I see. Thanks. For me, I don't want any offline scanners integrated into SAP. Universal AV, plus my 2 offline scanners, is enough. If I wanted a "conventional" AV, I would have used Kaspersky. But I do not want a conventional AV. That's why I bought a license for SAP Pro. I have confidence in SAP as one solid brick in my computer's security wall.
A slight misconception you seem to have about essentials and pro. Essentials still has everything except for the policy thing and the process protector. I just use pro because when freemium was an option, being a paid user would give faster results from the cloud server, I don't know if I get faster results from scans for being pro than I would if I was only on essentials, but I ended up buying a license shortly before 6.0.0 and so now I'm continuing on as a pro user.
There is a way to uninstall ClamAV: If you installed the new version (not upgrading), ClamAV is no longer included.
I was talking more about the avira addon. Every time I try to uninstall it SAP will say there's an update available and then it will want to download the avira addon again.
On another note. I have some input about automatic mode. In the previous build I noticed that the alerts in interactive mode have changed a little. One thing I noticed is that SAP will give you the green light when a file is unknown to the UAV, but not detected as malicious by APEX. The automatic mode should always submit any unknown files to the UAV to get the rating from that too before it should ever potentially allow something. Nothing is infallible, so the closest you can get to perfect is to always improve the things you make, fiddle with your creations to find flaws, then fix those flaws and start fiddling some more.
I will usually defer installing any file while it is in an "unknown" status to UAV. As the saying goes, "If it isn't broken, you just haven't tweaked it enough." ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ By the way, do you know how I can take a look at whatever is on my whitelist -- stuff I have told SAP to ignore etc?
Oh...go into the quarantine menu and that stuff is in one of the tabs there There's also Settings>Scan Settings>Exclusions. But if you're talking about stuff that you told the whitelisting component to allow, I don't know how to manually remove entires from the locally stored whitelist...Edit! Actually, right click the folder the allowed file is in, "manage whitelist" find the file in there change its status to "untrusted" in the dropdown menu in the same row
I meant that I want to see the entire whitelist that is backed up on my computer to a file named sawhitelist.dat. That backup is done via the SAP GUI by... App Settings > Application Whitelisting - Advanced Settings > Whitelist Tab > Export Whitelist Or maybe they don't want users looking at it
More about automatic mode. See? It's giving me a green light despite the fact that it's unknown to the UAV. Does this mean it would be allowed in automatic mode? I have trust by digital signature turned off by the way.
In that case, I don't know how to go about doing that. But I did discover that the backup of the whitelist also does a backup of your settings and everything you added to the list of restricted applications too.
Your attached file (an alert by SAP) shows the suspect file (firefox setup) was clean per Apex AND also signed by Mozilla Corp. Reference SAP GUI... App Settings > Application Whitelisting - Advanced Settings > Trusted Certificates Tab Unless you removed them, 3 instances of Mozilla certificates are included as Trusted on that list. Thus, although the firefox setup file is unknown to UAV, it is okayed by 2 other checks: #1-Apex & #2-trusted certificate. IMO, I personally would accept that as a valid green light. However, I am still very much in the learning phase with SAP, so it's VERY possible I missed your point. I recognize that you have turned-off Trust by Digital sig. I agree from the standpoint that I would not green light a file that was validated ONLY by a trusted sig although unknown to UAV & not stated as clean by Apex. However, I would accept a trusted sig if it were also supported by Apex, as in the case you have illustrated. IMO, your question fully warrants a posting at SAP's forum so that it will come to the attention of SAP's representatives. It's a good tech issue & I would like to see their response. By the way, I do not use auto mode & your post has given me good reason to continue that practice until SAP's reps answer your question.
A digital signature is a glorified name tag. It doesn't necessarily mean that it's good or bad. The hacked version of ccleaner had a totally "legitimate" digital signature from piriform, if SAP was allowing by a digital signature, even if it was also checking the thumbprint in that case, it would still allow that hacked, malicious version of ccleaner to run. Just because it was wearing the right name tag at the right time. There wouldn't be any way to sniff out a "bad" digital signature in that case, because the production of ccleaner had been silently hijacked. and that was AFTER Avast bought piriform and took over the development of it. I tried to attach a screenshot to SAP forums before it said it was too big, even though I cropped it down really small. I have the same name over there GrDukeMalden. They know my email address over there.
