SecureAPlus Freemium

Discussion in 'other anti-virus software' started by sinlam, Jul 24, 2013.

  1. RLim

    RLim Registered Member

    Joined:
    Oct 22, 2014
    Posts:
    15
    @Brummelchen If a machine was infected with powerful malware that can block access of antimalware solution to the file system, no other solution will be able to detect it. You can only reformat the machine. But afterwards, how can you ensure that you will not get infected again afterwards?

    With traditional antivirus, you are depending on the detection of one single antivirus engine (some of them two or probably three). And to make it worse, this solution will not notify you when something new (without you knowing) trying to execute in your machine.

    With SecureAPlus all new application trying to run will need to get your approval. If you do not run any application and suddenly there is a notification that a new application trying to run, you will need to be on guard and probably just prevent them to run.

    And based on Imperva study (http://www.imperva.com/docs/HII_Assessing_the_Effectiveness_of_Antivirus_Solutions.pdf), only less than 10% of malware get classified on the first week of finding. This finding might be old, but with current rate of new malware found on the wild, I believe the number is even worst now.
     
  2. RLim

    RLim Registered Member

    Joined:
    Oct 22, 2014
    Posts:
    15
    Another round of server upgrade completed:)
     
  3. 142395

    142395 Guest

    Hi, bjm_. Many programs work inside and outside SBIE w/out template, and it is empirically known that in some cases where template is available a program works better if you disable template. For actuall example of this, ask bo elam in SBIE thread or SBIE forum.

    Template is needed when a program inside SBIE need to communicate w/ a program outside SBIE. Outside program usually can inject code or dll to sandboxed program w/out problem, but if injected program try to communicate to the outside program, SBIE prevent this unless it is in exception. Here template is needed to allow the communication or make IPC exception.

    But AFAIK, SAP don't injects programs (SAP don't need to know what the program doing internally), it achieves blocking probably by OS kernel functionality. I don't know exact technical details of SAP but from my limited testing, it blocked execution even when I disabled most of its components tho ofc GUI notification was no more available. So I assume it leverages OS function, and can be applied to programs regardless of if they're inside or outside of sandbox.

    I also have been using SAP w/ NIS2014 & SBIE, it works well.;)
     
  4. 142395

    142395 Guest

    I don't see why it is error by design. Maybe you want everything in a product.

    Not to mention nearly all anti-executables or application whitelisting avialble assume your system is clean, but that is outside scope of this kind of program, user should confirm your system is clean by other way, or preferably they should install it on fresh Windows.

    But SAP take infested system into account in at least minimal degree by UAV scan after installation. It may not detect new malware or hidden rootkit, but same goes even for established commercial AV/IS.

    Tho I once suggested them to implement rootkit scanner, still I don't hope SAP to implement more function which are not the job of app whitelisting. I hope SAP do their job well, with lean and fast manner.
     
  5. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,453
    Location:
    .
    Thanks...great reply. Thanks !
    My suspicion that communication is required between SAP and SBIE stems from .... AppGuard has a SBoxie exception. HMP.A has a SBoxie consideration. EXE RadarPro has a consideration for SBoxie. So, logically SAP requires SBIE communication. Oh, also that VoodooShield does not have a SBoxie consideration and does not run in sandbox. With browser sandbox'd VS only acts on processes outside the sandbox.
    So, why would AppGuard and HMP.A and ERP have a consideration for SBIE. VS acknowledges VS does not communicate in sandbox. Why would I expect SAP whitelist engine to run from browser sandbox. As VS whitelist engine doesn't and ERP makes a line of code for SBIE File Access.
    Thanks for educating me that SAP does not need a template or a line of code to communicate through SBIE...
    Bizarre, other toys add a line to File Access or add an exception for SBIE
     
  6. 142395

    142395 Guest

    HMPA and Appguard definitely need to communicate as they includes memory protection (and more). I don't know much about VS & NVT-ERP, but I found this, I don't know what is \mailslot\NVTInj\ but its name suggests it injects sth, also this rule is for pipe which is used for communication (IPC).

    I don't know why VS doesn't work with SBIE. Any executable downloaded in sandbox are actually located in your sandbox folder (usually C:\Sandbox\) so theoretically they should be able to block new executable. Maybe you can ask VS dev and post a link to reply if there's no enough explanation yet?

    Note, there're some ways to achieve execution blocking.
     
  7. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,453
    Location:
    .
    I have perused VS + SBIE with VS developer. Maybe VS developer is mistaken. Maybe I'm mistaken. A Wilders moderator tested VS + SBIE with the conclusion they do not communicate. I'll try to locate that post.
    Bottom line for this Thread. Not to go off Topic. SAP + SBIE do communicate. Thanks !
     
