sap

From SecureAge
Verified
Developer
Ok, i just found this test here, conducted by @harlan4096

So, APEX works only with PE files. Does the Universal AV cover non PE files? The whitelist apparently does.
By default Universal AV doesn't cover non-PE files. You can use the manual scanner (right click scan) to scan non-PE files, provided if you allow it to upload any type of files. (How to Do File & Folder/ On-Demand Scanning – SecureAPlus Support Pages)
 

sap

From SecureAge
Verified
Developer
WinPatrol Plus can't stop even the simplest malware. But it's a general purpose notifier about registry startup and services. Its purpose goes beyond malware. For example, you install a new software and it runs a gazillion of services? You don't need to search on your own in the task manager, Scotty will notify you immediately. Also, even if you trust something in say Secureaplus, but it does something unexpected (like a service or startup), Scotty is again useful, because it may put a suspicion that what you let install, wasn't exactly doing what you thought it would...

OSArmor, i like it for the fact alone that blocks USB stick autorun.inf. While SecureAplus, if i understood correctly, can only allow or block read/write, but doesn't affect autoplay. For the most part they overlap about the rest options in OSArmor, but quite frankly i didn't care to compare closely and since they run well together, i don't really care.
SecureAPlus can block autorun file, especially if the file is not signed. If you want to have more strict configuration, you can turn off the trust by digital signature (How can I manage my Application Whitelisting mode using digital signature? – SecureAPlus Support Pages). This option (turn off trust by digital signature) is only available in Essentials and Pro version.
 

woodrowbone

Level 10
Verified
@ sap
Maybe this has been covered before, but here goes:
I am trying the latest version in a VM today ,and I did throw about 100 fresh malware at it, not a normal scenario for a security app I know...
But, why do you not let APEX go to work before the Universal AV?
Like it is now you have to upload many of the files (that APEX already detects) to the UAV, and this seems to be a waste of resources on your backbone, as it very well could be detected locally by APEX in the first place?
And users would not have to complain about how long it takes to upload and check the files in question.
I still miss that there is no button for false positives during the alerts from SAP.

/W
 

sap

From SecureAge
Verified
Developer
@ sap
Maybe this has been covered before, but here goes:
I am trying the latest version in a VM today ,and I did throw about 100 fresh malware at it, not a normal scenario for a security app I know...
But, why do you not let APEX go to work before the Universal AV?
Like it is now you have to upload many of the files (that APEX already detects) to the UAV, and this seems to be a waste of resources on your backbone, as it very well could be detected locally by APEX in the first place?
And users would not have to complain about how long it takes to upload and check the files in question.
I still miss that there is no button for false positives during the alerts from SAP.

/W
Thank you very much for the good feedback.
I believe you were doing manual scanning (https://support.secureaplus.com/how-to-do-file-folder-scanning/), and you get the impression that Universal AV works before APEX. The reason for this is because we want to combine the result first, and show all the combined result together at one shot. Some people would like to see how many engines detected the same file as virus, before they make a decision on what to do to the file.
There is a possibility to show APEX result first, and append the Universal AV result later. We will consider this for the GUI improvement in the future.

For false positive, you can click on "Ignore Permanently". Currently this only works locally, as it is not automatically submit the file as false positive to our server yet.
 
B

BVLon

I was surprised by the quality of this software and registered here specially to leave feedback.
The whole concept is just flawless.

User experience however might be a bit tweaked.
Malicious files can be auto-deleted or quarantined. You can let the user configure the default action (delete, quarantine, ask) and which engines should be prioritised.
For example if Avira, Sophos, McAfee and Apex are selected as engines with priority, when any of them detects a threat, action will be auto-applied. That will reduce the number of alerts and users will be a lot more satisfied.

For an untrusted files you can just display a message saying "We don't know anything about the file so we are running some checks. We'll display the results shortly" and then display Apex and Universal AV results combined together in one table with certificate information BELOW, as it's far less important in the decision making.
I've attached guidelines which you can see.
Your current notification is not really friendly and it looks like you are targeting only advanced users. That's not really good profit-wise is it?
I'm sure as a business you operate for profit :). Regardless of the fact that Endpoint Security is your main cash float generator.

I know that SecureAPlus is designed to complement another AV, but with your existing Hitman-Pro-Like technology, it's not too hard to convert it to a powerfull first-line defense.

You should also consider adding malicious URL blocker.

You've done good job with performance too, unlike Sophoses Hitman Pro. Keep innovating.
 

Attachments

sepik

Level 8
New SecureAplus version v6.1.0 released:

Changelog:


Starting from this version, we are no longer supporting Windows XP, Vista, Windows Server 2003, and Windows Server 2008.
Although it still works on XP 32-bit, we no longer test on the older platform.

The minimum required Operating System now is:
Workstation: Windows 7 Service Pack 1
Server: Windows Server 2008 R2

Here are the detail of the changes.
Bugs fixed:
- Announcement was not using the new SecureAPlus 2019 theme.
- Fixed Italian translation for "silent mode": "modalità silenziosa"
- c:\windows\system32\winspool.drv get blocked when it is updated.
- Timed out when querying for Approved Whitelist/Global Whitelist. This bug is started from SecureAPlus v6.0.3
- System stuck during certain Windows Update.

Modifications:
- Announcement will open external link using external browser.
- New applications are only signed using SHA256 hash. Previously it was dual signed using SHA1 and SHA256.
- Automatically trust Windows Update files for non-trusted users.
- Non-trusted users are able to request for an approval, if they are running an untrusted .msi file.
Due to the changes in v6.0.0, non-trusted users were not able to request for whitelist approval for .msi file.
- Hide some advanced settings from non-trusted users.
- Improve password protection coverage:
- Prompt for password before opening SecureAPlus main console.
- Prompt for password if user intended to uninstall SecureAplus

What's new:
- SecureAPlus can no longer be installed on XP 64-bit, Vista, Windows Server 2003, and Windows Server 2008.
- Support signed .ps1 script
- Added psexec.exe into restricted application list.
- Set custom message for request for whitelist approval.
- ClamAV v0.102.2
 
B

BVLon

Hello, I just installed SecureAPlus yesterday to run alongside Windows Defender. After I unregistered the program to use it alongside the WD, WD wanted to remove this service due to PUA. Is it safe to whitelist this?
View attachment 235102
Anytime you see !ml at the end you should be cautious. Windows Defender's machine learning is quite aggressive (all independent tests highlight the high number of false positives) and it might frequently see threat, where it does not exist. Another mistake Microsoft has done here is Alert Level: Severe. PUAs can't be considered high risks, even less when detected by machine learning algorithm. They should really fix their engine.
 

Andy Ful

Level 62
Verified
Trusted
Content Creator
Anytime you see !ml at the end you should be cautious. Windows Defender's machine learning is quite aggressive (all independent tests highlight the high number of false positives) and it might frequently see threat, where it does not exist. Another mistake Microsoft has done here is Alert Level: Severe. PUAs can't be considered high risks, even less when detected by machine learning algorithm. They should really fix their engine.
In the case of SecureAPlus, the fault is on the vendor side. It takes a few hours to whitelist the application executables via developer submissions on the MS website. I do this with all my executables (even beta versions).
 

nefty1029

Level 1
I just reinstalled the program, since even when the file is restored, the Whitelist service cannot run. I will keep it registered as the Antivirus. By the way, I set configure defender to high prior to unregistering the program. Is it safe to keep it that way or should I set configure defender to default for now.
 
Top