SecureAPlus Essentials & Pro

Discussion in 'other anti-malware software' started by bellgamin, Oct 21, 2021.

  1. bellgamin

    bellgamin Registered Member

    Joined:
    Aug 1, 2002
    Posts:
    8,102
    Location:
    Hawaii
    BACKGROUND INFO
    SecureAPlus (SA+) is an anti-malware app, not an "Antivirus" (AV). Why? Because SA+ primarily is based on whitelisting whereas AVs are based primarily on blacklisting via signatures.

    The developer of SA+ is located in Singapore, a sovereign city-state on an island in Southeast Asia.

    Website (w/90-day free trial) || Support Forum || Knowledge Base
    E-mail for Questions & support==> secureaplus @ secureage.com

    Versions: Lite $0 || Essentials $20/yr || Pro $30/yr
    =>Free version -- Appropriately priced at ZERO because a key protection factor has been stripped out.
    =>Essentials version is for home-users. I use this one.
    =>Pro version -- versus Essentials version, Pro's main "extras" are remote security settings and permissions, for use by IT professionals et alia.

    SECURITY INFO
    As previously stated, the back-bone of SA+ is its internal whitelist of trusted files & programs. Whenever user's computer tries to load or process any file or program NOT on the whitelist, SA+ blocks it & uses one or more of 7 internal processes so as to help user decide what action to take. These 7 processes are summarized as follows:
    1- Universal AV -- SA+'s cloud-based scanner that employs several major AVs such as Avast, McAfee, Microsoft, etc.
    2- APEX -- SA+'s cloud-based AI/behavioral scanner.
    3- List of Trusted Certificates -- SA+ includes a lengthy default list of trusted certificates. User can add or delete certificates. Each listed certificate is fingerprinted so as to protect against fraudulent certificates.
    4- List of Restricted Applications -- SA+ includes a lengthy default list of restricted apps. User can add apps to the default list, & can also delete apps from the list. Executables created by any restricted app are blocked by SA+, pending user decision.
    5- List of Trusted Script Interpreters -- SA+ includes a lengthy default list of trusted script interpreters. User can add or delete items. When SA+ encounters a script file, it requires BOTH the script file AND the script interpreter (which executes the script) to be validated/trusted. SA+ will block scripts that don't meet both criteria.
    6- List of Rules for Command Lines -- SA+ includes a lengthy default list of block/alert rules for such executables as rundll32, powershell, regsvr32, mshta, wscript, cscript, bitsadmin, etc etc. User can add or delete executables on the list. User can also add or modify rules.
    7- Removable Media Device Control -- fully tweak-able by user.

    Whenever SA+ pops-up a user alert about a blocked process or file, that alert will give the user information that is based on one or more of the 7 resources listed above. That info enables the user to make an informed decision to trust (NOT block permanently or NOT block one-time) or NOT trust (either block permanently or block one-time).

    Additionally, SA+ will do a "vulnerability assessment" on-demand. This assessment seeks out & reports CVE (Common Vulnerabilities & Exposures) across all files in the user's computer, including but not limited to its OS. For example, a computer that runs WIN7 OS will have over 500 "critical" systemic vulnerabilities reported by SA+. If user asks for more info, SA+ will identify each vulnerability, linked to its CVE number, & show its severity (high, medium, low).

    On my aging laptop, SA+ is light, fast, & quiet. It's my only stand-alone, real-time security. Never has failed me. You might find it worth a try.
     
    Last edited: Oct 22, 2021
  2. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    5,285
    I have had this installed on both my previous XP desktop and Windows 10 Pro laptop. Both have gone to heaven.

    Currently not installed on my rather low-powered HP laptop, of which specifications posted somewhere else in the Wilders' topics/forums.

    I have always liked SAP.
     
  3. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    Thanks for all of the info, it's an interesting tool. I probably don't need all of the features, but what does the freeware version offer?
     
  4. NormanF

    NormanF Registered Member

    Joined:
    Feb 20, 2009
    Posts:
    2,872
    Its a tossup between SAP and VS depending on what you're looking for in an anti exe.
     
  5. bellgamin

    bellgamin Registered Member

    Joined:
    Aug 1, 2002
    Posts:
    8,102
    Location:
    Hawaii
    The Free version is a useful whitelist/anti-executable, but it has a significant weakness when compared to SA+'s paid versions.

