woodrowbone

Level 8
@ sap
I have a question/problem regarding APEX, I have been able to run only APEX active as both real-time and on demand without UA active with fantastic results.
Today I was testing to right click scan a folder containing malware and APEX did not even react, this feels like a bug as APEX almost always catches everything I throw at it.

Could this be a ”connection to your servers yet again” problem?
Or was APEX not supposed to work offline as well?
Running V 5.11 APEX 5.5

Another thing I would like to set up on the "wishlist" from you guys is a stand alone APEX app.
To use as a companion to whatever solution people use out there, I would promote all my costumers to buy it if this comes to life.

Happy New Year

/W
 

Arequire

Level 22
Content Creator
Verified
Or was APEX not supposed to work offline as well?
APEX lives in both the cloud and your SecureAPlus installation so it still works while you’re offline.
Without access to the big data sets stored in the cloud I'd assume APEX is less effective offline.

Another thing I would like to set up on the "wishlist" from you guys is a stand alone APEX app.
To use as a companion to whatever solution people use out there
You can use APEX by itself (or alongside a third-party antivirus) by turning off real-time scanning for the Universal AV and turning on Observation Mode for Application Whitelisting.
 

woodrowbone

Level 8
Without access to the big data sets stored in the cloud I'd assume APEX is less effective offline.


You can use APEX by itself (or alongside a third-party antivirus) by turning off real-time scanning for the Universal AV and turning on Observation Mode for Application Whitelisting.
Yes thx, this is how I run the app at the moment, alongside CFW CS settings.
The thing is that something happened to APEX it seems, it looks like it does not even scan the files in the folder I was talking about in the post above.

I just wish we could have APEX on its own, without all the rest, it would still be one of the best zeroday apps out there.

Before Christmas I compared it with WD (Win10), I had 134 fresh samples and WD left 118 and APEX 0!!! ( I know, it´s only one test)
(And WD is supposed to be good these Days, yea right!)
But that is no good if you cant trust the app to work as it should.
During the beta testing of APEX I saw it mature to a beast detecting malware, at that time I compared it to Avast free who got humiliated that time.

Right now it looks ok, no fault messages or anything, but the scan shows that something is not right.
But I guess sap can take a look at my logs to see if i messed something up...

/W
 
Last edited:

woodrowbone

Level 8
I found the problem, as I wanted to test the speed of detection (Real-time protection) I left this enabled during the unpacking of the malware.
APEX did react, I told it to delete and after that no more reactions from the app.
It seem there could be a problem when you unpack to many malwares at the same time?
I think sap can test this on his side to confirm, not that this is a likely scenario to get infected but nevertheless.

BTW! Of 184 files in these packs APEX did only miss 2 :) samples were from yesterday and today. The 2 missed are submitted.

/W
 
Reactions: Thirio

sap

From SecureAge
Developer
Verified
I found the problem, as I wanted to test the speed of detection (Real-time protection) I left this enabled during the unpacking of the malware.
APEX did react, I told it to delete and after that no more reactions from the app.
It seem there could be a problem when you unpack to many malwares at the same time?
I think sap can test this on his side to confirm, not that this is a likely scenario to get infected but nevertheless.

BTW! Of 184 files in these packs APEX did only miss 2 :) samples were from yesterday and today. The 2 missed are submitted.

/W
Did you tick on "Remember my answer throughout the session"?


If you did so, it will not prompting you any more (for the same session), and apply the same action (in this case, you've chosen to delete).
 
Reactions: harlan4096

woodrowbone

Level 8
Yes, this is what I did and I did choose delete.
But nothing happend to the malware in the folder. They were still there.
When I did delete all files in that folder and disable real-time, unpack all the malware again and did a scan, only 2 files did remain.
Did you try to unpack a batch of malicious files when you tried?
And if you could, please disable all components of Universial AV, if this could cause this behaviour on my side?

/W
 

sap

From SecureAge
Developer
Verified
Yes, this is what I did and I did choose delete.
But nothing happend to the malware in the folder. They were still there.
When I did delete all files in that folder and disable real-time, unpack all the malware again and did a scan, only 2 files did remain.
Did you try to unpack a batch of malicious files when you tried?
And if you could, please disable all components of Universial AV, if this could cause this behaviour on my side?

