SecureAPlus Freemium

Discussion in 'other anti-virus software' started by sinlam, Jul 24, 2013.

  1. truestampede

    truestampede Registered Member

    Joined:
    Sep 2, 2015
    Posts:
    23
    Location:
    Singapore
    Hi,

    Thank you for all the information shared regarding this issue with SecureAPlus. We would like to investigate this issue further.

    Please share with us the ransomware sample file by zipping it with the password “infected” and send it via email to secureaplus@secureage.com.

    Your assistance is valuable in ensuring that SecureAPlus can protect its users.

    Regards,

    SecureAPlus Team
     
  2. avman1995

    avman1995 Registered Member

    Joined:
    Sep 24, 2012
    Posts:
    924
    Location:
    india
    Thankyou for your swift response! I have submitted the 2 samples via the service you mentioned. File name should be "Downloads.7z" with password "infected". I have also attached it to the orginal thread on the forums in case.
     
  3. Mops21

    Mops21 Registered Member

    Joined:
    Oct 5, 2010
    Posts:
    2,311
    Location:
    Germany
    Hi all

    SecureAPlus 6.5.1 is out now

    With best Regards
    Mops21
     
  4. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    7,320
    Location:
    Hawaii
  5. avman1995

    avman1995 Registered Member

    Joined:
    Sep 24, 2012
    Posts:
    924
    Location:
    india
    SecureAPlus APEX engine doesn't scan other file formats like JS/VBS ? It says "Format Not Supported" here.
     

    Attached Files:

  6. hendy

    hendy Registered Member

    Joined:
    Sep 15, 2014
    Posts:
    265
    Yes, you are right. Currently APEX doesn't support scripts, like JS/VBS.
     
  7. GrDukeMalden

    GrDukeMalden Registered Member

    Joined:
    Jun 16, 2016
    Posts:
    364
    Location:
    VPN city
    I noticed in my own testing that sometimes APEX's result will be "unknown" The user should have the option to submit any files unknown to APEX on the system, to APEX in the cloud. I've noticed that APEX on my system won't detect certain things that APEX on virus total will detect.

    Also...the databases of the engines in your cloud need to be updated once per hour. I've changed my thoughts about that. I once thought that once every 6 hours would be enough. But I'm starting to see the same engines on virustotal detecting things on virustotal that aren't being detected by the engines in the UAV cloud.

    One more thing! The inner workings of Avast and AVG have been identical since the first update after the makers of avast bought AVG. If one of them detects something, they both will detect it as the same thing.

    And several of the makers' engines on the mobile app don't offer a mobile version of their product. So a lot of those engines will never detect android-based malware. The only two that you have in the mobile app that detect android-based malware are sophos and avast, but I don't even know if the installation of avast that you have on the UAV includes the signatures for android malware.

    Those are some of the things I've observed while fiddling with your software.
     
  8. Esse

    Esse Registered Member

    Joined:
    May 26, 2011
    Posts:
    416
    The same goes for false positives, both from APEX and whitelisting alerts, a button to report on the alert popup window would be awesome.

    Esse
     
  9. GrDukeMalden

    GrDukeMalden Registered Member

    Joined:
    Jun 16, 2016
    Posts:
    364
    Location:
    VPN city
    I don't have too many false positives from APEX did you set yours to maximum by any chance? That would do it.

    And as for the whitelisting prompts, what did you expect? A lot of software isn't whitelisted by SecureAge yet. If there's software that isn't whitelisted yet and you're fairly certain that it's safe, you can email them with a link to where you got the software, a link to a virus total rating that was submitted more than a few days ago and MD5, SHA1 and SHA256 hashes of the setup file. Then they can look at it and determine if the publisher is actually trustworthy or not.

    In the meantime whenever a whitelisting prompt comes up and it's not known to the UAV yet, upload it to the UAV and also check it on virustotal. If it's not known to virus total or the UAV and has an invalid digital signature or if the digital signature section of the prompt comes up with an error, it's probably bad.