Hi, I am new to SecureAplus and getting to grips with it and liking what I see so far. The one query I have is the Automatic mode. I see a couple of entries above for it but couldn't find anything about it in the help instructions. What is the consensus on this mode? Do you leave it in automatic mode, which is as it came or move to interactive mode? Thanks in advance
Minimum pop-ups: use automatic Safety first: use interactive As for me: wouldn't touch automatic with a 100' pole. SecureAPlus (SAP) has 3 main guard dogs of protection: APEX (AI virus checker), Universal (Multiple signature-based virus checkers) & Whitelist. When SAP checks a given file as to whether it's "safe" or not, it will give you a green light (safe) if all 3 dogs say it's okay. Fine... well & good. HOWEVER, if the Universal dog says the file is unknown to its multiple virus checkers, BUT the other two dogs say it's okay, then automatic mode will decide that the file is safe. In post #2181 above the Duke infers that it's risky for automatic mode to accept such a file as being safe. I AGREE. If a file is unknown to Universal, that does NOT mean it's safe. It might be safe OR it might be a zero-day malware which is so new that Universal's multiple virus checkers simply haven't heard about it yet. Apex is SAP's guard dog for catching those zero-day nasties. Is it good? Yes. Is it fool-proof? No, nyet, nein, never happen! It's a crap shoot to accept a file when Apex says okay but Universal says, "Duhhhh." In post #2182 I said I will usually wait to accept a file until after Universal can DEFINITELY say the file is safe. But automatic mode won't give me the option of waiting. That's why I use interactive. If someone is going to roll the dice on keeping my computer UNinfected, it's going to be me, not some software program.
Many thanks Bellgamin, just the answer I was looking for. I will be swapping to interactive mode for sure Edit.............done
If you don't want to worry about alerts or automatically allowing something bad, lockdown mode in silent mode. Detected threats get insta-quarantined, unknown gets blocked, anything with a signature in the trusted certificate list is allowed.
I have tried to do this previously, but unsuccessful each time. This time it has been under way for the last nine hours. Just ridiculous, IMO. BTW, this is being done using my Admin account, so little else is running. EDIT: I meant 21 hours....
@bellgamin Nothing happens there. I prefer Wilders' since this is where I got to know about this software. Also, I have been beta testing this from the beginning. @hendy will no doubt comment.
Check my posts at that forum. SA+'s representatives have always responded to my questions & issues, usually within 1 or 2 days. Is SA+ a key element in your computer security or is it just something you are monitoring as it develops?
I usually pick a product and especially when I get in at the ground floor, so to speak, and if I believe in it, then I will stick with it. From my history of posts here in Wilders', that is so evidenced. When it comes to my product use, I have no barrel to push.
Hi all I need some help for the german translations from the german users of SecureAPlus see my screenshotzs 02.12.2018 Nadja nana fotomodel & Tänzerin: Trust once = Einmal vertrauen Always trust = Immer Vertrauen Less info on newly created file = Weniger Informationen zur neu erstellten Datei Don`t trust once = Vertraue nicht einmal Always don`t trust = Vertraue immer nicht 02.12.2018 Nadja nana fotomodel & Tänzerin1 Trust once = Einmal vertrauen Always trust = Immer Vertrauen More info on newly created file = Weitere Informationen zu neu erstellten Dateien Don`t trust once = Vertraue nicht einmal Always don`t trust = Vertraue immer nicht The above process created the following new file and may create more = Der obige Prozess hat die folgende neue Datei erstellt und kann weitere erstellen This behaviour is normal for installation or update processes. = Dieses Verhalten ist bei Installations- oder Aktualisierungsprozessen normal. Would you like to trust files created by this process = Möchten Sie Dateien vertrauen, die durch diesen Prozess erstellt wurden? With best Regards Mops21
About 12 hours later and, now at 77%... But, whilst this process has been going on, I have had constant heat and noise from the cooling of the CPU fan. I hope I haven't shortened the life of my laptop in trying to get the compact of this SAP whitelist.