SecureAPlus Freemium

Discussion in 'other anti-virus software' started by sinlam, Jul 24, 2013.

  1. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    7,351
    Location:
    Hawaii
    Hmm... It seems the crux of the problem mainly lies with WD's delayed response more so than with SA+'s fast action.

    ... @cruelsister is a highly-respected security professional in ALL aspects of malware prevention. I suggest you read some of her posts here at Wilders & MalwareTips -- HERE, for example.
     
  2. Mops21

    Mops21 Registered Member

    Joined:
    Oct 5, 2010
    Posts:
    2,375
    Location:
    Germany
    Hi all

    SecureAPlus 6.5.0 is out now

    With best Regards
    Mops21
     
  3. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    7,351
    Location:
    Hawaii
    SA+ automatically updated to 6.5.0 on my computer. Smooth update but fairly large. I removed SA+'s new entries to the trusted certificate list. I keep that list very very short because there is an increasing amount of malware with seemingly valid certificates.
     
  4. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,744
    Location:
    Canada
    Sign malware?:)
     
  5. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    7,351
    Location:
    Hawaii
    Digitally signed malware is not :). Instead it is :eek:. Check HITHER and THITHER and YON.
     
  6. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,744
    Location:
    Canada
    Thanks buddy
     
  7. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,744
    Location:
    Canada
    Thank you
     
  8. avman1995

    avman1995 Registered Member

    Joined:
    Sep 24, 2012
    Posts:
    944
    Location:
    india

    Attached Files:

    Last edited by a moderator: Jan 16, 2021
  9. imdb

    imdb Registered Member

    Joined:
    Nov 2, 2011
    Posts:
    3,158
    hmm, interesting. let's see how this one folds out. :ninja:
     
  10. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    7,351
    Location:
    Hawaii
    The screenshot that you posted, showing SA+'s alert about this exe, gave you the opportunity to select, "Trust" OR "Don't Trust." Evidently you selected "Trust" or else SA+ would have blocked this exe, right? So, it was YOU who by-passed SA+, wasn't it?

    The fact that the user of a security app is able to bypass his securty apps is a given. So your statement, "I was able to bypass secureaplus easily..." is correct. If you are seeking a security app that will always work in spite of user errors, I wish you Good Luck. :cautious::isay:
     
  11. GrDukeMalden

    GrDukeMalden Registered Member

    Joined:
    Jun 16, 2016
    Posts:
    387
    Location:
    VPN city
    Seems that way.

    And the button to not trust it was highlighted too. Meaning that not even automatic mode would've allowed it.

    I do wish though that automatic mode would automatically upload unknown files to the UAV before ever being auto-allowed, reguardless of digital signatures or a rating from APEX. I also think that APEX's way of reading out its ratings should be more like a percentage scale like all of the other M.L.A.I engines do.

    This is why I password lock the settings and leave it in silent mode whenever a friend, or a little one uses my PC. I do the same thing with voodooshield.
     
    Last edited: Jan 19, 2021
  12. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,744
    Location:
    Canada
    Password protection very important to protect from midification
     
  13. imdb

    imdb Registered Member

    Joined:
    Nov 2, 2011
    Posts:
    3,158
    for a brief moment i tried to figure out what "midification" could be and then it struck me. :D
     
  14. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,744
    Location:
    Canada
    I wanted to try it but I saw a video on youtube and it looks very hyper
     
  15. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    7,351
    Location:
    Hawaii
    If by "try it" you mean "try SecureAPlus" (SA+), I assure you that SA+ is not hyper. In fact, it is quite simple to use, plus it is a combination anti-exe, whitelist, antivirus -- a very powerful security triad.
     
  16. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,744
    Location:
    Canada
    Interesting
     
  17. GrDukeMalden

    GrDukeMalden Registered Member

    Joined:
    Jun 16, 2016
    Posts:
    387
    Location:
    VPN city
    It's pretty good. But nothing is infallible. See my signature.
     
  18. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,744
    Location:
    Canada
    Nice it looks good security set up
     
  19. GrDukeMalden

    GrDukeMalden Registered Member

    Joined:
    Jun 16, 2016
    Posts:
    387
    Location:
    VPN city
    If you're going to use Voodoo and SA+ together, there's a command line you need to allow SA+ to do. It's started by SA+'s instance of 7z dot exe and it opens conhost dot exe. Voodoo will block it and that will prevent SA+ from being able to update APEX and it will also prevent any full system scan results from coming back. SA+ packs up the new hashes and files into a 7z archive with a command line.

    TLDR: When you first install SA+ on a system with voodooshield, you'll need to allow SA+ to do a command line starting with the version of 7 Zip in SA+'s folder going to conhost.

