SecureAPlus Premium Review

Discussion in 'Reviews and Tests' started by RGiskardR, Feb 23, 2018.

  1. RGiskardR

    RGiskardR Malware Tester Silver Member


    [​IMG]


    Links to SecureAPlus Resources.



    SecureAPlus Premium Official Home Page: https://www.secureaplus.com/

    SecureAPlus Premium FAQ Link: https://support.secureaplus.com/faq/

    SecureAPlus Premium Support Page: https://support.secureaplus.com/

    SecureAplus System requirements: https://support.secureaplus.com/what-are-the-system-requirements/

    SecureAPlus Premium Download and Install steps: https://support.secureaplus.com/installing-secureaplus/

    Official Online Installer Download for SecureAPlus Premium Link: https://www.secureaplus.com/download/download-thank-you/

    SecureAPlus Product Change and Revision History Link: https://www.secureaplus.com/download/release-notes/

    SecureAPlus Premium Features and Add-Ons:
    Premium standard features: https://www.secureaplus.com/features/premium/
    Premium Add-on: https://www.secureaplus.com/features/add-on/
    Avira Premium Add-on: https://www.secureaplus.com/features/avira/

    SecureAPlus Premium Activation How-To Link: https://support.secureaplus.com/activating-secureaplus-premium/
     
  2. Google Adsense

  3. RGiskardR

    RGiskardR Malware Tester Silver Member

    Windows Testing System and Hardware Specs.

    Here is some info about the host system where I tested and ran SAP in a virtual machine (VMWare):

    SIV1.png SIV2.png

    The guest system: virtual machine with Windows 10 Pro x64 RS3/FCU running over VMWare 14.1.1 build-7528167 (3,5GB of RAM assigned):

    VMWARE1.png

    Some common applications and tools (fully updated) installed inside the virtual machine: Mozilla FireFox, FoxIt Reader, Java 8, Microsoft Office Pro Plus 2016, CCleaner, Registrar Registry Manager, UltraSearch, WinRAR, Sysinternals Suite, TaskSchedulerView, Zemana Free, HitManPro Free, VT Hash Check, Norton Power Eraser, Comodo AutoRuns, SandBoxie Free.
     
    maoxu, revC0de, jerzy6012.50 and 6 others like this.
  4. RGiskardR

    RGiskardR Malware Tester Silver Member

    SecureAPlus, a brief tour over GUI and Settings.

    Let’s start with the main GUI, it allows us to:

    • Check the protection status of the product and the system.
    • Check which Security Features (modules) are enabled and running, and the status of Universal AV.
    • Check when was the Last Complete Scan / Full System Scan (and launch it again via Universal AV module). After every start of the system SAP performs automatically a Full System Scan, usually does not take long (a few minutes as maximum).
    • Perform a Software Update checking.
    • Access the Quarantine and History reports.
    • Check and change the current protection mode: Interactive (by default), LockDown and Trust All.
    • Access to other features/options the product such as: Home, App Settings, Info & Licenses, OnLine Store, OnLine Help and Lock Cube.

    Some animated gifs to illustrate:


    SF + LCS + SU.gif

    UAV STATUS.gif

    QUARANTINE.gif

    The next stop will be [App Settings] option, we will find here:
    • Universal AV: We found here settings such as Auto Upload Sample File, Daily Upload Limit and Customize Active AV Engines (to enable/disable the available AV engines).
    • Scan Settings: there are 4 tabs here:

      • Antivirus Settings: Offline Antivirus (by default ClamAV engine, but if You have a Premium License You may pay for a monthly subscription and also have Avira Premium Add-On as an offline engine. Other settings here: enable of disable Universal AV and Real-Time Scanning.
      • Exclusions: to exclude files and/or folders.
      • Inclusions: to extend the scanning protection to additional file extensions
      • USB: to setup the action on USB storage device insertion.

