Primary Response SafeConnect Update

The short answer is Yes. The longer answer is 'It usually depends on who is there first' When you are in ring 0 it's really just the knowledge and wits of the security programmers vs. the knowledge and wits of the malware authors. There are lots of tricks both side can pull.

 

For those who are interested,

A new PRSC program update has been released. The latest product version is 3.2.0.915 and configuration version is 199. For those who have a current license to PRSC and do not want to wait for the new version to be delivered via auto-update, I recommend that one request a free trial at the following link below to receive a direct download link to the latest version and perform an over-the-top install.

http://www.sanasecurity.com/try/index.php

I will update this thread when I receive details as to what is new or what was changed in this new version.


Peace & Gratitude,

CogitoErgoSum

 

Thx,

any idea why the auto update does not update the program release number, but it shows the correct configuration number?

Regards Kees

 

Hello Kees1958,

If I can recall, new product versions are gradually released over a period of time via auto-update so as to avoid overloading the servers. It has been my experience that the previous product versions of PRSC can also have the same configuration version
number as the latest product version.

Peace & Gratitude,

CogitoErgoSum

 

For those who are interested,

The only information that I was able to get regarding PRSC v3.2.0.915 was that this release primarily consists of bug fixes.


Peace & Gratitude,

CogitoErgoSum

 

Cogito is correct. Agents pull new configurations to fix false positives, and this is done transparently in the background.

I want to thank Cogito for keeping this thread current.

 

Kees, here is how I'd think about it: new Configuration #'s mean new false positive fixes. New product version means either new features or new 'under-the-cover' features.

I hope to get new bug fixes and features more public exposure in upcoming releases, but as an organization we are not there yet. Thanks for your patience, and Cogito has the most up to date info as of yet.

 

Hello Jeremy,

You are very welcome. Just doing my modest part to help keep PRSC's visibility and awareness alive.


Peace & Gratitude,

CogitoErgoSum

 

Since "no A versus B" only applies to antivirus porograms (I think), I must say that I wonder why someone would select PRSC when Threatfire is an equally good behavior blocker (I think) plus...

1- TF has a viable, active support forum. PRSC does not, plus it charges for support.

2- TF is MUCH lighter on system resources -- on my computer. Maybe not on yours.

3- TF enables the user to set advanced rules IF DESIRED. PRSC does not.

4- TF has a non-crippleware free version. PRSC requires a yearly license fee.

Hey, I love to spend $$$ on good security apps -- but NOT if there is an equal or better app available at lower-or-no-cost. Thus, I am quite eager for someone to show me why I should spend almost $30 for PRSC when TF works so beautifully for zippo dollars.

charis humin kai eirene - bellgamin

 

Do I need to add some antivirus with PRSC?

 

For me, PRSC must be use with other security software.

I am using PRSC with antivirus (actually KIS 2009)

You can use PRSC with Defensewall or others but for me, this is not a good idea to use PRSC alone.

 

Well I guess the reason could be such as in my case as TF would not play nice with my system.
High cpu that would lock up my pc, rebooting did no good as TF would eat up 100% of the cpu the only solution was to rollback to the time before TF.
That was the case everytime I tried TF five different installs with four different builds. Where as PRSC and NAB never once gave me any kind of problem whatsoever. So if TF works for you,great. But I myself am done tring to get TF to work.

 

Hi.

So are you saying if ThreatFire didn't have issues you would use it?

And just out of interest, if PRSC was free too and ThreatFire didn't have issues which one would you pick?

Thanks

 

If I was lacking the protection it provided,. Sure.

Hmmm.....Tough question. I honestly do not know, and I never will, since TF does not work without issues here.
I really wanted TF to work right, thats why I tried it many times. I even tried installing it alone without any other security apps just to find out what the conflict was. That was a no go.
Anyway I was planning on buying PRSC when I got a better deal on NAB (a rebrand of PRSC)
Which works W/O any problems at all.

 

Cool. Thanks for the quick reply.
Well for me, ThreatFire works W/O any problems at all.

 

Vista64 is the reason!

 

For those who are interested,

Since the 4Q of last year, I have been actively submitting actual malware samples to Sana Security and testing select malware samples against PRSC. I have also made the PRSC development team aware of concepts and concerns related to the functionality/operation of PRSC that I believe urgently need to be addressed in the near future to close the detection gap that currently exists between it and ThreatFire(TF) or perhaps exceed that of TF.

While I am not at liberty to disclose anything in an official capacity yet, I am pleased to say that there will be something exciting in the pipeline for PRSC sometime this Summer. I am pretty sure that Jeremy will drop by and make an official announcement when it is appropriate.


Peace & Gratitude,

CogitoErgoSum

 

Hello bellgamin,

To address your point #1, contrary to popular belief, basic customer/technical email support is "free" for the duration of one's PRSC subscription. Concerns and/or issues regarding installation/upgrades, errors/crashes, configuration, false positives, performance, protection and feature requests are within the scope of free support.

Support can be contacted at (support[at]sanasecurity[dot]com) or via support request form at the link below.

http://www.sanasecurity.com/support/supportRequestForm.php

For information regarding PRSC's "paid" premium support offerings, please take a look at the link below.

http://www.sanasecurity.com/buy/support_learn.php

Lastly, other than what I have already said in the previous post, if official Mamutu, Prevx 2.0 or ThreatFire public support forums are any indication, I get the impression that both Norton AntiBot(NAB) and PRSC typically provide less false positives and are less likely to cause conflicts between security applications. In regards to NAB/PRSC, I can personally vouch for this.


Peace & Gratitude,

CogitoErgoSum

 

What i personally dont like about PRSC and its offshoot Norton Antibot is the fact that the software becomes disabled if you do not carry on with yearly subscriptions.For such software that is hardly updated (other than bugfixes and possible whitlists)everyday like an av signature ,but rather uses behavior blocking and heuristics i really could not recommend such type software that is useless unless you continue "renting" it.
ellison

 

For those who are interested,

PRSC consists of the following four components or processes when it is active(SanaAgent.exe, SanaMonitor.exe, SanaSafeConnect.exe and SanaSafeConnectWatcher.exe). SanaAgent.exe detects and removes malware files that have become active on a PC. SanaMonitor.exe monitors the computer. SanaSafeConnect.exe connects to the internet and sends new detected malware information to the Sana corporate database. Lastly, SanaSafeConnectWatcher.exe serves a dual purpose by verifying that SanaAgent.exe is running correctly and verifying process code injection.


Peace & Gratitude,

CogitoErgoSum

 

For those who are interested,

Under Vista 32 SP1 with Returnil's "session lock" enabled, I recently tested the following four malware samples against PRSC.

userinit.exe - quarantined(detected via behavioral heuristics)
http://www.threatexpert.com/files/userinit.exe.html
http://www.prevx.com/filenames/X2630648548056976493-X1012416264/USERINIT.EXE.html

detnat.a - quarantined(detected via behavioral heuristics)
http://www.darkreading.com/document.asp?doc_id=98905&WT.svl=news1_2
http://vil.nai.com/vil/content/v_139344.htm

sramler.g - quarantined(detected via behavioral heuristics);(Virut family)
virtob.f - quarantined(detected via behavioral heuristics);(Virut family)


Peace & Gratitude,

CogitoErgoSum