SecureAPlus Freemium

Discussion in 'other anti-virus software' started by sinlam, Jul 24, 2013.

  1. treehouse786

    treehouse786 Registered Member

    Joined:
    Jun 6, 2010
    Posts:
    1,411
    Location:
    Lancashire
    i used around 5 different versions including the latest one and all of them crashed.

    it only crashed when i was interacting with an OS or if i was installing a new OS, the crash was not instant.
     
  2. KelvinW4

    KelvinW4 Registered Member

    Joined:
    Oct 11, 2011
    Posts:
    1,199
    Location:
    Los Angeles, California
    I had a similar problem with Vmware Workstation once, but I refreshed my computer. When I was using the VM, the computer became slow because both the VM was using disk and the whitelist service was also heavily using the disk using 80mb/sec (I had already whitelisted the entire disk).
     
  3. webbit

    webbit Registered Member

    Joined:
    Nov 2, 2008
    Posts:
    223
    Hi

    just installed along side webroot seems to be going ok,
     
  4. taleblou

    taleblou Registered Member

    Joined:
    Jan 9, 2010
    Posts:
    1,349
    so you mean if you have any files in the pc, it will be automaticaly whitelisted by secureaplus?

    I had them on the pc but if what you said was true then seureaplus would not warned me on all of them when I ran them. BUT IT DID WARN ME ON SOME OF THEM. So that would make your assumption FALSE.

    Infact secureaplus warned me on around 80 to 90% of them when I ran their exe to install and only a couple incl. the police ransomware did not give any warning upon trying to run them.
     
  5. sinlam

    sinlam Registered Member

    Joined:
    Jan 2, 2008
    Posts:
    569
    Hi Jryder54,

    Based on the dmp file that you have provided, it seems that the crash was not due to SecureAPlus. But to be sure, is it possible to zip and send the MEMORY.DMP located at C:\Windows\ to secureaplus@secureage.com?

    Thanks.

    Cheer,
    sinlam
     
  6. sinlam

    sinlam Registered Member

    Joined:
    Jan 2, 2008
    Posts:
    569
    Hi treehouse786, thanks for the info :thumb: We will definitely look into this but may need to spend more time for further testing and diagnosing. We really want to make sure there is no compatibility issues. So the result will not be out so soon... Sorry for any inconveniences caused.

    Cheers,
    sinlam
     
  7. jnthn

    jnthn Registered Member

    Joined:
    Sep 22, 2010
    Posts:
    185
    Yes, this is how SecureAPlus does its whitelisting. After initial installation, SAP scans all executables on the drive/s and adds them to the whitelist. For instance, when I first tried SAP, it added certificates for Panda and Avast! to the whitelist even though I didn't have them installed but the installer files are sitting on a different partition and tagged the installers as Trusted Installer.

    Just guessing here but the prompts from SAP you got were probably asking you if the executables you launched should be treated as an installer because of spawning of new executables. As for the ransomware exes, SAP already tagged them as Trusted Installer during initial whitelisting so you did not get any prompts (other malware in folder were tagged as Trusted Application hence the prompts when they created new exes).

    So in essence, SecureAPlus assumes that you have a clean environment to begin with. Any malware resident on the OS drive or other partitions would be whitelisted along with legitimate software.

    Perhaps it could be tweaked with later releases to only whitelist executables in Program Files, Program Files x86 and Windows folders. Hope we hear from sinlam about this.
     
  8. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    5,285
    Just noticed this thread a little earlier today, from another post here.

    P.S. From a quick look at the website, I found two download links, one for the AV version and also, the non AV version. Out of the the two, I will probably go for the non-AV version.

    P.P.S. I have a lot of reading, 20 pages for this thread.
     
  9. kupo

    kupo Registered Member

    Joined:
    Jan 25, 2011
    Posts:
    1,121
    Hello, I installed SecureAPlus with AV in one of my computer, and noticed that clamd.exe is using 228 MB. Is this normal?
     

    Attached Files:

  10. sinlam

    sinlam Registered Member

    Joined:
    Jan 2, 2008
    Posts:
    569
    Hi jnthn, thank you for explaining SecureAPlus so well :thumb: It shows that you have a good understanding of how it works :thumb: :thumb: :thumb: :)

    Regarding your suggestion in last paragraph, it may not be a good idea to whitelist executables found in Program Files, Program Files x86 and Windows folders. Different users have different behaviours and some may choose to store the program files in another path / folder. To ensure a more robust protection, it is still better to whitelist all the files on the pc.

    Cheers,
    sinlam
     
  11. sinlam

    sinlam Registered Member

    Joined:
    Jan 2, 2008
    Posts:
    569
    Hi Tarnak, welcome to SecureAPlus forum. Hope you enjoy reading through the 20 pages ;) I can understand why you have chosen the non-av version and our next revamped version of SecureAPlus hopefully will change your thought ;)

    Cheers,
    sinlam
     
  12. sinlam

    sinlam Registered Member

    Joined:
    Jan 2, 2008
    Posts:
    569
    Hi kupo, yes. Unfortunately, this is something really beyond our control since it is a third party av engine...

    Cheers,
    sinlam
     
  13. kupo

    kupo Registered Member

    Joined:
    Jan 25, 2011
    Posts:
    1,121
    Thanks for the info, still waiting for the beta. :D
     
  14. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    5,285
    Thank you, for the welcome. :thumb:

    Quick question, I am a hold-out still running XP Pro. Does your application run as a service?
     