    SA+'s paid versions (Essentials & Pro) enable checking the validity of certificates based on "thumbprinting" whereas the Free version does NOT. Why is that a significant weakness? For the answer, see HERE.
     
    Last edited: Oct 23, 2021
  6. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,209
    Location:
    Among the gum trees
  7. blacknight

    blacknight Registered Member

    Joined:
    Sep 25, 2007
    Posts:
    3,344
    Location:
    Europe, UE citizen
    Anyone can make a comparison with NoVirusThanks Exe Radar Pro ?
     
  8. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    What a bummer, so you don't get the AV part? I'm not really interested in white-listing anymore, I even dropped EXE Radar.
     
  9. bellgamin

    bellgamin Registered Member

    Joined:
    Aug 1, 2002
    Posts:
    8,102
    Location:
    Hawaii
    EXE Radar Pro is abandoned, & incompatible with Win8 & Win10. SA+ is fully compatible with all versions of Windows from Win7 through Win10. SA+ is actively updated & maintained by its developers.
     
  10. blacknight

    blacknight Registered Member

    Joined:
    Sep 25, 2007
    Posts:
    3,344
    Location:
    Europe, UE citizen
    Thank you Bellgamin.
     
  11. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,209
    Location:
    Among the gum trees
    First impression... hmm not sure yet. The installer seems to extract a rather large number of items, which I would certainly hope would uninstall as cleanly as possible if and / or when the time comes.

    The first Full Scan is sloooowww!
     
  12. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,209
    Location:
    Among the gum trees
    Well, I'm starting to like SA+ Essentials, a lot. Besides the incredibly slow first Full Scan it seems to have little to no noticeable impact on my system performance. Unlike some, I've chosen to use Automatic Mode although I have changed, Trust based on Digital Signature to Name and Thumbprint...". I trust my other security software and browsing habits to help keep me safe.

    I guess time will tell soon enough if I decide to keep it. So far though... :thumb:
     
  13. bellgamin

    bellgamin Registered Member

    Joined:
    Aug 1, 2002
    Posts:
    8,102
    Location:
    Hawaii
    Free SA+ version has an AV, as I recall -- APEX. However, whitelisting/default-deny apps such as SA+ are built on an entirely different concept of security than an AV's blacklist/default-allow basis. To wit -------

    1) AV...
    => Is largely based on a huge list of "fingerprints" of bad guys. Frequent updates are essential because that list changes rapidly, day in & day out, & is constantly growing larger & larger. Computer User has zero control over changes to that list of bad guys.
    => CONCEPT (default-allow): every file in the world that "knocks on my computer's front door" is ALLOWED to enter if it is NOT on the long list of bad guys.

    2) SA+...
    => Is based on a very short list of "fingerprints" of good guys. That list grows slowly & Computer User has near-total control over what gets added to, or deleted from, that list.
    => CONCEPT (default-deny): every file in the world that "knocks on my computer's door" will be BLOCKED unless it IS on my short list of good guys.

    In my NON-expert opinion, the default-deny basis for SA+ is simpler, lighter, & more user-controllable than an AV's default-allow. YMMV ( :) of course)
     
    Last edited: Oct 25, 2021
  14. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    OK thanks. I see that APEX is an AV engine based on AI that's developed by themselves. It's probably a bit like WiseVector, I don't think I need it. And like I said, I got tired having to white-list stuff. Don't forget, whitelisting is mostly useful to protect against exploits, because if you download some app and AV says it's clean, you are going to install anyway.

    https://blog.virustotal.com/2019/05/virustotal-secureage.html
     
  15. moredhelfinland

    moredhelfinland Registered Member

    Joined:
    Mar 31, 2009
    Posts:
    344
    Location:
    Finland
    Installed the Pro version today for testing purposes.

    SAP UAV Detected:
    googledrivesetup.exe (legit Google Drive for Desktop installer)
    AV Engine: AVIRA (TR/Crypt.ZPACK.Gen2)

    webroot-secureanywhere.exe (legit webroot 6 month trial installer)
    AV Engine: AVG (Win32/Heri Win32/Heri.Dropper)

    Uploaded those files to VT and all clean.

    Not a good start, but i'll keep testing.
     
  16. bellgamin

    bellgamin Registered Member

    Joined:
    Aug 1, 2002
    Posts:
    8,102
    Location:
    Hawaii
    Thank you for testing SA+ Pro. I look forward to your future reports & findings.