    Then set SA+ to only allow by name and thumbprint. Password protect the settings and leave SA+ in silent mode. Voodoo also has the ability to lock its UI down to prevent someone from allowing something. Between those two, there's not much of anything that can get past that setup.

    Oh! You'll want to do some scans with some free tools to make sure your system is clean before installing SA+

    Emsisoft Emergency Kit: Update it. custom scan, Enable scanning for rootkits, the memory, malware traces, PUPs, archive files, email files and NTFS data streams add all of your harddrives to the items to be scanned, let the scan complete.

    HitmanPro: the free version will at least notify you if there's something to worry about so do a "default scan" with it.

    Malwarebytes free edition: Settings (the little cog wheel)>Security>scan options Enable all four of those options. update the database, do a scan with it. Just the regular scan that you can start from the front page of the UI
     
  20. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,744
    Location:
    Canada
    I heard good things about SA+
     
  21. avman1995

    avman1995 Registered Member

    Joined:
    Sep 24, 2012
    Posts:
    944
    Location:
    india
    Sorry to burst your bubble there buddy but ransomware was allowed to encrypt the files on the VM and SA came in later with that alert, files were encrypted at that point and then it doesn't matter whether i pick allow or block... so in theory this is a "bypass" and i can share the sample with you if you are that much in doubt.

    You blindly assumed that i chose to "allow" it on the system. I am not going to tell you otherwise that the product stopped it when it clearly didn't and unlike you i dont assume! So GoodLuck ! :shifty:
     
    Last edited: Jan 22, 2021
  22. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    7,351
    Location:
    Hawaii
    Your initial post did not contain that information. So --- PLEASE post your findings at the SecureA+ forum. That forum is sponsored by SA+ and is monitored by SA+ technical personnel. I'm sure they will be happy to analyze your sample and adjust SA+ to deal with it.

    Since you say that your VM's files were encrypted BEFORE SA+ popped an alert, that means that SA+'s executables were also encrypted BEFORE the alert was made. I hope you do provide that sample to SA+' s personnel. I am very curious to see how SA+'s encrypted executables were able to function and pop alerts while in an encrypted state. Or perhaps the malware was selective and avoided encrypting security apps while encrypting everything else. AMAZING!!! :rolleyes:
     
    Last edited: Jan 22, 2021
  23. avman1995

    avman1995 Registered Member

    Joined:
    Sep 24, 2012
    Posts:
    944
    Location:
    india
    Hidden Tear (written in .NET) is one of the ransomware families that does NOT encrypt executables (system files,exe etc). There are plenty that will go after every system extension but not this varient so yes pretty AMAZING :isay:
     
    Last edited: Jan 23, 2021
  24. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    7,351
    Location:
    Hawaii
    Interesting! This contest between malware & security apps is somewhat like a chess match.

    Have you found any AV or security app that DOES block Hidden Tear? ESET? WiseVector? Kaspersky? VoodooShield?

    Do you actually use SA+? If so, Pro or free? Do you recommend running an anti-ransomeware app alongside of SA+? If so, which?

    Did you post this issue on the SA+ forum, as I suggested?
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    By the way -- I image my system disk 3-4 times weekly to a separate drive, & retain images 2 months. Ergo, SA+ and Sphinx Firewall are all the real-time security I need.
     
    Last edited: Jan 23, 2021
  25. avman1995

    avman1995 Registered Member

    Joined:
    Sep 24, 2012
    Posts:
    944
    Location:
    india
    Of course there are other programs that will block it (it was well detected during the time of tests) but it can be vice versa as well ! Kaspersky and Voodoo do great but that's doesn't mean i haven't managed to get something past KAV's system watcher (ryuk and erica ransomware varients). I am on SA free and i have posted in their forums. Bitdefender free has impressed me as well and i would say it tends to do a better job than kaspersky free because of active virus control but again that's subjective given that i haven't tested it long enough.

    Voodoo shield is a great application indeed and does a fine job and blocking anything unknown or bad so it isn't exactly under the same spectrum. WiseVector StopX is nice too i just haven't found anything that actually gets past it and its one application that i am debating on installing on a real machine myself one day.

    I am not sure where i am with SA currently i was considering it as a alternative to using kasperky or BD free but i guess i need to give it a re-think and maybe the program could use some improvements as well (running it in interactive mode) or updates from the devs to make more tough to get through in automatic mode.

    Its a matter of statistic, anything can be bypassed but the question i ask is "how statistically effective is program X to program Y" and we go by that :)
     
    Last edited: Jan 23, 2021
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.