  15. sinlam

    sinlam Registered Member

    Joined:
    Jan 2, 2008
    Posts:
    569
    Hi KelvinW4, thanks for pointing this out. We will look into this and see how we can improve the performance :)

    Cheers,
    sinlam
     
  16. sinlam

    sinlam Registered Member

    Joined:
    Jan 2, 2008
    Posts:
    569
    Hi Tarnak,

    SecureAPlus supports Windows XP SP2 and above. But if you are using SP2, you need to make sure all the Windows program are up-to-date.

    Besides running as a service, it also runs as a driver.

    Hope this answers your query ;)

    Cheers,
    sinlam
     
  17. sinlam

    sinlam Registered Member

    Joined:
    Jan 2, 2008
    Posts:
    569
    Hi taleblou, thank you for sharing the 11 malware samples with us :)

    Out of these 11 samples, only one sample, 'adobe_flash.exe' is found to be infected with ransomware based on the scanning result of VirusTotal. Good news is SecureAPlus is able to block it even in the midst of the initial whitelisting process.

    malware_1.png

    SecureAPlus is also able to block all the remaining malware samples except for one file, lhttsiti.exe which is signed by Microsoft and the root CA is VeriSign. We suspect that this file may not be infected. To be sure, we have tested this specific file with multiple antivirus and application whitelisting product. So far, none of them detected it as malware.

    This is the harsh of the file:

    malware_5.jpg


    1. Virus Total: All AntiVirus detected it as clean.

    malware_2.jpg

    2. Bit9

    malware_3.jpg

    3. Comodo Instant Malware Analysis

    malware_4.jpg

    4. MalwareBytes Anti Malware: No malicious items detected. Please refer to the log below.
    ------------------------------------------------
    Malwarebytes Anti-Malware (Trial) 1.75.0.1300
    www.malwarebytes.org

    Database version: v2013.10.30.07

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 6.0.2900.5512
    test :: PC-TEST [administrator]

    Protection: Disabled

    10/31/2013 9:37:39 AM
    mbam-log-2013-10-31 (09-37-39).txt

    Scan type: Custom scan (C:\temp\lhttsiti.exe|)
    Scan options enabled: File System | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: Memory | Startup | Registry | Heuristics/Extra | P2P
    Objects scanned: 1
    Time elapsed:

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)
    -------------------------------

    Cheers,
    sinlam
     
  18. taleblou

    taleblou Registered Member

    Joined:
    Jan 9, 2010
    Posts:
    1,349
    hmmo_O I do not know why on my test it did not block it fast enough to stop the ransomeware from launching and taking over the VM. ANyway that file that was clean, is the one that is in Russian or some foreign language? It might be a PUA and not a infected object. SO it might got there because it is a possibly unwanted application (PUA).

    But it is good to see it blocks now. Also virustotal is not always trustworthy as in the past I have seen bad infected samples that were not detected by any avs in virustotal, but screwed the pc. Maybe because it was too new.

    I would wait a week and retest the sample with virustotal and if still safe then it must have been a falsely flagged malware.

    Later I will retest secureaplus with a new fresh set of malwares and will try to take screenshots of the test if possible. Since I am using a linux as a host and am getting to know it, might take me a while to get the hang of it.
     
  19. taleblou

    taleblou Registered Member

    Joined:
    Jan 9, 2010
    Posts:
    1,349
    Also as you can see from your VT screenshot that 18 people flagged it as bad although VT says its clean. SO this must be a PUA or PUP and shady program.
     
  20. sinlam

    sinlam Registered Member

    Joined:
    Jan 2, 2008
    Posts:
    569
    Hi taleblou,

    So for the best bet, we have not only scanned it with virustotal but also other security products as seen in my earlier post.

    Happy to know that you will be testing again with fresh set of malwares. Please share them with me if you can ;)

    Cheers,
    sinlam
     
  21. taleblou

    taleblou Registered Member

    Joined:
    Jan 9, 2010
    Posts:
    1,349
    One thing I learned over the years is that you should not trust all signed or valid looking apps as they can be faked. An example was the comodo sign validation a few years ago where its validation method has been compromised.

    So secureaplus having the option of allowing or white-listing a app with valid digital sign and signed in the white-list option is not safe.

    Secureaplus should pop up and ask for a signed app to be white-listed or not and block un-signed or bad apps by default.

    Also it should not assume a pc is clean when it at first trys to run its first white-listing process. It should have a great AVs or to send the files to the cloud or online scanners to be determine if the processes are safe and then whitelist them at the beginning.

    Many security programs do that. They run an initial malware scan and then install and secureaplus should do this via a good AV.
     
  22. sinlam

    sinlam Registered Member

    Joined:
    Jan 2, 2008
    Posts:
    569
    That is why we are coming up with the next revamped version ;)
     
  23. sinlam

    sinlam Registered Member

    Joined:
    Jan 2, 2008
    Posts:
    569
    Btw, for your third paragraph, SecureAPlus is already doing that ;) SecureAPlus also does not rely on just the digital signature of the file.
     
    Last edited: Oct 31, 2013
  24. taleblou

    taleblou Registered Member

    Joined:
    Jan 9, 2010
    Posts:
    1,349
    Oh ok, then pre virus scanning and immediate default denying should be used to strengthen it.
     
  25. jnthn

    jnthn Registered Member

    Joined:
    Sep 22, 2010
    Posts:
    185
    Would it be too much to ask taleblou to re-do his tests on SecureAPlus, but only this time let SAP do its initial whitelisting on a clean VM setup and after the whitelisting, add the malware files unto the VM and execute the files? And if time permits, can test with both interactive and lockdown mode?

    This should clear up issues regarding SAP and its efficacy. :thumb:
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.