Primary Response SafeConnect Update

Discussion in 'other anti-malware software' started by CogitoErgoSum, Aug 28, 2007.

Thread Status:
Not open for further replies.
  1. grumbleduke

    grumbleduke Registered Member

    Joined:
    Aug 10, 2007
    Posts:
    11
    Location:
    Oregon
    The short answer is Yes. The longer answer is 'It usually depends on who is there first' :) When you are in ring 0 it's really just the knowledge and wits of the security programmers vs. the knowledge and wits of the malware authors. There are lots of tricks both side can pull.
     
  2. CogitoErgoSum

    CogitoErgoSum Registered Member

    Joined:
    Aug 22, 2005
    Posts:
    641
    Location:
    Cerritos, California
    For those who are interested,

    A new PRSC program update has been released. The latest product version is 3.2.0.915 and configuration version is 199. For those who have a current license to PRSC and do not want to wait for the new version to be delivered via auto-update, I recommend that one request a free trial at the following link below to receive a direct download link to the latest version and perform an over-the-top install.

    http://www.sanasecurity.com/try/index.php

    I will update this thread when I receive details as to what is new or what was changed in this new version.


    Peace & Gratitude,

    CogitoErgoSum
     
    Last edited: Jun 9, 2008
  3. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Thx,

    any idea why the auto update does not update the program release number, but it shows the correct configuration number?

    Regards Kees
     
  4. CogitoErgoSum

    CogitoErgoSum Registered Member

    Joined:
    Aug 22, 2005
    Posts:
    641
    Location:
    Cerritos, California
    Hello Kees1958,

    If I can recall, new product versions are gradually released over a period of time via auto-update so as to avoid overloading the servers. It has been my experience that the previous product versions of PRSC can also have the same configuration version
    number as the latest product version.

    Peace & Gratitude,

    CogitoErgoSum
     
    Last edited: Jun 9, 2008
  5. CogitoErgoSum

    CogitoErgoSum Registered Member

    Joined:
    Aug 22, 2005
    Posts:
    641
    Location:
    Cerritos, California
    For those who are interested,

    The only information that I was able to get regarding PRSC v3.2.0.915 was that this release primarily consists of bug fixes.


    Peace & Gratitude,

    CogitoErgoSum
     
  6. jeremy_pickett

    jeremy_pickett Registered Member

    Joined:
    Apr 21, 2008
    Posts:
    11
    Cogito is correct. Agents pull new configurations to fix false positives, and this is done transparently in the background.

    I want to thank Cogito for keeping this thread current.
     
  7. jeremy_pickett

    jeremy_pickett Registered Member

    Joined:
    Apr 21, 2008
    Posts:
    11
    Kees, here is how I'd think about it: new Configuration #'s mean new false positive fixes. New product version means either new features or new 'under-the-cover' features.

    I hope to get new bug fixes and features more public exposure in upcoming releases, but as an organization we are not there yet. Thanks for your patience, and Cogito has the most up to date info as of yet.
     
  8. CogitoErgoSum

    CogitoErgoSum Registered Member

    Joined:
    Aug 22, 2005
    Posts:
    641
    Location:
    Cerritos, California
    Hello Jeremy,

    You are very welcome. Just doing my modest part to help keep PRSC's visibility and awareness alive.


    Peace & Gratitude,

    CogitoErgoSum
     
  9. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    7,238
    Location:
    Hawaii
    Since "no A versus B" only applies to antivirus porograms (I think), I must say that I wonder why someone would select PRSC when Threatfire is an equally good behavior blocker (I think) plus...

    1- TF has a viable, active support forum. PRSC does not, plus it charges for support.

    2- TF is MUCH lighter on system resources -- on my computer. Maybe not on yours.

    3- TF enables the user to set advanced rules IF DESIRED. PRSC does not.

    4- TF has a non-crippleware free version. PRSC requires a yearly license fee.

    Hey, I love to spend $$$ on good security apps -- but NOT if there is an equal or better app available at lower-or-no-cost. Thus, I am quite eager for someone to show me why I should spend almost $30 for PRSC when TF works so beautifully for zippo dollars.

    charis humin kai eirene - bellgamin
     
  10. ingem64

    ingem64 Registered Member

    Joined:
    Oct 15, 2006
    Posts:
    37
    Do I need to add some antivirus with PRSC?
     
  11. iphone

    iphone Registered Member

    Joined:
    May 6, 2008
    Posts:
    17
    For me, PRSC must be use with other security software.

    I am using PRSC with antivirus (actually KIS 2009)

    You can use PRSC with Defensewall or others but for me, this is not a good idea to use PRSC alone.
     
  12. LoneWolf

    LoneWolf Registered Member

    Joined:
    Jan 2, 2006
    Posts:
    3,638
    Well I guess the reason could be such as in my case as TF would not play nice with my system.
    High cpu that would lock up my pc, rebooting did no good as TF would eat up 100% of the cpu the only solution was to rollback to the time before TF.
    That was the case everytime I tried TF five different installs with four different builds. Where as PRSC and NAB never once gave me any kind of problem whatsoever. So if TF works for you,great. But I myself am done tring to get TF to work.
     
  13. Someone

    Someone Registered Member

    Joined:
    Jan 18, 2008
    Posts:
    1,106
    Hi.

