Author Topic: msi files NOT blocked by S.A.P.  (Read 2370 times)

Offline GrDukeMalden

  • Newbie
  • *
  • Posts: 33
  • Kudos +3/-1
msi files NOT blocked by S.A.P.
« on: September 29, 2021, 06:19:49 AM »
I noticed in my own testing that S.A.P. doesn't block msi files. Nor does it block the command lines they start.

My request is for S.A.P. to start blocking msi files in the next update to it.
VPN(Paid)
VoodooSheild(Paid)
SecureAPlus(Paid,Pro)
SandboxiePlus (By Xanasoft)
I fiddle with whitelisting software.

Offline Clem

  • SecureAPlus Helpdesk Engineer
  • Newbie
  • *
  • Posts: 49
  • Kudos +0/-0
Re: msi files NOT blocked by S.A.P.
« Reply #1 on: September 29, 2021, 10:45:06 AM »
I noticed in my own testing that S.A.P. doesn't block msi files. Nor does it block the command lines they start.

My request is for S.A.P. to start blocking msi files in the next update to it.

Thank you for the advice.

SecureAPlus is capable of blocking msi files.

For signed msi, if the vendor's digital certificate is trusted, it will not get blocked.
To check, the user can right-click on a msi file, and set the trust level to untrusted, and run the msi again.

Offline GrDukeMalden

  • Newbie
  • *
  • Posts: 33
  • Kudos +3/-1
Re: msi files NOT blocked by S.A.P.
« Reply #2 on: September 30, 2021, 06:17:59 AM »
8e4aea795086fa0db570d33dde353ca589e0fd84d6d7dd3dcb0459ed776b2113

5c80194d561c3af4566fc17a9e4cd3ae4b206eea71caf2096caf49f6b0d126d1

049c648f0d8eba9a540f9a4210853c9d093fbf5ef8851597842e28e4e1dc9f6e

f5d4f2ff3771e177e6846440a92c6d8f07f14afd90d717988b25451fd725c46d

273179a54afa27a94c551c25219367773755bd1e90ce97fcf6a531796fd05413

81b6005573d2a123204ada7b64ec6621efcd61d510fb999eb20808fc7dca41f0

MSI files, check on virustotal, find samples on malware bazzar. They're all malware, but none of these are blocked by S.A.P. right now

It's a simple fix. Just don't allow any MSI's to run unless they're signed and thumbprinted by a trusted vendor.

VPN(Paid)
VoodooSheild(Paid)
SecureAPlus(Paid,Pro)
SandboxiePlus (By Xanasoft)
I fiddle with whitelisting software.