By default Universal AV doesn't cover non-PE files. You can use the manual scanner (right click scan) to scan non-PE files, provided if you allow it to upload any type of files. (How to Do File & Folder/ On-Demand Scanning – SecureAPlus Support Pages)Ok, i just found this test here, conducted by @harlan4096
SecureAPlus (APEX + WhiteListing + UniversalAV Disabled) - September 2019 Report Due to the small number of samples used in this tests, you should take results with a grain of salt. We encourage you to compare these results with others and take informed decisions on what security products to...malwaretips.com
So, APEX works only with PE files. Does the Universal AV cover non PE files? The whitelist apparently does.
Yes, you can use APEX command line scanner as a standalone program.
SecureAPlus can block autorun file, especially if the file is not signed. If you want to have more strict configuration, you can turn off the trust by digital signature (How can I manage my Application Whitelisting mode using digital signature? – SecureAPlus Support Pages). This option (turn off trust by digital signature) is only available in Essentials and Pro version.WinPatrol Plus can't stop even the simplest malware. But it's a general purpose notifier about registry startup and services. Its purpose goes beyond malware. For example, you install a new software and it runs a gazillion of services? You don't need to search on your own in the task manager, Scotty will notify you immediately. Also, even if you trust something in say Secureaplus, but it does something unexpected (like a service or startup), Scotty is again useful, because it may put a suspicion that what you let install, wasn't exactly doing what you thought it would...
OSArmor, i like it for the fact alone that blocks USB stick autorun.inf. While SecureAplus, if i understood correctly, can only allow or block read/write, but doesn't affect autoplay. For the most part they overlap about the rest options in OSArmor, but quite frankly i didn't care to compare closely and since they run well together, i don't really care.
Thank you very much for the good feedback.@ sap
Maybe this has been covered before, but here goes:
I am trying the latest version in a VM today ,and I did throw about 100 fresh malware at it, not a normal scenario for a security app I know...
But, why do you not let APEX go to work before the Universal AV?
Like it is now you have to upload many of the files (that APEX already detects) to the UAV, and this seems to be a waste of resources on your backbone, as it very well could be detected locally by APEX in the first place?
And users would not have to complain about how long it takes to upload and check the files in question.
I still miss that there is no button for false positives during the alerts from SAP.
For false positive, you can click on "Ignore Permanently". Currently this only works locally, as it is not automatically submit the file as false positive to our server yet.
Anytime you see !ml at the end you should be cautious. Windows Defender's machine learning is quite aggressive (all independent tests highlight the high number of false positives) and it might frequently see threat, where it does not exist. Another mistake Microsoft has done here is Alert Level: Severe. PUAs can't be considered high risks, even less when detected by machine learning algorithm. They should really fix their engine.
In the case of SecureAPlus, the fault is on the vendor side. It takes a few hours to whitelist the application executables via developer submissions on the MS website. I do this with all my executables (even beta versions).Anytime you see !ml at the end you should be cautious. Windows Defender's machine learning is quite aggressive (all independent tests highlight the high number of false positives) and it might frequently see threat, where it does not exist. Another mistake Microsoft has done here is Alert Level: Severe. PUAs can't be considered high risks, even less when detected by machine learning algorithm. They should really fix their engine.