No, it was in the program files folder. sorry, it's not required the main program to be 'keep' installed.
SecureAPlus Freemium - Updates
- Thread starter sinlam
- Start date
No, it was in the program files folder. sorry, it's not required the main program to be 'keep' installed.
- Sep 26, 2014
- 189
By default Universal AV doesn't cover non-PE files. You can use the manual scanner (right click scan) to scan non-PE files, provided if you allow it to upload any type of files. (How to Do File & Folder/ On-Demand Scanning – SecureAPlus Support Pages)Ok, i just found this test here, conducted by @harlan4096
Malware Hub Report - SecureAPlus (APEX + WhiteListing) - September 2019 Report
SecureAPlus (APEX + WhiteListing + UniversalAV Disabled) - September 2019 Report Due to the small number of samples used in this tests, you should take results with a grain of salt. We encourage you to compare these results with others and take informed decisions on what security products to...malwaretips.com
So, APEX works only with PE files. Does the Universal AV cover non PE files? The whitelist apparently does.
- Sep 26, 2014
- 189
Yes, you can use APEX command line scanner as a standalone program.
- Sep 26, 2014
- 189
SecureAPlus can block autorun file, especially if the file is not signed. If you want to have more strict configuration, you can turn off the trust by digital signature (How can I manage my Application Whitelisting mode using digital signature? – SecureAPlus Support Pages). This option (turn off trust by digital signature) is only available in Essentials and Pro version.
- Dec 24, 2011
- 480
@ sap
Maybe this has been covered before, but here goes:
I am trying the latest version in a VM today ,and I did throw about 100 fresh malware at it, not a normal scenario for a security app I know...
But, why do you not let APEX go to work before the Universal AV?
Like it is now you have to upload many of the files (that APEX already detects) to the UAV, and this seems to be a waste of resources on your backbone, as it very well could be detected locally by APEX in the first place?
And users would not have to complain about how long it takes to upload and check the files in question.
I still miss that there is no button for false positives during the alerts from SAP.
/W
Maybe this has been covered before, but here goes:
I am trying the latest version in a VM today ,and I did throw about 100 fresh malware at it, not a normal scenario for a security app I know...
But, why do you not let APEX go to work before the Universal AV?
Like it is now you have to upload many of the files (that APEX already detects) to the UAV, and this seems to be a waste of resources on your backbone, as it very well could be detected locally by APEX in the first place?
And users would not have to complain about how long it takes to upload and check the files in question.
I still miss that there is no button for false positives during the alerts from SAP.
/W
- Sep 26, 2014
- 189
Thank you very much for the good feedback.
I believe you were doing manual scanning (https://support.secureaplus.com/how-to-do-file-folder-scanning/), and you get the impression that Universal AV works before APEX. The reason for this is because we want to combine the result first, and show all the combined result together at one shot. Some people would like to see how many engines detected the same file as virus, before they make a decision on what to do to the file.
There is a possibility to show APEX result first, and append the Universal AV result later. We will consider this for the GUI improvement in the future.
For false positive, you can click on "Ignore Permanently". Currently this only works locally, as it is not automatically submit the file as false positive to our server yet.
- Dec 24, 2011
- 480
Great! In regards to the "Ignore Permanently", could there be an option to submit all files when you choose this option?
/W
- Sep 26, 2014
- 189
For files uploading, SecureAPlus will do according to the permission given in the following settings:
- Dec 24, 2011
- 480
Ok, just so I get this right.
If I have the setting you pointed out above, all files (both malware and fp:s) that get a block will be uploaded and checked?
/W
If I have the setting you pointed out above, all files (both malware and fp:s) that get a block will be uploaded and checked?
/W
- Sep 26, 2014
- 189
Currently only malware, but in the future we will extend this to cover both malware and fp.
- Dec 24, 2011
- 480
This will be a welcome addition
I believe this will help fine tune APEX to near perfection./W
I was surprised by the quality of this software and registered here specially to leave feedback.
The whole concept is just flawless.
User experience however might be a bit tweaked.
Malicious files can be auto-deleted or quarantined. You can let the user configure the default action (delete, quarantine, ask) and which engines should be prioritised.
For example if Avira, Sophos, McAfee and Apex are selected as engines with priority, when any of them detects a threat, action will be auto-applied. That will reduce the number of alerts and users will be a lot more satisfied.
For an untrusted files you can just display a message saying "We don't know anything about the file so we are running some checks. We'll display the results shortly" and then display Apex and Universal AV results combined together in one table with certificate information BELOW, as it's far less important in the decision making.
I've attached guidelines which you can see.
Your current notification is not really friendly and it looks like you are targeting only advanced users. That's not really good profit-wise is it?
I'm sure as a business you operate for profit. Regardless of the fact that Endpoint Security is your main cash float generator.
I know that SecureAPlus is designed to complement another AV, but with your existing Hitman-Pro-Like technology, it's not too hard to convert it to a powerfull first-line defense.
You should also consider adding malicious URL blocker.
You've done good job with performance too, unlike Sophoses Hitman Pro. Keep innovating.
The whole concept is just flawless.
User experience however might be a bit tweaked.
Malicious files can be auto-deleted or quarantined. You can let the user configure the default action (delete, quarantine, ask) and which engines should be prioritised.