    APPS UAV + SCANS.gif
    • Application WhiteListing: in Basic Settings We manage the Trust based on Digital Signature (by default set to Name in Trusted Certificate List) of an application. In Advanced Settings there are 5 tabs:

      • Status: shows of the Initial Application Whitelisting process, Application Whitelisting Service and Application Whitelisting Driver. Also the option to enable or disable Observation Mode.
      • Whitelist: allows to Export, Import or Compact Whitelist.
      • Restricted Applications: manage (Add, Remove, Refresh) the list of Restricted Applications. Any new executable file created by these applications will not be automatically trusted.
      • Trusted Certificates: mange (Add, Remove, Refresh) the list of Trusted Certificates.
      • Scripts: manage (Add, Remove) the list of scripts interpreters and the file extensions associated to them.
    APPLICATION WHITELISTING - BASIC & ADVANCED SETTINGS.gif
    • Command Line Settings: 2 tabs here:
      • Rules: manage (Add, Remove, Refresh) the Application Whitelisting rules for command line to enhance protection against fileless attacks. Allow to add multiple rules for the same process.
      • Whitelist: manage (Add, Remove, Refresh) whitelisted commands lines.
      • Removable Device: controls operations (Write and Backup files from USB Storage Device, Read and Run Files from USB Storage Device) and manage (Identify USB and Add, Import USB Whitelist, Export USB Whitelist, Identify and Remove, Remove Selected item(s) from Whitelist) the list of non-whitelisted USB storage devices.
    COMAND LINE + REMOVABLE DEVICE 1.gif

    COMAND LINE + REMOVABLE DEVICE 2.gif
    • Others: 4 sub options here:
      • Updates: let us configure automatic updates (or run them manual) for both program and signatures, the virus signature server and proxy settings.
      • Language & Personalization: select the language and a theme (or Add) for the product, also the position on screen for SAP notifications.
      • Manage user Rights: 2 tabs here, Trusted Groups and Trusted Users to manage (Add, Remove) the list of Windows user’s groups and Windows users who have rights to modify the whitelist and settings.
      • Management Server: this feature needs a Premium license and SAP Policy Add-On
    OTHERS.gif

    The following option [Info & Licenses] let us to manage:
    • Account: it shows our unique SAP ID, also allows sign up a free SAP account and log in typing our email address and password (or via Facebook). Also to type our activation code and/or register for Mobile Beta Interest. Once we are logged some interesting info appears about our registered devices/licenses and their status (Infected/Clean).
    • License: let us to check the validity/status of our current active license or add a new one just copy/pasting it. There are also options to extend our Freemium license or purchase a Premium one.
    • Diagnosis: in case we should sent some diagnosis reports to SAP Support, this option takes up to the location of the 2 folders where .log files are saved.
    • About: full info about specific version and build number of the products as well as Contact Info/Official WebSite and connection to SAP via Social NetWorks.

    INFO & LICENSES.gif

    [Online Store] opens our system default browser with SAP official online store

    [Help] opens our system default browser with online SAP official support pages

    [LockCube] opens our system default browser with a Secure Cloud Storage service


    Finally the different options in Windows TaskBar SAP icon:

    ICON SETTINGS.png

    And to run a SAP on demand scan over a folder, a file or to Trust an Application/Installer or to revoke this Trusting:

    ON DEMAND SCAN.png
     
    maoxu, revC0de, Ultimo and 7 others like this.
  5. RGiskardR

    RGiskardR Malware Tester Silver Member

    SecureAPlus, Resource Consumption and Services.

    I installed SAP as a primary/main antivirus provider, so Windows Defender was disabled automatically:


    WINDOWS DEFENDER SECURITY CENTER.png

    As we can check, it runs different services but in general, the RAM and CPU consumption is quite low, even running inside a virtual machine, it feels lights :cool:

    RESOURCES1.png RESOURCES2.png RESOURCES3.png
    RESOURCES4.png RESOURCES5.png
     
    maoxu, revC0de, jerzy6012.50 and 6 others like this.
  6. RGiskardR

    RGiskardR Malware Tester Silver Member

    MalWare Testing Methodology.

    Malware tests took part inside a Virtual Machine (VMWare), using a clean and fully updated snapshot in every test.

    The steps usually followed in every test were:

    1.- Updated SAP signatures manually.

    2.- Ran on demand scan over the folder with samples.

    3.- Remained undetected samples from on demand scanning were tested dynamically running/executing one by one manually (in SAP Interactive Mode & LockDown Mode) collecting the results.

    4.- After every sample execution: checked risky system folders for some remnants/leftovers such as C:\ProgramData\... + C:\Users\<user account>\AppData\... (and subfolders), also check if still some suspicious processes/services running. Tools used: Sysinternals Process Explorer, Sysinternals AutoRuns, Sysinternals TCPView and Comodo AutoRuns.

    5.- Checked also if bait files were encrypted or not during the dynamic test (different types of files: .docx .jpg .png .pdf .rar .zip . txt, which usually are targeted by crypto-virus/ransomware, placed in user system standard folders: \Documents, \Pictures, etc… and also in an own created folder in C:\ABait Files\).

