KaptainBug

New Member
what happened to the results from Universal AV scan at 4:22 ? Did you remove those threats ?
SecureAPlus core component is Application whitelisting. You have placed the malware files on your desktop when initial whitelisting was being performed. So all malware files are whitelisted. Only malwares which has got signatures in universal av are caught and the remaining ones are allowed because they are whitelisted. You should have whitelisted the PC and then transferred the malwares to the desktop. Then any unknown file will be blocked by secureaplus.
 
M

MalwareT

what happened to the results from Universal AV scan at 4:22 ? Did you remove those threats ?
SecureAPlus core component is Application whitelisting. You have placed the malware files on your desktop when initial whitelisting was being performed. So all malware files are whitelisted. Only malwares which has got signatures in universal av are caught and the remaining ones are allowed because they are whitelisted. You should have whitelisted the PC and then transferred the malwares to the desktop. Then any unknown file will be blocked by secureaplus.
Yes, all threats were removed.
 

sinlam

New Member
Hi Malware Test, I am sinlam, one of the SecureAPlus developers. Thank you for your great effort in testing SecureAPlus. We have viewed the wonderful video that you have created but with some concerns, especially for the crash that you had experienced. It also made us realize the importance of making the users truly understand and know how to use SecureAPlus.

From the video, we would like to explain certain portions of the video to help users to understand SecureAPlus better.

1. It seems like you have trusted the unzip software, HaoZip as a trusted installer.
haozip.png

By trusting it as an installer, whatever executables it created will be trusted automatically too. As a result, the files don't get real-time scanning prompt because they are trusted. Although it is not covered by real-time scanning, they are detected by Universal AV as infected as seen in your video. This is one of the benefits of Universal AV. If a user has accidentally trusted a file that is infected with virus/malware, it will be detected by Universal AV.

virusalert.png


2. In the video, it also showed that you have deleted all the malware detected by Universal AV and randomly run the "trusted" malware. Why did I call it "trusted" malware because it is extracted using a trusted installer, Haozip.

3. The video also showed that you try to run BNcgb.exe but try to terminate the process by "force" and it crashed.

forceterminate.png


crash.png

This is the part that we are concerned. It is not clear whether the crash comes from SecureAPlus or perhaps the malware have caused the crash. It will be a great help if you can send the dump file to secureaplus@secureage.com for further investigation. If the crash is caused by SecureAPlus, we will definitely fix it.

If you have anymore concerns or questions or discovered any bugs, please feel free to post it either at http://malwaretips.com/threads/secureaplus-freemium.17236/page-5#post-214577 or https://secureaplusforum.secureage.com/index.php or email to secureaplus@secureage.com.


To all the users:
To prevent this similar incident from happening, we strongly advise users to add any high risk program to the "Restricted Application" list. Applications that are added to this list are allowed to run on the computer but whatever programs or executables that it created or brought in will not be automatically trusted and allowed to run on the computer as there is a chance that it may bring in harmful programs. Let's say if Haozip is added to the list of restricted applications, those files that it unzipped will not be automatically trusted and allowed to run.

restrictedapp.png


But even if you have trusted the application accidentally, as I had mentioned earlier, you don't have to worry as it will be detected by Universal AV. If you have anymore concerns or questions, please feel free to raise them and we will try our very best to help you as much as possible.

Best regards,
sinlam
 

sinlam

New Member
Here's another pointer to add. After you have added HaoZip to "Restricted Applications", you have to manually set it to "Trusted Applications" by pointing at the HaoZip exe file, do a right mouse click, click on "Trust Level" and then click on "Trusted Application".
 
M

MalwareT

Here's another pointer to add. After you have added HaoZip to "Restricted Applications", you have to manually set it to "Trusted Applications" by pointing at the HaoZip exe file, do a right mouse click, click on "Trust Level" and then click on "Trusted Application".
Ok, thanks. Btw. Can you explain to me and others why are you mentioning "detected by e.g. Emsisoft,McAfee,Avira etc." BSOD was caused by malware. I usually terminate processes because i dont want that malware mess up my VM,unfortunately that malware screwed up my system and i had to reinstall it :( Anyways, program is great :)
 

sinlam

New Member
Ok, thanks. Btw. Can you explain to me and others why are you mentioning "detected by e.g. Emsisoft,McAfee,Avira etc." BSOD was caused by malware.
This is the scanning result of Universal AV, one of SecureAPlus' security features. Universal AV continuously scans all the program files (applications / executables) from the user's computer by 11 antivirus engines in the cloud. Although the scanning is continuous, it will not slow down the user's computer since the scanning is done at our Universal AV server and the 11 antivirus engines are sitting at the Universal AV server. Once virus is detected, SecureAPlus will notify the users with the consolidated scanning results. The scanning result will show the infected file name, the infected file's location and the list of antivirus engines that have detected it.