  8. jlo

    jlo Registered Member

    Joined:
    Nov 29, 2004
    Posts:
    475
    Location:
    UK
    Hi, I have just started using this program and it seems really good.
    One question though. I have tested a few malware links and some recent ones seem to be blocked by the application whitelist and shown that its malware via virustotal but is not detected by the universal AV.....and when looking at virus total often av's such as bitdefender and eset are already detecting it so why does not the cloud universal AV detect them straight away. Is there a delay in the virus defs being included in Univeral AV??

    Just wondered if anyone knows?

    Cheers

    James
     
  9. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,453
    Location:
    .
    Developer mentioned server updates in the works...as needed by increased SAP interest.
    << Recently our server encounters a very heavy workload due to the high number of new people signing up >>
     
  10. jlo

    jlo Registered Member

    Joined:
    Nov 29, 2004
    Posts:
    475
    Location:
    UK
    Thanks for the reply.
     
  11. hendy

    hendy Registered Member

    Joined:
    Sep 15, 2014
    Posts:
    265
    When application whitelisting prompted you, first it will check against our database at the server, if we don't have the sample file yet, then VirusTotal will be used.
    The uploading and scanning of a new sample file is not immediate.
     
  12. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,453
    Location:
    .
    ...then what happens based upon virustotal results ... which is often not conclusive...when some engines flag and others don't...
    ...then what happens if virustotal is file not found
    ...how do we get the upper hand on zero day...with inconclusive...delayed scanning
     
  13. guest

    guest Guest

    Is up to you to decide like and a good companion to any other AV.
    You can install it with clamAV which is optional, this or any av of your choice should handle the 0day.
     
  14. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,453
    Location:
    .
    ...er' what o_O...the definition of 0 day is that av will not detect...um, that's 0 day....if av detects then it ain't zero day
    ...what do I decide....the item is an unknown
    ...what does SAP do with an unknown....it's not whitelisted...it's not categorized...what is it...what does SAP do....simply upload and then what do I do...what does SAP do...
    okay, I'm virustotal = file not found .... then what...what does SAP do...
     
    Last edited: Apr 7, 2015
  15. guest

    guest Guest

    The problem is that you want this product to be something that is not designed for.

    According to your arguments a 0day can't be detected by an AV... so we can't stop talking here since what you are saying isn't true.
     
  16. 142395

    142395 Guest

    Your definition is wrong, tho 0day has some different definition, if it means 0day malware, common def is a malware which is within 24h from being discovered or born. Since most new malware are just a derivative of known malware or have similar characteristics or behavior, AVs can detect those 0day malware to some extent.

    SAP can block ANY executable or script by its proactive protection, regardless of if it is good or not. So if you are hit by 0day exploit, which BTW its definition is exploit which is not yet patched, and it tried to download 0day malware which all AVs miss, then you're protected UNLESS you allow the execution by yourself. This is generally how this type of program works.

    But SAP's UAV is more aimed at preventing known malware. However, as it continuously scan your files in cloud, as soon as new malware is detected by 1 of UAV engine, you'll get warning.
     
  17. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,453
    Location:
    .
    You lost me...
    repeated scanning of my whitelisted file repository in the cloud....scans known categorized files...unless the file changes on my machine...what good is comparative scanning in the cloud comparing already known good files with already known signatures...

    What happens when a file changes or an item tries to be added on my machine....
    What happens if the item is unknown...
    What happens as SAP cloud is not adequate as recently reported....
     
  18. guest

    guest Guest

    What happens if you try to answer yourself, isn't that hard.
     
  19. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,453
    Location:
    .
    er' what
     
  20. guest

    guest Guest

    Do you understand how SAP work? read the help file and you will find the answer to your questions.
     
  21. hendy

    hendy Registered Member

    Joined:
    Sep 15, 2014
    Posts:
    265
    We are pleased to announce the release of SecureAPlus v3.3.4.

    We have fixed the update status bug that reported previously in this forum.
    In this version, SecureAPlus can work along with Windows Defender, if the offline AV is disabled.
    More details can be found in the release notes: http://www.secureaplus.com/Main/secureaplus_releasenote.php
     
  22. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    5,285
    I updated to v3.3.4 this morning. Later, I somehow got this popup, but I can't see how I got this to show. Just wondering that nothing has happened between May 2014, until today. That seems a little odd to me.

    ScreenShot_SAP_v3.3.4_update_27.gif
     
  23. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,453
    Location:
    .
    Norton flags 3.34 as WS.Reputation.1
     
  24. hendy

    hendy Registered Member

    Joined:
    Sep 15, 2014
    Posts:
    265
    This dialog displayed when you clicked on "Previous".
    upload_2015-4-22_8-56-48.png
    It shows the history of previously blocked items.
     
  25. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    I installed the latest version for the first time yesterday, the system has been left on (normal to do so), and 24hrs later the initial full scan would be lucky to be on maybe 2%. Is this normal?

    Cheers :D
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.