/W
Thank you very much for giving us more information.
We did unpack batch of malicious files, and all the detected files are deleted, but with Universal AV enabled.
We will check with the settings that you suggested.
 

sap

From SecureAge
Developer
Verified
Thank you very much for giving us more information.
We did unpack batch of malicious files, and all the detected files are deleted, but with Universal AV enabled.
We will check with the settings that you suggested.
I have tried to disable all components of Universal AV, and it works fine. You can check "C:\ProgramData\SecureAge Technology\SecureAge\log\AntiVirus.log" and "C:\ProgramData\SecureAge Technology\SecureAge\log\SecureAPlus.log". The virus detection should be recorded in AntiVirus.log. If there is any error on the deletion, you may found it at the SecureAPlus.log file.
 
Reactions: woodrowbone

woodrowbone

Level 8
I have tried to disable all components of Universal AV, and it works fine. You can check "C:\ProgramData\SecureAge Technology\SecureAge\log\AntiVirus.log" and "C:\ProgramData\SecureAge Technology\SecureAge\log\SecureAPlus.log". The virus detection should be recorded in AntiVirus.log. If there is any error on the deletion, you may found it at the SecureAPlus.log file.
From what I can see in the logs it says it did delete the files, but that did not happen.
I manually deleted them, maybe the files were corrupted while unpacking them?

I did the same test 2 days later with the same packs and this time the real-time shield deleted them as it should be.
I will write this off as corrupted files while unpacking for now, if it occurs again I will report back.

BTW! Those logfiles are very big, is it ok to delete hem from time to time, does the app create new ones?

/W
 

sap

From SecureAge
Developer
Verified
From what I can see in the logs it says it did delete the files, but that did not happen.
I manually deleted them, maybe the files were corrupted while unpacking them?
Do you have other antivirus or security product running?
Sometimes those software may be holding the file, so that the deletion can't be performed.
For those cases, usually SecureAPlus will try to delete the files after reboot.

I did the same test 2 days later with the same packs and this time the real-time shield deleted them as it should be.
I will write this off as corrupted files while unpacking for now, if it occurs again I will report back.
Next time if it happened again, you may try to reboot the machine, and check whether the files are still there.
You may report to us again if you still encounter an issue.

BTW! Those logfiles are very big, is it ok to delete hem from time to time, does the app create new ones?
Yes, you can safely removes those files, it will create new ones. There is actually an auto archive mechanism. When the file is larger than 100 MB, it will be automatically compressed, and put into the following folder: "C:\ProgramData\SecureAge Technology\SecureAge\log\Archives"
If you need more space, it is also safe to remove all the files in that folder. If you just leave them, it should be fine too. It has a mechanism to auto delete old archived files. Anyway, those archive files should be relatively small, because they are all compressed files.
 

woodrowbone

Level 8
I run SAP beside Comodo FW, that is why I run APEX only, to lift out the trash from CFW:s sandbox.
While on the subject, if you like me only run APEX, why must all the 9 processes of SAP be left running?

/W
 

sap

From SecureAge
Developer
Verified
I run SAP beside Comodo FW, that is why I run APEX only, to lift out the trash from CFW:s sandbox.
While on the subject, if you like me only run APEX, why must all the 9 processes of SAP be left running?

/W
Thank you very much for giving us more information. We will test with Comodo FW.
Now we also have a better understanding on why you want to run APEX only.

Currently we don't have APEX version only. Some of the processes are related to our Application Whitelisting and Universal AV, and some are shared processes. If in the future we provide APEX installation only, the number of processes running could be shrink down.
 

Andrew999

Level 21
Verified
Thank you very much for giving us more information. We will test with Comodo FW.
Now we also have a better understanding on why you want to run APEX only.

Currently we don't have APEX version only. Some of the processes are related to our Application Whitelisting and Universal AV, and some are shared processes. If in the future we provide APEX installation only, the number of processes running could be shrink down.
I would love a version with Universal AV + APEX. I do not like Application Whitelisting that much. So it would be nice to just have AI and signature-based detection.
 
Reactions: harlan4096

Similar Threads

Similar Threads

Latest Posts

Latest Threads