalled prior to the installation of 3.5 Beta
• The Beta license key lasts for 60 days

How to Participate in the 3.5 Beta
Participating in the SafeConnect 3.5 beta is free and easy, but there are a few guidelines beta testers should follow.

• You may download the beta software from: http://www.sanasecurity.com/try/eval...tup_3.5_en.exe
• Beta feedback should be directed to: beta@sanasecurity.com

Beta Feedback (Very Important, please read)
In the spirit of making this beta period as constructive as we can, Sana Security would greatly appreciate specific, concise, and ideally reproducable feedback. An example email if a user encounters a false positive should go something like this:

Subject: False positive found on DivX version 6
Body: Installing DivX version 6 produced a false positive with SafeConnect beta. Log files from this false positive were submitted through the Submit to Support button on the Settings tab. This false positive occured approximatly 2:30 EST.

OS version: Windows Vista 64-bit, SP1, English

This is only an example, but in general the more specific and concise the report it, the more constructive it shall be.

About Sana Security
Sana Security provides software that protects what others can’t protect or see, providing immunity against threats, both known and unknown. Unlike reactive, legacy solutions that require updates, signatures and scanning, Sana’s products offer enterprises, small businesses and consumers instant and constant protection against threats, increasingly complex attacks, data compromise and identity theft.

For more information about Sana Security, please see http://www.sanasecurity.com/press/index.php



We appreciate discussion of the beta on this and other boards, but just to be clear, feedback and support should be directed to beta@sanasecurity.com. Thank you!!



[edit -- slight formatting change]

[trjam]

thank you, it is looking very good and light. Nice to see the new enhancements.

[subset]

Hi,

thank you, downloaded and will take a look at it tomorrow.
Just out of curiosity, will Antibot be updated to the new PRSC version too?

Cheers

[jeremy_pickett]

Unfortunately I do not have news one way or another on that, sorry!

--edit, changed frowny to an emoticon less angry

[subset]

Quote:

Originally Posted by jeremy_pickett

Unfortunately I do not have news one way or another on that, sorry!

Err... never mind me asking.

Cheers

[BrendanK.]

I just did a few tests and PRSC never detected any of the threats I was really looking forward to seeing a really wonderful behaviour guard.

[Ilya Rabinovich]

Quote:

Originally Posted by 333halfevil

I was really looking forward to seeing a really wonderful behaviour guard.

This case sandboxes/classical HIPS is your choice.

[BrendanK.]

I currently use RTD + A2 Antimalware (Paranoid mode on) + NIS 2009 so I think I'm pretty much covered for now along those lines. But I was hoping PRSC 3.5 would really impress me, so I could steer away from the countless popups. Oh well maybe by the final release I will have

[LoneWolf]

Quote:

Originally Posted by 333halfevil

I just did a few tests and PRSC never detected any of the threats

What sort of tests?
Live malware or a POC?
Maybe a keyloging test?

[demoneye]

its look same as norton anti bot

[trjam]

Actually the current version of Antibot is Safe Connect. As the top post says, this beta is different then what is currently out there. As to if Antibot will evolve from this beta, dont know. But right now it is working very well on 2 machines. One Vista the other XP.

[jeremy_pickett]

Quote:

Originally Posted by 333halfevil

I just did a few tests and PRSC never detected any of the threats I was really looking forward to seeing a really wonderful behaviour guard.

If you had time, I would really appreciate hearing what types of tests you tried.

[BrendanK.]

I did :-

Keylogging Test
Trojan Test
DLL Injection Test
Kill process Test
Rootkit

Red - Fail
Green - Pass

[trjam]

Quote:

Originally Posted by 333halfevil

I did :-

Keylogging Test
Trojan Test
DLL Injection Test
Kill process Test

and it failed all of them? Thanks

[BrendanK.]

I tested a rootkit and I must say it did pass that...Other than that, yes, it failed them.

[sukarof]

Cool, a security software for Vista 64 - worthy a test.

[jeremy_pickett]

Quote:

Originally Posted by 333halfevil

I did :-

Keylogging Test
Trojan Test
DLL Injection Test
Kill process Test
Rootkit

Red - Fail
Green - Pass

PRSC rarely convicts on a single behavior, such as just code injection, just killing a process, or just logging keystrokes. I think there are some older posts around here that describe it in more detail (I can dig them up if you'd like), but the bottom line is PRSC will perform much better against real world malware than atomic tests.

If you are curious though, if say your DLL injection test leaves the DLL injected, or the host process stays spawn, you should see that behavior in the monitored list for that application.

[BrendanK.]

Quote:

Originally Posted by jeremy_pickett

PRSC rarely convicts on a single behavior, such as just code injection, just killing a process, or just logging keystrokes. I think there are some older posts around here that describe it in more detail (I can dig them up if you'd like), but the bottom line is PRSC will perform much better against real world malware than atomic tests.

If you are curious though, if say your DLL injection test leaves the DLL injected, or the host process stays spawn, you should see that behavior in the monitored list for that application.

I see well then I shall be installing it again and letting it run with real malware. Those posts would be very useful to me as well if you would like to dig em up for me.

[Zero3K]

One thing I've noticed while using the new beta (and earlier versions) is that the UI hasn't changed that much. Why is that?

[EASTER]

IMO, it should by now have become common practice for securityware, even such as PrimaryResponse to address those fails, such as and especially DLL injections, terminating running processes (even obsolete (so-called) ProcessGuard is still immediate and effective to those type threats), and at least some keylogging monitoring.

This is a Beta and the scrutiny is on of course, so it would bode well AFAIK to ramp up this app to address those valid concerns. No security app should come half way but rather encompass as many potential threats as even old outdated apps can still deal with, and more!

EASTER

[BrendanK.]

I must say against viruses (the ones that do damage to your computer like disable Windows etc) it does well. But again, when faced with keyloggers, dll injection and process termination due to real world malware it doesn't give a peep.

[Sportscubs1272]

Would firewalls such as Comodo and Online Armor (paid) detect keyloggers, dll injection and process termination?

I still believe in sandboxing, multi-layer security, patching and common sense in preventing most malware from entering my system. I guess I would breathe a little easier if the anti-malware blocker was aiding my defenses on a bad day.

[BrendanK.]

Quote:

Originally Posted by Sportscubs1272

Would firewalls such as Comodo and Online Armor (paid) detect keyloggers, dll injection and process termination?

I still believe in sandboxing, multi-layer security, patching and common sense in preventing most malware from entering my system. I guess I would breathe a little easier if the anti-malware blocker was aiding my defenses on a bad day.

Yes, as they are very similar to a standalone HIPS just with an added firewall

[Sportscubs1272]

That's what I thought. I think PRSC was designed for users that use a basic anti-virus and the Windows firewall turned on.

I like to use freeware (TF) or use a free license (A-Squared Anti-Malware) than spend 30 bucks for something I probably don't need.

[trjam]

well I like it. Keep in mind this is a 2 month beta so more changes will happen. I think you have to keep in mind its purpose in the security field. Something like this coupled with say, ShadowDefender and it really makes a great combo.