SecureAPlus Freemium

Discussion in 'other anti-virus software' started by sinlam, Jul 24, 2013.

  1. GrDukeMalden

    GrDukeMalden Registered Member

    Joined:
    Jun 16, 2016
    Posts:
    214
    Location:
    VPN city
    I've seen it block DLL's before. I don't know about (dot)SYS files though. Maybe someone from SecureAge can answer that question.

    I would be shocked if SAP had literally nothing to protect against a malicious driver being installed. From what I understand, something like a DLL or an SYS needs to be injected by something else for it to be able to do anything.

    So if your script and command line protection is good and your protection against malicious EXE's is good, like it is with SAP, then I don't know if there's anything to worry about.

    Although, I think you also need the whitelisting application to consider the parent processes of things too for that to work properly. And as far as I'm aware, SAP does monitor parent processes of things.
     
  2. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    6,771
    Location:
    Hawaii
    REGARDING SAP's GUI>AppSettings>Application Whitelising>Advanced Settings>Restricted Applications

    In SAP website's Knowledge Base, I could find no information about using this Restricted Applications panel.

    I notice that the list of Restricted Applications is NOT activated by default when SAP is installed.

    QUESTIONS: Should I check all boxes for the entire list? Add to the list? Or.......?
     
  3. GrDukeMalden

    GrDukeMalden Registered Member

    Joined:
    Jun 16, 2016
    Posts:
    214
    Location:
    VPN city
    They have checkboxes like that in case you'd ever want to delete a whole bunch of them at once.
     
  4. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    6,771
    Location:
    Hawaii
    Thanks. Interesting info but it doesn't answer my questions in Post #2127. Ergo, I shall post these questions at the SAP Forum.
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    EDIT: My post at SAP Forum was quickly answered, in detail. The reply is HERE.
     
    Last edited: Jan 13, 2020
  5. GrDukeMalden

    GrDukeMalden Registered Member

    Joined:
    Jun 16, 2016
    Posts:
    214
    Location:
    VPN city
    Oh. Any files created by everything on the restricted apps list will never be automatically trusted by the whitelisting mechanism. I added all of the EXE's of my daily used applications to that list. You probably WON'T want to add the exe's of other security software though. Even if it's just a scanner.
     
  6. hendy

    hendy Registered Member

    Joined:
    Sep 15, 2014
    Posts:
    261
    It monitors all files that has PE header (https://en.wikipedia.org/wiki/Portable_Executable), including drivers (.sys), .dll, ocx, .exe, .scr, etc.
     
  7. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    6,771
    Location:
    Hawaii
  8. GrDukeMalden

    GrDukeMalden Registered Member

    Joined:
    Jun 16, 2016
    Posts:
    214
    Location:
    VPN city
  9. GrDukeMalden

    GrDukeMalden Registered Member

    Joined:
    Jun 16, 2016
    Posts:
    214
    Location:
    VPN city
    https://youtu.be/eWaMmlom8k8
    More proof that just a digital signature is not enough to determine the safety of a file.

    This guy applies the same standards to every test he does. Even if he doesn't like whitelisting software and most of his arguments against using it are B.S. he's honest when he tests antivirus products.

    The point is, he and his guest in the video go into detail about how a vulnerability was discovered in windows that would allow a bad actor to spoof a digital signature to make it look like a real one.

    A digital signature DOES NOT mean that the file is safe. It just means that whoever made it and put it out there had digital signing software.

    I've referenced this before, but a long time ago, verisign got hacked and as a result there was LOTS of malware floating around that had valid digital signatures from verisign. And then there was the bad rabbit ransomware, which had a digital signature from symantec and was disguised as an update for adobe flash.

    SecureAge. This is my plea to you. For the sake of your users. Whitelist things based on SHA256 hashes. The default needs to be so that SAP will only allow a file if there's an exact match of the signature, the MD5 and the SHA256 all at the same time for all users.

    You can lock the realtime scanning and the sensitivity of APEX behind a paywall. And you can force your free users to always upload unknown files as well, but the whitelisting component needs to identify based on all three of those things.
     
  10. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    6,771
    Location:
    Hawaii
    This youtube video had some useful information, but it was presented in a largely monotone, faceless, sleep-inducing manner.

    The paid version of SAP already fingerprints signatures with Secure Hash Algorithm - 256 bit (SHA256). I think the Duke's comments apply to SAP's free version ONLY. I don't find it surprising that SAP's paid version has a few more features than the free version. Otherwise, why would anyone buy the paid version?

    I tried the free version & liked it, so I recently bought the Essential version of SAP -- right now it's just $19.99 USD/PC/year!
     
  11. GrDukeMalden

    GrDukeMalden Registered Member

    Joined:
    Jun 16, 2016
    Posts:
    214
    Location:
    VPN city
    Actually, I'm pretty sure SAP whitelists based on MD5 hashes. and I'm already a paid user of the pro version.
     
  12. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    6,771
    Location:
    Hawaii
    Two honest questions (I'm NOT trying to start a debate, Duke. I respect your posts a lot.):

    (Q1) On what basis are you pretty sure?

    (Q2) Have you asked them, on their forum, to identify which hash they use? (I'm curious as to whether or not they would even answer such a question, thus revealing info about one aspect of SAP's inner workings.)
     
  13. GrDukeMalden

    GrDukeMalden Registered Member

    Joined:
    Jun 16, 2016
    Posts:
    214
    Location:
    VPN city
    I remember emailing back and forth with their support team back during the early days of the freemium viral security program.

    They told me they use MD5's
     
  14. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    6,771
    Location:
    Hawaii
    I have posted this matter on SAP's forum at HERE.
     
  15. hendy

    hendy Registered Member

    Joined:
    Sep 15, 2014
    Posts:
    261
    Our support team probably misunderstood the question, or they may have given an example of hash, such as MD5.
    We apologize for the miscommunication. SecureAPlus is based on SHA256 hash.
     
  16. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    6,771
    Location:
    Hawaii
    I suggest that all users of SAP read hendy's more detailed explanation of this vital matter. It is located over THERE.

    @hendy -- Many thanks for providing this helpful information!!!
     
  17. hendy

    hendy Registered Member

    Joined:
    Sep 15, 2014
    Posts:
    261
    You are welcome, bellgamin :thumb:
     
  18. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    6,771
    Location:
    Hawaii
    Because of THIS report by AV-Test, I have posted a request on SAP's forum for them to tell us how long SAP will continue to support Windows 7. For the sake of the Win7 hold-outs, let's stay on top of this question.
     
    Last edited: Jan 28, 2020
  19. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    6,771
    Location:
    Hawaii
    SAP has provided a detailed reply as to whether or not they will continue to support Win7. If you are a Win7 user, you should definitely read their comments and caveats. Basically, their answer is *Good News* because SAP will support Win7 Support Pack 1 indefinitely, BUT it's best for you to read their entire comment -- it is very instructive.
     
    Last edited: Jan 29, 2020
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.