SecureAPlus Forum

Forum Support => Software Problems and Questions => Topic started by: bellgamin on January 19, 2021, 03:42:51 AM

Title: Take a look, please
Post by: bellgamin on January 19, 2021, 03:42:51 AM
There was a post at Wilders Security forum about a possible by-pass of SecureAPlus. I replied to it but I am not a security expert. Please take a look at it HERE (https://www.wilderssecurity.com/threads/secureaplus-freemium.350914/page-90#post-2982952).
Title: Re: Take a look, please
Post by: GrDukeMalden on January 19, 2021, 05:57:08 AM
I saw it replied to it too.

It's a smart-ass showing it successfully blocking a threat and then just saying that it doesn't work.

People were doing that with voodooshield's autopilot mode a few years ago. They rig the test with an unrealistic scenario and then they say it failed. But if they ran it with the recommended settings it wouldn't have missed anything.

What that person over on wilders did is they showed a prompt where SAP successfully blocked it and prompted the user about it, and then the "tester" allowed it.
Title: Re: Take a look, please
Post by: Isky on January 19, 2021, 06:11:50 AM
Just saw the post...thanks for letting us knw!

Kudos for your replies! ;D
Title: Re: Take a look, please
Post by: bellgamin on January 22, 2021, 01:20:39 AM
In THIS (https://www.wilderssecurity.com/threads/secureaplus-freemium.350914/page-90#post-2984400) post at Wilders forum, that fellow is now claiming that files were encrypted BEFORE SecureA+ gave its alert. Please take a look at his post and respond to it. I posted a reply (https://www.wilderssecurity.com/threads/secureaplus-freemium.350914/page-90#post-2984482), but I am NOT a security expert so I might be far off-base.
Title: Re: Take a look, please
Post by: Clem on January 25, 2021, 11:18:52 AM
Thank you for your replies on the other forum, we will raise this up to our team regarding the concern, and seems like the person may have raised it to us here (https://secureaplusforum.secureage.com/index.php/topic,551.0.html).
Title: Re: Take a look, please
Post by: Shreyas Murali on January 26, 2021, 08:39:43 PM
I saw it replied to it too.

It's a smart-ass showing it successfully blocking a threat and then just saying that it doesn't work.

What that person over on wilders did is they showed a prompt where SAP successfully blocked it and prompted the user about it, and then the "tester" allowed it.

Clearly your assumptions aren't true. It doesn't matter what i clicked in this scenario (i clicked block) my files were still encrypted. Blame the test bed to defend your favoured program does not help improve it instead will keep it stagnant.

Calling me a "smart ass" doesn't validate for the program's failure to protect the system given the sample was fairly well detected by other vendors. Why would i try to poison the test? I have nothing to gain from a bias tests.

Its due to approach like this from users like you people feel discouraged to report genuine issues. At the end of the day, if such problems are reported and fixed its only end users who will gain protection. So now tell me why are you trying to defend SecureAPlus knowing it could potentially become a determinant to your own protection? Are you guys that ignorant?
Title: Re: Take a look, please
Post by: Isky on January 27, 2021, 02:10:33 PM
Our Developer is currently looking into the matter here:

Thank you very much for sending us the sample files.

Just would like to clarify with you.
Are these the same files as what you have posted in Wilders Security forum?
(https://i.imgur.com/GICYPyb.png)

e6b870ff40dd7f8e26c9e71577d06f4a4d002654740fc414477499ebbcb8cb1a is a shortcut file (.lnk), and this file is not covered by APEX, but Application whitelisting is still able to block it.
(https://i.imgur.com/OZh95z7.jpg)

ea11409054942608f0547aabd0840a4575d117dcafca4e27666cc9857667fbb0 is an exe file. This file is also get blocked by SecureAPlus.
(https://i.imgur.com/YukaZjf.jpg)

From your picture in Wilders Security, the file that managed to run is hidden-tear.exe.
Is this a different file? Is it possible to send us the sample of this file?