CatchPulse Thread formerly SecureAPlus

why is such feature needed when user installed unknown software by purpose?
- by purpose? I tried to install MS Office product, which uses some "lolbins" restistricted by "OSArmor" or stuff like that.

"Setups" are not clean, they never be. SAP does so called double certificate checks and with Comodo IS, im quite "proud" to secure our work networks with this combo(SAP+Comodo).

 

then sure you loaded the wrong setups. "clean" from my view means - no hidden loading in background, no malware anyway (false positives excluded). if not then you declare any setup - even windows - by default as bad. this is the wrong view to the things. so you are freighted at the end and do not have a objective view to the things.

nice example - if you expect lolbin with ms office - do not install ms office.

btw your "cites" are bs, you do not cite the proper way.

 

Installing an Office, it uses VBS "scripts".
An "objective" view of security, well, good luck

 

thank you, just uninstalled the whole package, need to reinstall only word/excel with script. (2021 pro)

i know about VBS, used it in the past. but we are circling around the main reason - is the file (so source) trustworthy or not? my point is about files that reach me, for what reason ever. on work i dont care, not my problem to take care about send files. for me, i use for my personal fun only softmaker - there exist no risk for vbs.
have a nice weekend

 

Well, I don't know if secure age still warns users about this on their site, but they at least used to say that SAP won't do any good if it's installed on a dirty machine. And neither will most conventional antivirus programs.

Even if SAP doesn't check the file hash when it changes, it still serves as a decent gatekeeper for new software that gets introduced to an otherwise clean system. Whatever they're doing with APEX works fairly well at detecting malware. Then there's the engines they have in the cloud that they rent that I've seen catch stuff.

Really what I gained from reading all that I quoted above is that if you're going to use SAP/Catchpulse, you need to use it as a supplementary antivirus along side something else that gets a high detection rate. Such as windows defender with configure defender on max or defenderUI on aggressive. Or bitdefender total security with script scanning enabled. Or Voodooshield.

Nothing is ever going to be infallible...and by the way, if anyone at SecureAge is reading this, reconsider your selling point of 100% detection rate. literally nothing can get a 100%. Because most malware that gets installed in the wild is zero-hour malware delivered by an exploit.

 

I use voodooshield and SAP together. Whatever little SAP misses, Voodoo picks up the slack. After reading some of the stuff that's been shared here. I wholeheartedly believe you gotta use those two together with whatever else you're using.

 

SecureAPlus is fundamentally a whitelist/default-deny app, as is Voodoo Shield. Used in conjunction with a good AV, whitelist/default-deny apps are a good adjunct administration tool for a net with users who are allowed on the net to use it rather than mess with it.

 

Actually I think Trend micro uses their own thing called "Apex" and SecureAge also has something called Apex.

 

TrendMicro's product is called ApexOne

https://www.trendmicro.com/en_us/business/products/user-protection/sps/endpoint.html

 

"APEX One" to be exact. known before a "TM Officescan" but EOL since 2021
https://success.trendmicro.com/dcx/s/solution/000283080?language=en_US&sfdcIFrameOrigin=null
https://www.krick.net/blog/officescan-am-eol-angekommen (in german)
so i am wrong.

about APEX, which seems an own engine of SecureAge
https://securityboulevard.com/2019/...wered-apex-anti-malware-engine-in-virustotal/

but strange you still can download SAP
https://www.secureage.com/products/home-malware-protection

APEX as AI seems only available if paid.
it seems for that SAP died at least when bought. new owner, new name, new engine.

 

SAP can still be downloaded until CatchPulse is released. This should be the case this month.
https://www.secureage.com/blog/upgrade-to-catchpulse-for-free-in-may-2022

APEX is also included in the Free version. However, the sensitivity cannot be changed in the free version.
https://www.secureage.com/products/home-malware-protection
a little further down the page is a comparison of the different versions of SAP

 

Cato: Ceterum censeo Carthaginem esse delendam
Me: I think CatchPulse is a totally inappropriate name.

 

Carthage has been fallen, but "errare romani est" et "Romani ite domum"
https://www.youtube.com/watch?v=IIAdHEwiAy8

maybe there were no other name left, so it might be funny. "pulse catch" as the name giver. but they probably paid to much for those who found that name ^^

 

Yeah, I don't know why they're even changing the name. The SEO for "SecureAPlus" is really good. but the SEO for "CatchPulse" is really bad.

 

CatchPulse is live

https://files.secureage.com/setup/CatchPulseSetup_v10.1.0.exe

https://knowledgebase.secureage.com/catchpulse/Content/release-notes/catchpulse-release-notes.htm

 

My first impression:
1. It is no longer possible to see which antivirus programs are active in the Universal AV.
2. 21 mfx-mft....dll were detected as malware. (Generic: Heri) I allowed her back.
3. So far only the English language version.

 

Hi all

Here is more infos about CatchPulse

SecureAge Technology launches CatchPulse software for complete protection against malware

https://www.secureage.com/products/endpoint-protection-platform

With best Regards
Mops21

 

After playing with catchpulse, putting it through my usual tests. I'm extremely disappointed with it.

I've been very slowly losing my faith in secureage. At first, the cloud servers started getting really slow, then it became the case that the engines in the cloud were almost always out of date. No biggie, the virustotal results are still there.

This new catchpulse though...It's garbage. the UI is really slow and it seems a lot like the people in the support team care less and less every day.

The locally installed APEX doesn't update often enough, the engines in the cloud don't update often enough, and how the recommended option for an unknown file is to allow it.

I can't advocate for anything from secureage anymore. The quality of service just keeps dipping down lower and lower.

 

I also only have CatchPulse on the test PC. The software is not really convincing.

 

What gives you the idea the people in support team seem not to care as much? You are getting that from your personal experience with them? Just curious. I agree with the UI being slow and I don’t like that you can’t let see what engines it uses and select which ones you want.

 

Anyone know which engines catchpulse use in UA?

 

I am keeping an eye on this poorly named security app. So far, it just looks like all the re-naming & other folderol is just another case of re-arranging the deck chairs on the Titanic after it began sinking.

 

I decided to re-install it without APEX, the cloud AV or the vulnerability assessment. I don't have any performance problems with Microsoft defender anymore.

As I said before, The locally installed Apex only updates once a day, the engines they have in the cloud don't update very often either. The only thing good that SecureAge makes now is the application control and the USB drive control.

 

I decided to fiddle around with different configurations of catchpulse.

I tried it with all the components and it ran like doodoo constantly popping up with the vulnerability scan having not found any vulnerabilities whenever the UI was open, tried it without the vulnerability assessment, it still ran really slow since the engines in the cloud are never up to date, the recommended option on untrusted file prompts that stopped malware was almost always to "unblock and trust" virustotal results for these prompts screamed that these blocked files were malware.

I tried it with only the application whitelisting components, it ran great, no interference with any other security software at all.

I'm currently fiddling with the configuration where I have the "core" components and just APEX and without the cloud AV it stops way more malware than it did before.

Hey! SecureAge devs! The engines you have in the cloud need to be updated once every hour at minimum those engines should also be connected to their cloud servers if your contracts with those companies allow you to do that.

The fact that your installations of those engines are so behind on new releases of malware makes the untrusted file prompt way less secure since the result from the cloud will almost always be clean when it finds actively distributed malware on a system.

home User and business user installations of Apex need to be updated as often as the installation of it on Virustotal. once per hour minimum

 

Excellent review, @GrDukeMalden

P.S. Too bad VS lacks something like Apex, wot?