    If it's unknown to virustotal, upload it there and then do a re-scan of it a few hours later before allowing it through S.A.P. And be sure to do a re-scan of it even if it is known to virustotal.
     
  10. Esse

    Esse Registered Member

    Joined:
    May 26, 2011
    Posts:
    416
    APEX set on medium, of course you can send emails, upload to VT and what not, why do you think I want a report/submit button in the alert popup... ;)
     
  11. GrDukeMalden

    GrDukeMalden Registered Member

    Joined:
    Jun 16, 2016
    Posts:
    364
    Location:
    VPN city
    I wouldn't want a report button like that. you can just email them with the info and ratings. They're pretty quick to answer emails.
     
  12. GrDukeMalden

    GrDukeMalden Registered Member

    Joined:
    Jun 16, 2016
    Posts:
    364
    Location:
    VPN city
    The EXE for the "compact whitelist" command uses a lot of ram by the time it's done. While it's running on my system it can use anywhere between 3GB to nearly 7GB
     
  13. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    7,320
    Location:
    Hawaii
    Do you notice any significant benefits from compacting the whitelist? If so, please summarize what they are. (This is an honest question. I compacted the whitelist a while back. It took a good bit of time to finish & I couldn't tell what, if anything, it accomplished.)
     
  14. GrDukeMalden

    GrDukeMalden Registered Member

    Joined:
    Jun 16, 2016
    Posts:
    364
    Location:
    VPN city
    the compact whitelist command removes invalid entries from the whitelist. Meaning any listing in the locally stored whitelist of a file that doesn't exist on your system anymore..
     
  15. cheater87

    cheater87 Registered Member

    Joined:
    Apr 22, 2005
    Posts:
    3,228
    Location:
    Pennsylvania.
    Does this program only detect on execution? I tried downloading some malware to test and nothing happened except for when I did a manual scan.
     
  16. GrDukeMalden

    GrDukeMalden Registered Member

    Joined:
    Jun 16, 2016
    Posts:
    364
    Location:
    VPN city
    If you have the folder on the test system when you first install S.A.P. won't work right. It only keeps a clean machine clean.
    In my own testing I've noticed it will scan and detect every known piece of malware in any folder you have open right-click-scan or no.

    But if the cloud lookup time takes too long or if the locally installed APEX doesn't detect it right away, then yes, it's only on execution. Don't be worried about DLL injections, I've seen the application whitelisting stop those. I've also seen the application whitelisting stop python files (even before the script-stopper was programmed to deal with python scripts.)

    I've been using S.A.P. since around late 2012 to early 2013. or so. I don't know if they recognize my name whenever I email them about a problem I discover, but they're always quick to fix things that are broken. If you see a problem with the software, report it to their email support team and they WILL fix it. They have a track record of that.
     
  17. avman1995

    avman1995 Registered Member

    Joined:
    Sep 24, 2012
    Posts:
    924
    Location:
    india
    APEX is a great engine when it comes to detecting binaries. It catches lot or those earlier than other programs.

    But overall SecureAplus on its defaults is bypassable especially if the average user thinks the application is safe and APEX doesn't detect it or the file format is unsupported. Also the fact that once you allow the program SecureAplus will add the program to its trusted whitelist list. I honestly don't like that implementation. UAV cloud needs have more engines especially the ones from the top products.

    Its a program that i am on the fence with right now. Personally i find WSVX superior to APEX and SecureA as a whole in my tests. Also a product like kaspersky free is much more automated and feels much better than Secureaplus.
     
  18. GrDukeMalden

    GrDukeMalden Registered Member

    Joined:
    Jun 16, 2016
    Posts:
    364
    Location:
    VPN city
    What I highlighed there. Yes, the defaults suck. Switch the whitelisting setting to the "name and thumbprint" option and that's pretty much all you need to change on it.

