blueblackwow65

Level 19
Verified
Hi i am trying out SAp plus and see that when detecting files only the apex av will show up in the 11 entries even though 3-4 others have detected the malware also .This was not just only one file but 8-10 files ,apex showed up in all but the other av's of the 11 should have detected ,I know this because i tested with virustotal online and the results were more than apex .Something is wrong somewhere .Thks
 

Arequire

Level 26
Verified
Content Creator
Last edited:

sepik

Level 10
SecureAplus v6.2.1 released

Here are the detail for the changes:

Bugs fixed:
- Typo: instalutil.exe. Changed "InstalUtil.exe" to "InstallUtil.exe"

Modifications:
- Give more space for the file name in Real-time scanning dialog
- Update EULA

What's new:
- When untrusted file is running during boot-up, added into whitelist.log and Blocked.log:
"### Untrusted file is running during boot-up, filename:"
- Untrust the file that is detected by real-time scanning
- Added command line rule:
reg add
reg import
- Do not show “Shopping Cart” button for enterprise customers
 

Mops21

Level 29
Verified
Trusted
Content Creator
Hi all

SecureAPlus 6.3.0 is out now

Bugs fixed:
- Avira and "Vulnerability Assessment" were not uninstalled cleanly
- SAP without UAV with Avira still shows UAV results in UAV bar when online
- SecureAPlus was not registered as AntiVirus
- Real-time antivirus scan prompt does not appear for Word doc virus, if only detected by UAV.
- AWL dialog too tall
- The log for Blocked command line does not have length and hash for the command line that the action other than "Always Block"
- Tray icon only changes when changing App Whitelisting mode from tray icon menu
- Simplified and traditional Chinese: "Interactive" text on main UI is different from the text in tray icon menu
- Error code: 87 for Request for whitelist approval and My Approved Whitelist
- In certain situation EverythingServer keeps consuming memory.

Modifications:
- Change minimum sending log interval from 1 minute to 15 minutes
- Change log formatting, so that it will be easier for parsing at the server.
- Reduce whitelist.log during initial whitelist.
- When real-time scanning is off, UAV real-time scanning will be shown as off too.

What's new:
- Send software inventory information to server
- Added reg.exe into restricted application list
- Vulnerability Assessment supports software that only installed for current user.
- Auto Mode
New installation: default mode is auto mode
Upgrade: the settings will not be changed. If previous mode is interactive mode, it will remain as interactive
Auto mode will make a decision based on "Digital Signature", APEX, UAV.
There are some situations where there is not enough information for Auto Mode to make a decision.
In this case, user will still see prompting.
- Updated German translation for Vulnerability Assessment.
- Added into the trusted certificate list: "Zoom Video Communication Inc", "Deluxe Pixel Limited"
- Check Linux permission attributes. If it doesn't have executable permission (x), do not need to block the file if it is untrusted.




With best Regards
Mops21
 

woodrowbone

Level 10
Verified
@ sap
Still no button to report FP:s upon detection? Both whitelist and APEX detection's.
If you want , try to install Slimjet browser, or run Patchmypc or Qbittorrent as examples that always generate a FP detection.

/W
 

silversurfer

Level 66
Verified
Trusted
Content Creator
Malware Hunter
@sap
Microsoft-Defender "MsMpEng.exe" (Antimalware Service Executable) is flagged as malicious by SecureAge APEX

wd.png
 

Mops21

Level 29
Verified
Trusted
Content Creator

l0rdraiden

Level 2
How do you disable clamAV local AV in the new version? or this doesn't exists anymore?

What is the impact of disabling automatic full system scan? performance because the whitelist won't be complete?
 
Last edited:

l0rdraiden

Level 2
If I disable real time scanning in AV settigns, is this to disable APEX? Will unversarl AV still work on "real time"?

Why some detections of the universal AV are automatically ignored without notice? and others are preseted as a threat when both has only be detected by 1 of the engines? what is the criteria to decide if it is a threat or it is ignored?
 

l0rdraiden

Level 2
I have notice that I can keep APEX enable and disable the universal AV on real time but no the other way around.
It's a pitty because it would be interesting to run Univesal AV alone together with Other AV's.

How heavy is a APEX engine?
 

sap

From SecureAge
Verified
Developer
How do you disable clamAV local AV in the new version? or this doesn't exists anymore?

What is the impact of disabling automatic full system scan? performance because the whitelist won't be complete?
ClamAV is no longer included in the new version.
If you are upgraded from the older version, and you don't want ClamAV, you can uninstall it.
1599395021171.png


Disabling Full System scan will not have any impact on the whitelisting. Disabling Full system scan only means that you are disabling the periodic full system scan in the cloud.
 

sap

From SecureAge
Verified
Developer
If I disable real time scanning in AV settigns, is this to disable APEX? Will unversarl AV still work on "real time"?

Why some detections of the universal AV are automatically ignored without notice? and others are preseted as a threat when both has only be detected by 1 of the engines? what is the criteria to decide if it is a threat or it is ignored?
When disabling rea-time scanning from scan settings, not only APEX will be disabled, the Universal AV real-time scanning will be automatically disabled too.

For the ignored detection, are you referring to the full system scan? For full system scan, if the threat is only detected by 1 engine, it will not be ticked, but the result will still be shown in the full system scan result.
 

Mops21

Level 29
Verified
Trusted
Content Creator
Hi all

SecureAPlus 6.4.0 is out now

Bugs fixed:
- Added msedge.exe into restricted application
- Typo: "Vulnerabilty", changed to: "Vulnerability"
- App Settings->Application Whitelisting->Advanced Settings
In "Script tab", it shows "Instalutil.exe".
This is a typo, and has been changed to "installutil.exe"
- Memory leak in saappsvc.exe when communicating with the server.
- Crash in sascansvc.exe
- BSOD when whitelist file is huge

Modifications:
- Updated German translation
- Skip real-time scanning for the files that are in the exclusion list
- Delete SecureAPlus shortcut at the desktop during uninstallation.
- Change description text for SecureAPlus Mode.
- For Enterprise Edition, the default mode will be Interactive Mode.

What's new:
- Added Reaqta in the trusted certificate list
- Added: MpCmdRun.exe, ntrscan.exe, cyveraservice.exe into the restricted application list




With best Regards
Mops21
 

woodrowbone

Level 10
Verified
Now I actually kinda wish there was free "Lite" version that's just antivirus and APEX module. No HIPS nonsense and other stuff that's just so clunky. Hell, I'd even go with APEX by itself if it was possible.
Yea, same here,
APEX as a companion to whatever AV, would be a awesome reinforcement.
I already proposed this to sap a while back, but the more of us asking for it, maybe it will become true....

/W