    So are you saying if ThreatFire didn't have issues you would use it?

    And just out of interest, if PRSC was free too and ThreatFire didn't have issues which one would you pick?

    Thanks
     
  14. LoneWolf

    LoneWolf Registered Member

    Joined:
    Jan 2, 2006
    Posts:
    3,638
    If I was lacking the protection it provided,. Sure.

    Hmmm.....Tough question. I honestly do not know, and I never will, since TF does not work without issues here.
    I really wanted TF to work right, thats why I tried it many times. I even tried installing it alone without any other security apps just to find out what the conflict was. That was a no go.
    Anyway I was planning on buying PRSC when I got a better deal on NAB (a rebrand of PRSC)
    Which works W/O any problems at all. :D
     
  15. Someone

    Someone Registered Member

    Joined:
    Jan 18, 2008
    Posts:
    1,106
    Cool. Thanks for the quick reply.
    Well for me, ThreatFire works W/O any problems at all. :D
     
  16. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Vista64 is the reason!
     
  17. CogitoErgoSum

    CogitoErgoSum Registered Member

    Joined:
    Aug 22, 2005
    Posts:
    641
    Location:
    Cerritos, California
    For those who are interested,

    Since the 4Q of last year, I have been actively submitting actual malware samples to Sana Security and testing select malware samples against PRSC. I have also made the PRSC development team aware of concepts and concerns related to the functionality/operation of PRSC that I believe urgently need to be addressed in the near future to close the detection gap that currently exists between it and ThreatFire(TF) or perhaps exceed that of TF.

    While I am not at liberty to disclose anything in an official capacity yet, I am pleased to say that there will be something exciting in the pipeline for PRSC sometime this Summer. I am pretty sure that Jeremy will drop by and make an official announcement when it is appropriate.


    Peace & Gratitude,

    CogitoErgoSum
     
  18. CogitoErgoSum

    CogitoErgoSum Registered Member

    Joined:
    Aug 22, 2005
    Posts:
    641
    Location:
    Cerritos, California
    Hello bellgamin,

    To address your point #1, contrary to popular belief, basic customer/technical email support is "free" for the duration of one's PRSC subscription. Concerns and/or issues regarding installation/upgrades, errors/crashes, configuration, false positives, performance, protection and feature requests are within the scope of free support.

    Support can be contacted at (support[at]sanasecurity[dot]com) or via support request form at the link below.

    http://www.sanasecurity.com/support/supportRequestForm.php

    For information regarding PRSC's "paid" premium support offerings, please take a look at the link below.

    http://www.sanasecurity.com/buy/support_learn.php

    Lastly, other than what I have already said in the previous post, if official Mamutu, Prevx 2.0 or ThreatFire public support forums are any indication, I get the impression that both Norton AntiBot(NAB) and PRSC typically provide less false positives and are less likely to cause conflicts between security applications. In regards to NAB/PRSC, I can personally vouch for this.


    Peace & Gratitude,

    CogitoErgoSum
     
  19. ellison64

    ellison64 Registered Member

    Joined:
    Oct 5, 2003
    Posts:
    2,570
    What i personally dont like about PRSC and its offshoot Norton Antibot is the fact that the software becomes disabled if you do not carry on with yearly subscriptions.For such software that is hardly updated (other than bugfixes and possible whitlists)everyday like an av signature ,but rather uses behavior blocking and heuristics i really could not recommend such type software that is useless unless you continue "renting" it.
    ellison
     
  20. CogitoErgoSum

    CogitoErgoSum Registered Member

    Joined:
    Aug 22, 2005
    Posts:
    641
    Location:
    Cerritos, California
    For those who are interested,

    PRSC consists of the following four components or processes when it is active(SanaAgent.exe, SanaMonitor.exe, SanaSafeConnect.exe and SanaSafeConnectWatcher.exe). SanaAgent.exe detects and removes malware files that have become active on a PC. SanaMonitor.exe monitors the computer. SanaSafeConnect.exe connects to the internet and sends new detected malware information to the Sana corporate database. Lastly, SanaSafeConnectWatcher.exe serves a dual purpose by verifying that SanaAgent.exe is running correctly and verifying process code injection.


    Peace & Gratitude,

    CogitoErgoSum
     
  21. CogitoErgoSum

    CogitoErgoSum Registered Member

    Joined:
    Aug 22, 2005
    Posts:
    641
    Location:
    Cerritos, California
    For those who are interested,

    Under Vista 32 SP1 with Returnil's "session lock" enabled, I recently tested the following four malware samples against PRSC.

    userinit.exe - quarantined(detected via behavioral heuristics)
    http://www.threatexpert.com/files/userinit.exe.html
    http://www.prevx.com/filenames/X2630648548056976493-X1012416264/USERINIT.EXE.html

    detnat.a - quarantined(detected via behavioral heuristics)
    http://www.darkreading.com/document.asp?doc_id=98905&WT.svl=news1_2
    http://vil.nai.com/vil/content/v_139344.htm

    sramler.g - quarantined(detected via behavioral heuristics);(Virut family)
    virtob.f - quarantined(detected via behavioral heuristics);(Virut family)


    Peace & Gratitude,

    CogitoErgoSum
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.