    Whatever APEX and/or the UAV misses will be blocked by the application whitelisting so long as you have the name and thumbprint option selected. But if you have a guest user, you need to password protect S.A.P. and leave it in silent mode.

    Any novice user that would give S.A.P. a try would need to watch some demos on youtube or something. That would be a good thing to put on your youtube channel, SecureAge. And then embed that video on how to handle a S.A.P. alert on your website.

    A step by step guide on how to upload the unknown file to the cloud and also a step by step guide on checking virustotal and doing a re-scan on VT too.

    Arm your home-users with knowledge so they won't need to email you about anything related to just using the software.
     
  19. avman1995

    avman1995 Registered Member

    Joined:
    Sep 24, 2012
    Posts:
    924
    Location:
    india
    All that being said it would be nice to have a option to automate actions like automatically uploading stuff to UAV cloud. Automatically quarantining of threats.
     
  20. GrDukeMalden

    GrDukeMalden Registered Member

    Joined:
    Jun 16, 2016
    Posts:
    364
    Location:
    VPN city
    There's an option that's enabled by default to auto-upload samples to the UAV cloud, it probably gets analyzed by APEX whenever that happens.

    As for automatically blocking and quarantining things....
    Well first, you absolutely need to change this first setting if you haven't already. Go to the main UI> App Settings > Application Whitelisting > Basic settings. And then select "Name & Thumbprint in Trusted Certificate List" You will need to be using the paid version for that to be possible And make sure it's in "lockdown mode" and never "automatic mode"

    After that, close the UI and right-click the tray icon. Click on silent mode and that will solve a lot of your problems with auto-quarantining known threats. Anything detected by APEX or the engines in the UAV cloud will be auto-quarantined instantly.

    If you have a little one that uses the PC, you will definitely need to password protect S.A.P. after switching it into silent mode. This will prevent not only tampering, but uninstallation as well.

    If you're looking for something to pair it with. The free version of Avast with PUP detection and scanning for "tools" enabled on everything in addition to enabling "hardened mode" would make your system more or less uninfectable. You will need to disable the option in S.A.P. that makes it register with the security center though. Avast has a silent mode too. And you'll definitely need to password protect the settings and the UI of avast too.

    In terms of positive identification, Avast is the best. In terms of Prevention, S.A.P. and voodooshield are the best. But I digress from the topic of this thread. I hope what I said here was helpful.
     
  21. GrDukeMalden

    GrDukeMalden Registered Member

    Joined:
    Jun 16, 2016
    Posts:
    364
    Location:
    VPN city
    How's the development of the S.A.P. mobile been going? I was one of the early adopters of that too.
     
  22. avman1995

    avman1995 Registered Member

    Joined:
    Sep 24, 2012
    Posts:
    924
    Location:
    india
    Does silent mode still give you alerts when threats are detected and auto quarantined? I guess its more of a gaming mode thing where there are no alerts
     
  23. GrDukeMalden

    GrDukeMalden Registered Member

    Joined:
    Jun 16, 2016
    Posts:
    364
    Location:
    VPN city
    Silent mode gives no alerts at all. If a threat is detected it instantly quarantines it with no fuss.
    Just make sure that silent mode is also in lockdown mode. Automatic mode still needs some changes made to it and the way it is now I can't recommend using it to anyone.
     
  24. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    7,320
    Location:
    Hawaii
    SA+ updated to 6.5.2 on 5/5/2021
     
  25. Mops21

    Mops21 Registered Member

    Joined:
    Oct 5, 2010
    Posts:
    2,311
    Location:
    Germany
    Hi all

    SecureAPlus 6.5.2 is out now

    SecureAPlus 6.5.2 Release Notes – SecureAPlus Support Pages

    https://www.secureaplus.com/download/download-thank-you/

    With best Regards
    Mops21
     
    Last edited: May 8, 2021
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.