Author Topic: How to upgrade Essentials to Pro?  (Read 26747 times)

Offline bellgamin

  • Newbie
  • *
  • Posts: 31
  • Kudos +1/-0
How to upgrade Essentials to Pro?
« on: June 03, 2020, 10:44:40 AM »
I just noted that Pro version offers protection against memory injection whereas the Essentials version does not. I am now running Essentials.

Q-1: Does the Pro version *prevent* injections that do NOT rely on exploits, or does it primarily *detect* memory injections that ARE based on exploits, & alert the user? (Either way is okay because of what is stated in Q2 below.)

Q-2: As I understand it, malware injected into RAM cannot survive a restart. Correct?? IF so, can ALL damage done by an injection be eliminated if a user simply reboots immediately after Pro version alerts that an injection has occurred?  OR would it be safer to (a) do a shut-down after Pro version alerts to a memory injection, and then (b) do a complete image restore? (NOTE: I image every 2 days & retain images 2 months.)

Q-3: I have just over 10 months left on my Essentials subscription. Is it possible to pay the cost difference of upgrading my Essentials version to the Pro version? OR will I have to buy the Pro version and let the remainder of my Essentials subscription go to waste?

« Last Edit: June 03, 2020, 10:51:24 AM by bellgamin »

Offline hendy

  • SecureAPlus Developer
  • Sr. Member
  • *****
  • Posts: 351
  • Kudos +16/-0
Re: How to upgrade Essentials to Pro?
« Reply #1 on: June 03, 2020, 01:48:46 PM »
Q1. The memory injection is regardless whether it relies on exploit or not, but there is no alert to user. It will simply block.
      Process protector is targeted for certain processes. This can be defined in: C:\Program Files\SecureAge\Whitelist\Process Protector.exe
      The sample use case of this is when it is combined with our encryption product (SecureData).
      If you are interested to know further, you can download the demo presentation:
      https://secureaplus.secureage.com/download/ProcessProtector.zip

Q2. Correct. Malware that injected to the RAM cannot survive after restart.
      Can the damage done by an injection be eliminated if a user simply reboot?
      It is pretty much depends on the timing, whether the attacker has achieved the mission or not before the reboot.
     
Q3. Under my licenses page, the last column allow you to renew/upgrade (upgrade for this case) - the remaining subscription will be prorated.

Offline bellgamin

  • Newbie
  • *
  • Posts: 31
  • Kudos +1/-0
Re: How to upgrade Essentials to Pro?
« Reply #2 on: June 03, 2020, 05:00:38 PM »
@ Hendys -- Thank you VERY much for the fast, informative reply!!

Quote
Q3. Under my licenses page, the last column allow you to renew/upgrade (upgrade for this case) - the remaining subscription will be prorated.
DONE! I am now running the Pro version.  Your upgrade process is the best I have ever encountered.

Quote
Q1. The memory injection is regardless whether it relies on exploit or not, but there is no alert to user. It will simply block.
I FERVENTLY request that SAP be modified so that the user WILL be alerted when a memory injection is blocked -- I would like to run a file integrity checker after such a blockage, just in case.

Quote
Process protector is targeted for certain processes. This can be defined in: C:\Program Files\SecureAge\Whitelist\Process Protector.exe
This is excellent, user-expandable process protection. I assume that it does NOT extend to blocking any & all memory injection methods that are designed to misuse capabilities of the Windows OS itself, without relying on exploits or Windows vulnerabilities. Am I correct in this assumption?

Quote
If you are interested to know further, you can download the demo presentation:
      https://secureaplus.secureage.com/download/ProcessProtector.zip
I have downloaded this for further study. Thanks for the link.

Aloha from Hawaii. Stay healthy, Hendys -- live long and prosper. (^_^)

Offline hendy

  • SecureAPlus Developer
  • Sr. Member
  • *****
  • Posts: 351
  • Kudos +16/-0
Re: How to upgrade Essentials to Pro?
« Reply #3 on: June 04, 2020, 09:07:12 AM »
Thank you very much for your support.

Quote
Q1. The memory injection is regardless whether it relies on exploit or not, but there is no alert to user. It will simply block.
I FERVENTLY request that SAP be modified so that the user WILL be alerted when a memory injection is blocked -- I would like to run a file integrity checker after such a blockage, just in case.
Thank you very much for your feedback.
There is some technical difficulty to notify this to the end users. We will see whether we can improve this.

Quote
Process protector is targeted for certain processes. This can be defined in: C:\Program Files\SecureAge\Whitelist\Process Protector.exe
This is excellent, user-expandable process protection. I assume that it does NOT extend to blocking any & all memory injection methods that are designed to misuse capabilities of the Windows OS itself, without relying on exploits or Windows vulnerabilities. Am I correct in this assumption?
You are right. It is not possible to cover all memory injection methods, which sometimes may be caused by exploits or Windows vulnerabilities. For exploits or vulnerabilities, the best way to cover this, is by updating the software.

Cheers. Stay safe and healthy too, Bellgamin.