    6.- Ran Second Opinion Scanners (ZAM Free, HitMan Pro Free, Norton Power Eraser) to check whether the system was finally clean or there were some active suspicious services and remnants/leftovers after dynamic tests. Note: Before run SOS, all remained and not active (but blocked or prevented to run) samples were removed manually in order to not appear reflected in the final SOS scan results.

    • For all malware packs were performed steps 1, 2, 4, 5, 6
    • For small malware packs and special samples (<7) were performed steps 1, 2, 4, 5, 6. Also ran all malware samples in SAP Interactive Mode (selecting “Continue Blocking” in every warning) and in LockDown Mode.
    • For big malware packs (>= 7) were performed steps 1, 2, 3, 4, 5, 6
     
    maoxu, revC0de, Ultimo and 7 others like this.
  7. RGiskardR

    RGiskardR Malware Tester Silver Member

    MalWare Packs Tests Results.

    First of all I would like to thank @Der.Reisende and @silversurfer (MalWare Hunters and AV Testers from our great MTAC Team at this forum) to provided me with all the samples packs for this review.

    In the following posts are exposed some malware tests with samples uploaded to the MTAC section of this forum, enjoy them! :wide:

    Disclaimer: due to the small number of samples used in these tests, you should take results with a grain of salt.
     
    maoxu, revC0de, Ultimo and 7 others like this.
  8. RGiskardR

    RGiskardR Malware Tester Silver Member

    --------------------------------------------------------------------

    NAME: #Evrial Infostealer
    SPECIAL SAMPLE(S) [X] SAMPLES PACK [ ]
    PROVIDED BY
    : @Der.Reisende
    THREAD AT MTAC SECTION: http://tweakbytes.com/threads/evrial-infostealer.6105/

    --------------------------------------------------------------------

    SAP UPDATES:

    U.png


    SAP STATIC SCAN:

    ST1.png ST2.png


    SAP LOCKDOWN MODE:

    LD1.png


    SAP INTERACTIVE MODE:

    1A.png 1B.png 1C.png 1D.png 1E.png


    AFTER DYNAMIC TESTING:

    AR.png


    SECOND OPINION SCAN RESULTS: All Clean

    SOS.png


    COMMENTS:
    N/A
     
    maoxu, revC0de, Ultimo and 7 others like this.
  9. RGiskardR

    RGiskardR Malware Tester Silver Member

    --------------------------------------------------------------------

    NAME: #Signed Malware
    SPECIAL SAMPLE(S) [X] SAMPLES PACK [ ]
    PROVIDED BY
    : @silversurfer
    THREAD AT MTAC SECTION: http://tweakbytes.com/threads/signed-malware-10-12-17.5904/

    --------------------------------------------------------------------

    SAP UPDATES:

    U.png


    SAP STATIC SCAN:

    ST1.png


    SAP LOCKDOWN MODE:

    LD1.png


    SAP INTERACTIVE MODE:

    INT1.png INT2.png


    AFTER DYNAMIC TESTING:

    AR.png


    SECOND OPINION SCAN RESULTS: All Clean

    SOS.png


    COMMENTS:
    It seems there is a mismatch between antivirus engines: SAP UniversalAV and the results of same engines (included on SAP UAV) in online VirusTotal service (see in SAP Interactive Mode results).
     
    maoxu, revC0de, Ultimo and 7 others like this.
  10. RGiskardR

    RGiskardR Malware Tester Silver Member

    --------------------------------------------------------------------

    NAME: #Rapid Ransomware
    SPECIAL SAMPLE(S) [X] SAMPLES PACK [ ]
    PROVIDED BY
    : @silversurfer
    THREAD AT MTAC SECTION: http://tweakbytes.com/threads/rapid-ransomware.6116/

    --------------------------------------------------------------------

    SAP UPDATES:

    U.png


    SAP STATIC SCAN:

    ST1.png


    SAP LOCKDOWN MODE:

    LD1.png


    SAP INTERACTIVE MODE:

    I1.png I2.png I3.png I4.png I5.png


    AFTER DYNAMIC TESTING:

    AR.png


    SECOND OPINION SCAN RESULTS: All Clean

    SOS.png


    COMMENTS:
    N/A
     
    maoxu, revC0de, Ultimo and 7 others like this.
  11. RGiskardR

    RGiskardR Malware Tester Silver Member

    --------------------------------------------------------------------

    NAME: #CrossRAT
    SPECIAL SAMPLE(S) [X] SAMPLES PACK [ ]
    PROVIDED BY
    : @Der.Reisende
    THREAD AT MTAC SECTION: http://tweakbytes.com/threads/crossrat.6122/

    --------------------------------------------------------------------

    SAP UPDATES:

    U.png


    SAP STATIC SCAN:

    ST.png


    SAP LOCKDOWN MODE:

    LD1.png


    SAP INTERACTIVE MODE:

    I1.png I2.png I3.png I4.png


    AFTER DYNAMIC TESTING:

    AR.png


    SECOND OPINION SCAN RESULTS: All Clean

    SOS.png


    COMMENTS:
    N/A
     
    maoxu, revC0de, Ultimo and 7 others like this.
  12. RGiskardR

    RGiskardR Malware Tester Silver Member

    --------------------------------------------------------------------

    NAME: #GanCrab Ransomware
    SPECIAL SAMPLE(S) [X] SAMPLES PACK [ ]
    PROVIDED BY
    : @silversurfer
    THREAD AT MTAC SECTION: http://tweakbytes.com/threads/gandcrab-ransomware.6129/

    --------------------------------------------------------------------

    SAP UPDATES:

    U.png


    SAP STATIC SCAN:

    ST.png


    SAP LOCKDOWN MODE:

    L1.png


    SAP INTERACTIVE MODE:

    I1.png I2.png I3.png I4.png I5.png


    AFTER DYNAMIC TESTING:

    AR.png


    SECOND OPINION SCAN RESULTS: All Clean

    SOS.png


    COMMENTS:
    N/A
     
    maoxu, revC0de, jerzy6012.50 and 5 others like this.
  13. RGiskardR

    RGiskardR Malware Tester Silver Member

    --------------------------------------------------------------------

    NAME: #27.01.2018#13
    SPECIAL SAMPLE(S) [ ] SAMPLES PACK [X]
    PROVIDED BY
    : @Der.Reisende
    THREAD AT MTAC SECTION: http://tweakbytes.com/threads/27-01-2018-13.6132/

    --------------------------------------------------------------------

    SAP UPDATES:

    U.png


    SAP STATIC SCAN:

    ST1.png ST2.png ST3.png


    SAP LOCKDOWN MODE:

    LD1.png LD2.png LD3.png LD4.png


    SAP INTERACTIVE MODE:

    1A.png 1B.png 2A.png 2B.png 3A.png 3B.png 3C.png 4A.png 4B.png 5A.png 5B.png 6A.png 6B.png


    AFTER DYNAMIC TESTING:

    AR.png


    SECOND OPINION SCAN RESULTS: All Clean

    SOS.png


    COMMENTS:
    It seems there is a mismatch between antivirus engines: SAP UniversalAV and the results of same engines (included on SAP UAV) in online VirusTotal service (see in SAP Interactive Mode results). Also Get Second Opinion Online SAP feature only allows to use it twice in short period of time, after that it constantly asked me to answer that I'm not a robot, but even answering it didn't work and remained asking, so finally I had to use the tool VT Hash Checker.
     
    maoxu, revC0de, jerzy6012.50 and 6 others like this.
  14. RGiskardR

    RGiskardR Malware Tester Silver Member

    --------------------------------------------------------------------

    NAME: #1-2-2018#15
    SPECIAL SAMPLE(S) [ ] SAMPLES PACK [X]
    PROVIDED BY
    : @silversurfer
    THREAD AT MTAC SECTION: http://tweakbytes.com/threads/1-2-2018-15.6152/

    --------------------------------------------------------------------

    SAP STATIC SCAN:

    ST.png


    SAP LOCKDOWN MODE:

    L1.png L2.png L3.png L4.png L5.png L6.png L7.png L8.png L8B.png L9.png L10.png L11.png L12.png L13.png L14.png L15.png


    SAP INTERACTIVE MODE:

    I1.png I2.png I3.png I4.png I5.png I6.png I7.png I8.png I9.png


    AFTER DYNAMIC TESTING:

    AR.png


    SECOND OPINION SCAN RESULTS: Protected - Not Clean (inactive leftovers / remnants)

