Well i'm almost come to an agreement to what was flag could probably resulted from the 2nd opinion scanner (VirusTotal).@Sr. Normal When we are doing initial full system scan, we do not seek any 2nd opinion. The initial full system scan take times to complete was due to the size of your data. This process go thru all the files you have on your disk and put it in initial whitelist.
The 2nd opinion will be done when you run new files not in existing whitelist. By this you can be assured that you are running a non malicious file.
But as you have pointed out by doing a full initial system scan SAP does not seek any 2nd opinion. It makes me wonder as in my previous observation it was during the full initial scan that Baidu and Tencent ips was flag by my blacklist program. Could it be a blip at your product (services) end.
My last trial of SAP was perform over a month ago and i rarely have the time to test SAP again if you ask me. I'm seldom active on Malwaretips or any other forums which i used to frequent. Elsewhere i'm using Crystal Security which also uses VirusTotal but no where were these blacklisted ips ever shows up.
I did saved a note however, here's some of the ips which called out. For the info on the very first trial of SAP last year there are some random connections routed to an Australian datacentre.
Could you confirmed that these ips were the ones used in VirusTotal.
126.96.36.199 - Baidu cloud
188.8.131.52 - Tencent Shenzhen
184.108.40.206 - Tecent
220.127.116.11 - Tencent cloud Shenzhen
18.104.22.168 - m1net.com.sg (SecureAplus)
I'm not an expert but i don't trust any programs even they are digitally signed especially with Chinese (China) made programs that requires active internet connection. Several years back i was probably the first few that discovered a hidden trojan rootkit on two seperate (local ISP) Huawei mobile modem softwares embeded in one of the drivers. I confronted a few of my security concious friends and they was not suprised by what i found. About nearly a year later the US Government declares a ban on Huawei products (Government contracts) which posed as a National Security threat.
Another thing i wanted to point out many do not realised that some legitimate programs do contain some sort of spyware program hidden since they are digitally signed they often flag off as safe or they are allowed by the user themselves, they can be .sys, .dlls but seldom .exe.
If anyone do play video games, to prevent cheating some gaming company incorporates bots in their products. If you used cheat bots for example, if you do find chrome.exe in your games directory please delete them you don't want your online account blacklisted.
One important tip for our forum members always update your Internet Explorer even if you do not used it. (As for me i removed IE through the program console) There's a potential loophole that can be exploited. I've seen this happen on two occasion on my client's computers. Luckily for my client, Webroot's Firewall control and identity Shield was able to blocked the leaked.
Webroot does it silently but this can be seen down deep in the log of WRData folder. One thing i reluctant to used Webroot SA on my machine because of the identifiable user information they collected. Parts of the data can be found inside the registry.
Recently my cousin have his savings account wipe out. He accused his wife of stealing... to cut short the story the bank did confirmed it was an outsider job but won't go further to elobrate. This can happen to anyone just be careful and learns to be safe.
I don't up made story... most of them comes from my own experience.
Thanks, sorry the boring off topic...