    I have reported the False Positives (FPs) mentioned in your post to the SA+ Support Forum in THIS thread.
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    General Info: SA+'s Universal AV (UAV) uses a total of 10 AV engines including Avast, Avg, Avira, ClamWin, Emsisoft, F-Prot, F-Secure, McAfee, Microsoft, & Sophos. In each of the FPs reported by @moredhelfinland, it seems that only one of UAV's 10 engines reported an FP whereas 9 of UAV's engines evidently found the files to be clean.
     
  17. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,209
    Location:
    Among the gum trees
  18. bellgamin

    bellgamin Registered Member

    Joined:
    Aug 1, 2002
    Posts:
    8,102
    Location:
    Hawaii
    The FP was reported by APEX which, like WiseVectorStopX, is an aggressive AI/behavioral-based AV and, like WiseVectorStopX, APEX's aggressiveness can produce FPs. By the way, did any of SA+'s Universal AV's 10 engines report the same FP?

    As to the spam at SA+'s forum -- in the several years that I have visited SA+'s forum, spam happens VERY rarely.

    Wilder's forum here is blessed with skilled moderator's who will quickly stifle any such nonsense on this forum. However, SA+'s forum is a support forum & has no moderators, as such. Instead, it is administered by IT Technical Support employees of SecureAge. In addition to managing the support forum, those Tech Support employees also respond to questions & issues reported by email & telephone from their numerous corporate & home users. Thus, SA+'s forum always gets technically competent replies, but it sometimes takes several days. For faster response, send an email to secureaplus @ secureage.com.
     
  19. NormanF

    NormanF Registered Member

    Joined:
    Feb 20, 2009
    Posts:
    2,872
    If there aren't human moderators on forums, spam overruns them like tumbleweeds blowing through a ghost town. Good thing we have them here on Wilders.
     
  20. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,209
    Location:
    Among the gum trees
    Nope.
     
  21. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,209
    Location:
    Among the gum trees
    This was posted January 28 this year on their forum time. This in the same thread was posted February 22nd, and from there the rest of the thread is almost all spam.
     
  22. moredhelfinland

    moredhelfinland Registered Member

    Joined:
    Mar 31, 2009
    Posts:
    344
    Location:
    Finland
    Maybe UAV uses some kind of old cloud database of AV engines because UAV still flags(Avira, AVG) those files as malware. I think Avira and AVG flagged those files falsely as a malware, then they fixed it, but UAV still shows that Avira and AVG finds them malicious.
     
  23. bellgamin

    bellgamin Registered Member

    Joined:
    Aug 1, 2002
    Posts:
    8,102
    Location:
    Hawaii
    Seems possible but I hope not. I'm still awaiting their forum's response to my question on this issue.
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    UPDATE 2 hours later: One of SA+'s developers (hendy is his user name) just replied to my PM at the SA+ forum. They are looking into the spam ASAP. I expect they *might* also deal with my recent question in their forum. I certainly hope so.
     
    Last edited: Oct 26, 2021
  24. GrDukeMalden

    GrDukeMalden Registered Member

    Joined:
    Jun 16, 2016
    Posts:
    487
    Location:
    VPN city
    It's actually not cloud based, it's locally installed and updated there on your device. Which is why sometimes the result from it in the untrusted file prompt will come up as "unknown" but APEX on virustotal will come up with the result of "malicious" or "clean" because the instance of APEX on VT is updated constantly. whereas the locally installed instances of APEX all around the world are only updated once a day.

    Every time a file gets submitted to the UAV that submission is also used to feed APEX some data.

    APEX is the only AI scanner that's installed on the user's device. So instead of waiting on a cloud lookup, the result can come up instantly with or without a good internet connection. If it's unknown, the whitelisting component allows the user to check on virustotal or any other online second-opinion scanning service before you allow it to run.

    And when you pair S.A.P. with a second whitelisting application like voodooshield, an infected file has to get past two whitelisting applications instead of just one.
     
  25. bellgamin

    bellgamin Registered Member

    Joined:
    Aug 1, 2002
    Posts:
    8,102
    Location:
    Hawaii
    Thank you for that correction @GrDukeMalden. I'm actually quite happy to learn that APEX is "standing guard" even when there is no internet connection.

    By the way, I have a new laptop on the way via USPS. It should be delivered in 5 or 6 days (I hope). It's set up with Windows 11 as its Operating System (OS). I'm curious to learn whether SA+ will run okay under that new OS.

    Has anyone here tried SA+ with Win11 yet?
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.