Here are the screenshots of the virus alerts that you may see:

1. After successful installation of SecureAPlus, full system scan will start. After full system scan is complete and virus is detected, the following alert appear.

fullsysscan_alert1.png


Click on "More details" and you will see this the details of the scanning result.

fullsysscan_alert2.png


2. The offline antivirus (ie ClamAV) provides real-time scanning of only document files (eg Microsoft documents) and new program files (applications / executables) on user's computer. If virus is detected, the following virus alert appears.

offlineav_realtime.png


3. The 11 antivirus engines at Universal AV server scan only program files (executables) from the user's computer. Besides providing continuous scanning in the background, it also provides real-time scanning as long as the user is connected to the Internet. Once virus is detected during the real-time scanning, the following alert appears:

uav_realtime.png


Hope this answers your question. Please feel free to ask if you need further clarification.
 

sinlam

New Member
With regards to your question at the comment section of your Youtube video:
"I saw your post on MalwareTips :) Anyways, i had to extract malware. BSOD was caused by malware not SecureAPlus. I have one complaint on program: It's for newbie complicated to use because of "Trusted or untrusted program". Program is great, but need small improvements."

Thank you for your feedback. We do understand the complexity of Application Whitelisting usage for a newbie or novice user. Based on the feedback and suggestions of the beta testers, we have come up with the "Lockdown Mode", which makes it easier for a newbie or novice user to appreciate the application whitelisting protection better.

Application whitelisting allows only applications that are found in the trusted list to run on a user's computer. If user runs any application that is not found in the trusted list, SecureAPlus will prompt the user whether to trust this application and allow it to run on the computer. Such message prompt will appear if SecureAPlus is in the "Interactive Mode".

interactive_mode.png


Currently this is the default mode. But this mode may be difficult for users to decide whether to trust or not to trust a program. If this is the case, we strongly recommend users to change it to "Lockdown Mode". In "Lockdown Mode", any application that attempts to run on the computer will be blocked automatically. It will notify the user which application has been blocked but it does not require users to decide to trust or not to trust. But if user needs to install a new application, they need to set the installer as a trusted installer first before installation, otherwise, the installer will be blocked from executing.

To change to "Lockdown Mode", you need to do the following:

1. Click on "Change Mode".
change_mode.png


2. Select "Lockdown Mode". Click "Apply".
lockdown_mode.png


Now, you can see SecureAPlus is set to "Lockdown Mode".

lockdown_mode1.png
 
M

MalwareT

With regards to your question at the comment section of your Youtube video:
"I saw your post on MalwareTips :) Anyways, i had to extract malware. BSOD was caused by malware not SecureAPlus. I have one complaint on program: It's for newbie complicated to use because of "Trusted or untrusted program". Program is great, but need small improvements."

Thank you for your feedback. We do understand the complexity of Application Whitelisting usage for a newbie or novice user. Based on the feedback and suggestions of the beta testers, we have come up with the "Lockdown Mode", which makes it easier for a newbie or novice user to appreciate the application whitelisting protection better.

Application whitelisting allows only applications that are found in the trusted list to run on a user's computer. If user runs any application that is not found in the trusted list, SecureAPlus will prompt the user whether to trust this application and allow it to run on the computer. Such message prompt will appear if SecureAPlus is in the "Interactive Mode".

View attachment 16663

Currently this is the default mode. But this mode may be difficult for users to decide whether to trust or not to trust a program. If this is the case, we strongly recommend users to change it to "Lockdown Mode". In "Lockdown Mode", any application that attempts to run on the computer will be blocked automatically. It will notify the user which application has been blocked but it does not require users to decide to trust or not to trust. But if user needs to install a new application, they need to set the installer as a trusted installer first before installation, otherwise, the installer will be blocked from executing.

To change to "Lockdown Mode", you need to do the following:

1. Click on "Change Mode".
View attachment 16667

2. Select "Lockdown Mode". Click "Apply".
View attachment 16668

Now, you can see SecureAPlus is set to "Lockdown Mode".

View attachment 16669
Ok, i'll do a re-test with lockdown mode :)
 
Top