    SOS1.png SOS2.png SOS3.png


    COMMENTS: N/A
     
    maoxu, revC0de, jerzy6012.50 and 6 others like this.
  15. RGiskardR

    RGiskardR Malware Tester Silver Member

    --------------------------------------------------------------------

    NAME: #Netwire RAT (03.02.2018)
    SPECIAL SAMPLE(S) [X] SAMPLES PACK [ ]
    PROVIDED BY
    : @Der.Reisende
    THREAD AT MTAC SECTION: http://tweakbytes.com/threads/netwire-rat-03-02-2018.6164/

    --------------------------------------------------------------------

    SAP UPDATES:

    U.png


    SAP STATIC SCAN:

    ST1.png ST1 - RE-TEST.png


    SAP LOCKDOWN MODE:

    LD1.png


    SAP INTERACTIVE MODE:

    I1.png


    AFTER DYNAMIC TESTING:

    AR.png


    SECOND OPINION SCAN RESULTS: All Clean

    SOS.png


    COMMENTS: It seems there is a mismatch between antivirus engines: SAP UniversalAV and the results of same engines (included on SAP UAV) in online VirusTotal service (see in SAP Interactive Mode results). Also during this test SAP server was down for some hours (Sunday 04/o2/2018), I ran a new static test after 5 hours and it worked again.
     
    maoxu, revC0de, jerzy6012.50 and 6 others like this.
  16. RGiskardR

    RGiskardR Malware Tester Silver Member

    --------------------------------------------------------------------

    NAME: #Xtreme Backdoor (03.02.2018)
    SPECIAL SAMPLE(S) [X] SAMPLES PACK [ ]
    PROVIDED BY
    : @Der.Reisende
    THREAD AT MTAC SECTION: http://tweakbytes.com/threads/xtreme-backdoor-03-02-2018.6165/

    --------------------------------------------------------------------

    SAP UPDATES:

    U.png


    SAP STATIC SCAN:

    ST2.png ST2 - RE-TEST.png


    SAP LOCKDOWN MODE:

    LD2.png


    SAP INTERACTIVE MODE:

    I2.png


    AFTER DYNAMIC TESTING:


    AR.png


    SECOND OPINION SCAN RESULTS: All Clean

    SOS.png


    COMMENTS: It seems there is a mismatch between antivirus engines: SAP UniversalAV and the results of same engines (included on SAP UAV) in online VirusTotal service (see in SAP Interactive Mode results). Also during this test SAP server was down for some hours (Sunday 04/o2/2018), I ran a new static test after 5 hours and it worked again.
     
    maoxu, revC0de, jerzy6012.50 and 6 others like this.
  17. RGiskardR

    RGiskardR Malware Tester Silver Member

    --------------------------------------------------------------------

    NAME: #BlackRuby Ransomware
    SPECIAL SAMPLE(S) [X] SAMPLES PACK [ ]
    PROVIDED BY
    : @silversurfer
    THREAD AT MTAC SECTION: http://tweakbytes.com/threads/blackruby-ransomware.6174/#post-26537

    --------------------------------------------------------------------

    SAP UPDATES:

    U.png


    SAP STATIC SCAN:

    ST1.png


    SAP LOCKDOWN MODE:

    LD1.png


    SAP INTERACTIVE MODE:

    I1.png I2.png VT.png


    AFTER DYNAMIC TESTING:


    AR.png


    SECOND OPINION SCAN RESULTS: All Clean

    SOS.png


    COMMENTS: It seems there is a mismatch between antivirus engines: SAP UniversalAV and the results of same engines (included on SAP UAV) in online VirusTotal service (see in SAP Interactive Mode results).
     
    maoxu, revC0de, jerzy6012.50 and 6 others like this.
  18. RGiskardR

    RGiskardR Malware Tester Silver Member

    --------------------------------------------------------------------

    NAME: #CoinMiner (11-2-2018)
    SPECIAL SAMPLE(S) [X] SAMPLES PACK [ ]
    PROVIDED BY
    :
    THREAD AT MTAC SECTION: http://tweakbytes.com/threads/coinminer-11-2-2018.6197/

    --------------------------------------------------------------------

    SAP UPDATES:

    U.png


    SAP STATIC SCAN:

    ST.png


    SAP LOCKDOWN MODE:

    LD.png


    SAP INTERACTIVE MODE:

    I1.png I2.png I3.png VT.png


    AFTER DYNAMIC TESTING:

