Author Topic: Take a look, please  (Read 40232 times)

Offline bellgamin

  • Newbie
  • *
  • Posts: 31
  • Kudos +1/-0
Take a look, please
« on: January 19, 2021, 03:42:51 AM »
There was a post at Wilders Security forum about a possible by-pass of SecureAPlus. I replied to it but I am not a security expert. Please take a look at it HERE.

Offline GrDukeMalden

  • Newbie
  • *
  • Posts: 33
  • Kudos +3/-1
Re: Take a look, please
« Reply #1 on: January 19, 2021, 05:57:08 AM »
I saw it replied to it too.

It's a smart-ass showing it successfully blocking a threat and then just saying that it doesn't work.

People were doing that with voodooshield's autopilot mode a few years ago. They rig the test with an unrealistic scenario and then they say it failed. But if they ran it with the recommended settings it wouldn't have missed anything.

What that person over on wilders did is they showed a prompt where SAP successfully blocked it and prompted the user about it, and then the "tester" allowed it.
VPN(Paid)
VoodooSheild(Paid)
SecureAPlus(Paid,Pro)
SandboxiePlus (By Xanasoft)
I fiddle with whitelisting software.

Offline Isky

  • SecureAPlus Helpdesk Engineer
  • Newbie
  • *
  • Posts: 7
  • Kudos +1/-0
  • ^_^
Re: Take a look, please
« Reply #2 on: January 19, 2021, 06:11:50 AM »
Just saw the post...thanks for letting us knw!

Kudos for your replies! ;D
^_^

Offline bellgamin

  • Newbie
  • *
  • Posts: 31
  • Kudos +1/-0
Re: Take a look, please
« Reply #3 on: January 22, 2021, 01:20:39 AM »
In THIS post at Wilders forum, that fellow is now claiming that files were encrypted BEFORE SecureA+ gave its alert. Please take a look at his post and respond to it. I posted a reply, but I am NOT a security expert so I might be far off-base.

Offline Clem

  • SecureAPlus Helpdesk Engineer
  • Jr. Member
  • *
  • Posts: 52
  • Kudos +0/-0
Re: Take a look, please
« Reply #4 on: January 25, 2021, 11:18:52 AM »
Thank you for your replies on the other forum, we will raise this up to our team regarding the concern, and seems like the person may have raised it to us here.

Offline Shreyas Murali

  • Newbie
  • *
  • Posts: 5
  • Kudos +0/-0
Re: Take a look, please
« Reply #5 on: January 26, 2021, 08:39:43 PM »
I saw it replied to it too.

It's a smart-ass showing it successfully blocking a threat and then just saying that it doesn't work.

What that person over on wilders did is they showed a prompt where SAP successfully blocked it and prompted the user about it, and then the "tester" allowed it.

Clearly your assumptions aren't true. It doesn't matter what i clicked in this scenario (i clicked block) my files were still encrypted. Blame the test bed to defend your favoured program does not help improve it instead will keep it stagnant.

Calling me a "smart ass" doesn't validate for the program's failure to protect the system given the sample was fairly well detected by other vendors. Why would i try to poison the test? I have nothing to gain from a bias tests.

Its due to approach like this from users like you people feel discouraged to report genuine issues. At the end of the day, if such problems are reported and fixed its only end users who will gain protection. So now tell me why are you trying to defend SecureAPlus knowing it could potentially become a determinant to your own protection? Are you guys that ignorant?
« Last Edit: January 26, 2021, 09:04:51 PM by Shreyas Murali »

Offline Isky

  • SecureAPlus Helpdesk Engineer
  • Newbie
  • *
  • Posts: 7
  • Kudos +1/-0
  • ^_^
Re: Take a look, please
« Reply #6 on: January 27, 2021, 02:10:33 PM »
Our Developer is currently looking into the matter here:

Thank you very much for sending us the sample files.

Just would like to clarify with you.
Are these the same files as what you have posted in Wilders Security forum?


e6b870ff40dd7f8e26c9e71577d06f4a4d002654740fc414477499ebbcb8cb1a is a shortcut file (.lnk), and this file is not covered by APEX, but Application whitelisting is still able to block it.


ea11409054942608f0547aabd0840a4575d117dcafca4e27666cc9857667fbb0 is an exe file. This file is also get blocked by SecureAPlus.


From your picture in Wilders Security, the file that managed to run is hidden-tear.exe.
Is this a different file? Is it possible to send us the sample of this file?

^_^