Author Topic: Password Protection Leaves Lots of Things Unlocked on the UI  (Read 472 times)

Offline GrDukeMalden

  • Newbie
  • *
  • Posts: 19
  • Kudos +1/-0
Password Protection Leaves Lots of Things Unlocked on the UI
« on: February 10, 2020, 07:56:46 AM »
So I'm a paid pro user. I wanted to ask the devs to make sure ALL buttons on the UI are totally locked down by the password protection. Clicking around on the UI while typing this up.

I'm able to open and restore things from the quarantine without entering the password for my settings.

I'm able to switch out of silent mode from the tray icon without entering the password to my settings.

I'm able to start a full system scan and tell it to ignore things without entering my settings password.

I'm able to remove things from the ignored list from the quarantine and history without ever needing to enter my settings password.

I'm able to make SAP leave silent mode by starting a full system scan without entering my settings password.

But if I click on the part of the UI that tells me when the last full system scan happened that will start a full system scan without making SAP leave silent mode....Still able to tell it to ignore things from there though with no password input.

I'm able to open and freely use all functions under the "Info & licenses" menus without having to enter in my settings password.

I'm able to uninstall SAP without ever needing to enter in my password. I'm also able to use Process explorer with admin rights to terminate many of SAP's processes (all except just one)

Devs! Please make the password protection on the settings lock these things down. I have a kid that sometimes uses my computer and I don't want them to be able to fiddle with those functions.
« Last Edit: February 10, 2020, 08:03:13 AM by GrDukeMalden »
VPN(Paid)|
VoodooSheild(Paid)|
SecureAPlus(Paid,Pro)|
Sandboxie Plus, by Xanasoft|
HitManPro.ALERT!(Paid)|
I fiddle with whitelisting software.

Offline hendy

  • SecureAPlus Developer
  • Sr. Member
  • *****
  • Posts: 332
  • Kudos +16/-0
Re: Password Protection Leaves Lots of Things Unlocked on the UI
« Reply #1 on: February 11, 2020, 11:38:18 AM »
Thank you very much for your feedback. We will enhance the password protection.

Offline GrDukeMalden

  • Newbie
  • *
  • Posts: 19
  • Kudos +1/-0
Re: Password Protection Leaves Lots of Things Unlocked on the UI
« Reply #2 on: March 05, 2020, 12:26:56 PM »
Thank you very much for your feedback. We will enhance the password protection.

As of the latest version, you have made the password protection perfect.

Now you just need to work on the process termination protection. I'm still able to terminate all except just one of SAP's processes with process explorer having admin rights. Like I said, a kid sometimes comes to my house and I don't want them to be able to mess with that stuff. My windows UAC is password protected, but still, you shouldn't be able to terminate SAP's processes so easily.
VPN(Paid)|
VoodooSheild(Paid)|
SecureAPlus(Paid,Pro)|
Sandboxie Plus, by Xanasoft|
HitManPro.ALERT!(Paid)|
I fiddle with whitelisting software.

Offline hendy

  • SecureAPlus Developer
  • Sr. Member
  • *****
  • Posts: 332
  • Kudos +16/-0
Re: Password Protection Leaves Lots of Things Unlocked on the UI
« Reply #3 on: March 05, 2020, 02:15:56 PM »
The critical SAP process is protected. For example, you can't easily terminate saappsvc.exe.
The core engine of SAP is not visible in Task Manager, and it is designed to be not stop-able.
This means that even you terminate all the processes in Task Manager, SAP still will block all the untrusted files.
You may no longer see any notification, as the GUI might be killed, but SAP is still protecting the PC, as the engine is designed to be separated from the UI.

Offline GrDukeMalden

  • Newbie
  • *
  • Posts: 19
  • Kudos +1/-0
Re: Password Protection Leaves Lots of Things Unlocked on the UI
« Reply #4 on: March 06, 2020, 01:28:37 PM »
That first part. I noticed that in my own testing. That one process can't be terminated with anything that a normal user would ever be able to figure out.

Perhaps the default setting for SAP should be silent mode. Or maybe on first install you could give the user a prompt that would encourage the user to leave SAP in silent mode. Maybe with some arrows to slide the visuals back and forth with a couple of pages. one page could be talking about "automatic actions" and some stuff about what that means. then the next page could highlight that it keeps young children from unknowingly allowing something bad followed by some information about how the whitelisting component's "untrusted file" prompt works.

You get the idea. But it would still be better to protect ALL SAP processes the same way the whitelisting component's process is.
VPN(Paid)|
VoodooSheild(Paid)|
SecureAPlus(Paid,Pro)|
Sandboxie Plus, by Xanasoft|
HitManPro.ALERT!(Paid)|
I fiddle with whitelisting software.