For example if Avira, Sophos, McAfee and Apex are selected as engines with priority, when any of them detects a threat, action will be auto-applied. That will reduce the number of alerts and users will be a lot more satisfied.
For an untrusted files you can just display a message saying "We don't know anything about the file so we are running some checks. We'll display the results shortly" and then display Apex and Universal AV results combined together in one table with certificate information BELOW, as it's far less important in the decision making.
I've attached guidelines which you can see.
Your current notification is not really friendly and it looks like you are targeting only advanced users. That's not really good profit-wise is it?
I'm sure as a business you operate for profit
. Regardless of the fact that Endpoint Security is your main cash float generator.I know that SecureAPlus is designed to complement another AV, but with your existing Hitman-Pro-Like technology, it's not too hard to convert it to a powerfull first-line defense.
You should also consider adding malicious URL blocker.
You've done good job with performance too, unlike Sophoses Hitman Pro. Keep innovating.
Attachments
- Aug 21, 2018
- 505
New SecureAplus version v6.1.0 released:
Changelog:
Starting from this version, we are no longer supporting Windows XP, Vista, Windows Server 2003, and Windows Server 2008.
Although it still works on XP 32-bit, we no longer test on the older platform.
The minimum required Operating System now is:
Workstation: Windows 7 Service Pack 1
Server: Windows Server 2008 R2
Here are the detail of the changes.
Bugs fixed:
- Announcement was not using the new SecureAPlus 2019 theme.
- Fixed Italian translation for "silent mode": "modalità silenziosa"
- c:\windows\system32\winspool.drv get blocked when it is updated.
- Timed out when querying for Approved Whitelist/Global Whitelist. This bug is started from SecureAPlus v6.0.3
- System stuck during certain Windows Update.
Modifications:
- Announcement will open external link using external browser.
- New applications are only signed using SHA256 hash. Previously it was dual signed using SHA1 and SHA256.
- Automatically trust Windows Update files for non-trusted users.
- Non-trusted users are able to request for an approval, if they are running an untrusted .msi file.
Due to the changes in v6.0.0, non-trusted users were not able to request for whitelist approval for .msi file.
- Hide some advanced settings from non-trusted users.
- Improve password protection coverage:
- Prompt for password before opening SecureAPlus main console.
- Prompt for password if user intended to uninstall SecureAplus
What's new:
- SecureAPlus can no longer be installed on XP 64-bit, Vista, Windows Server 2003, and Windows Server 2008.
- Support signed .ps1 script
- Added psexec.exe into restricted application list.
- Set custom message for request for whitelist approval.
- ClamAV v0.102.2
Changelog:
Starting from this version, we are no longer supporting Windows XP, Vista, Windows Server 2003, and Windows Server 2008.
Although it still works on XP 32-bit, we no longer test on the older platform.
The minimum required Operating System now is:
Workstation: Windows 7 Service Pack 1
Server: Windows Server 2008 R2
Here are the detail of the changes.
Bugs fixed:
- Announcement was not using the new SecureAPlus 2019 theme.
- Fixed Italian translation for "silent mode": "modalità silenziosa"
- c:\windows\system32\winspool.drv get blocked when it is updated.
- Timed out when querying for Approved Whitelist/Global Whitelist. This bug is started from SecureAPlus v6.0.3
- System stuck during certain Windows Update.
Modifications:
- Announcement will open external link using external browser.
- New applications are only signed using SHA256 hash. Previously it was dual signed using SHA1 and SHA256.
- Automatically trust Windows Update files for non-trusted users.
- Non-trusted users are able to request for an approval, if they are running an untrusted .msi file.
Due to the changes in v6.0.0, non-trusted users were not able to request for whitelist approval for .msi file.
- Hide some advanced settings from non-trusted users.
- Improve password protection coverage:
- Prompt for password before opening SecureAPlus main console.
- Prompt for password if user intended to uninstall SecureAplus
What's new:
- SecureAPlus can no longer be installed on XP 64-bit, Vista, Windows Server 2003, and Windows Server 2008.
- Support signed .ps1 script
- Added psexec.exe into restricted application list.
- Set custom message for request for whitelist approval.
- ClamAV v0.102.2
Hello, I just installed SecureAPlus yesterday to run alongside Windows Defender. After I unregistered the program to use it alongside the WD, WD wanted to remove this service due to PUA. Is it safe to whitelist this?
- Apr 28, 2015
- 8,910
Anytime you see !ml at the end you should be cautious. Windows Defender's machine learning is quite aggressive (all independent tests highlight the high number of false positives) and it might frequently see threat, where it does not exist. Another mistake Microsoft has done here is Alert Level: Severe. PUAs can't be considered high risks, even less when detected by machine learning algorithm. They should really fix their engine.
- Apr 28, 2015
- 8,910
- Dec 23, 2014
- 8,511
In the case of SecureAPlus, the fault is on the vendor side. It takes a few hours to whitelist the application executables via developer submissions on the MS website. I do this with all my executables (even beta versions).
Oh wow... they are quite fast.
I just reinstalled the program, since even when the file is restored, the Whitelist service cannot run. I will keep it registered as the Antivirus. By the way, I set configure defender to high prior to unregistering the program. Is it safe to keep it that way or should I set configure defender to default for now.
Similar threads