    AR.png


    SECOND OPINION SCAN RESULTS: All Clean

    SOS.png


    COMMENTS: N/A
     
    maoxu, revC0de, jerzy6012.50 and 6 others like this.
  19. RGiskardR

    RGiskardR Malware Tester Silver Member

    --------------------------------------------------------------------

    NAME: #Olympic Destroyer (Ransomware) & LokiBot (13-2-2018)
    SPECIAL SAMPLE(S) [X] SAMPLES PACK [ ]
    PROVIDED BY
    : @Der.Reisende & @silversurfer
    THREADS AT MTAC SECTION:
    http://tweakbytes.com/threads/olympic-destroyer-ransomware.6209/
    http://tweakbytes.com/threads/lokibot-13-2-2018.6212/#post-26618

    --------------------------------------------------------------------

    SAP UPDATES:

    U.png


    SAP STATIC SCAN:

    ST.png


    SAP LOCKDOWN MODE:

    LD1.png LD2.png LD3.png


    SAP INTERACTIVE MODE:

    I1.png I2.png I3.png I4.png I5.png I6.png


    AFTER DYNAMIC TESTING:

    AR.png


    SECOND OPINION SCAN RESULTS: All Clean

    SOS.png


    COMMENTS: N/A
     
    maoxu, revC0de, jerzy6012.50 and 6 others like this.
  20. RGiskardR

    RGiskardR Malware Tester Silver Member

    --------------------------------------------------------------------

    NAME: #Smoke Loader (15-2-2018)
    SPECIAL SAMPLE(S) [X] SAMPLES PACK [ ]
    PROVIDED BY
    : @silversurfer
    THREAD AT MTAC SECTION: http://tweakbytes.com/threads/smoke-loader-15-2-2018.6221/

    --------------------------------------------------------------------

    SAP UPDATES:

    U.png


    SAP STATIC SCAN:

    ST.png


    SAP LOCKDOWN MODE:

    LD1.png


    SAP INTERACTIVE MODE:

    I1.png I2.png I3.png


    AFTER DYNAMIC TESTING:

    AR.png


    SECOND OPINION SCAN RESULTS: All Clean

    SOS.png


    COMMENTS: N/A
     
    maoxu, revC0de, jerzy6012.50 and 6 others like this.
  21. RGiskardR

    RGiskardR Malware Tester Silver Member

    --------------------------------------------------------------------

    NAME: #Mixed threats - 17/02/2018 - #10
    SPECIAL SAMPLE(S) [ ] SAMPLES PACK [X]
    PROVIDED BY
    : @Der.Reisende
    THREAD AT MTAC SECTION: http://tweakbytes.com/threads/mixed-threats-17-02-2018-10.6226/

    --------------------------------------------------------------------

    SAP UPDATES:

    U.png


    SAP STATIC SCAN:

    ST.png ST2.png


    SAP LOCKDOWN MODE:

    LD1.png LD2.png


    SAP INTERACTIVE MODE:

    I1.png I2.png I3.png I4.png


    AFTER DYNAMIC TESTING:


    AR.png


    SECOND OPINION SCAN RESULTS: All Clean

    SOS.png


    COMMENTS: It seems there is a mismatch between antivirus engines: SAP UniversalAV and the results of same engines (included on SAP UAV) in online VirusTotal service (see in SAP Interactive Mode results).
     
    maoxu, revC0de, jerzy6012.50 and 6 others like this.
  22. RGiskardR

    RGiskardR Malware Tester Silver Member

    --------------------------------------------------------------------

    NAME: #Mixed threats - 18.02.2018 - #7
    SPECIAL SAMPLE(S) [ ] SAMPLES PACK [X]
    PROVIDED BY
    : @Der.Reisende
    THREAD AT MTAC SECTION: http://tweakbytes.com/threads/mixed-threats-18-02-2018-7.6227/

    --------------------------------------------------------------------

    SAP UPDATES:

    U.png


    SAP STATIC SCAN:

    ST2 - ABOUT 8 min later.png


    SAP LOCKDOWN MODE:

    LD1.png LD2.png LD3.png LD4.png LD5.png LD6.png LD7.png


    SAP INTERACTIVE MODE:

    I1.png I2.png I3.png I4.png I5.png I6.png I7.png


    SECOND OPINION SCAN RESULTS: All Clean

    SOS.png


    COMMENTS: In this test I didn't send to server (UniversalAV) every sample I tested in dynamic (most of the times it takes long about 2 minutes to answer for every file).
     
    maoxu, revC0de, jerzy6012.50 and 5 others like this.
  23. RGiskardR

    RGiskardR Malware Tester Silver Member

    --------------------------------------------------------------------

    NAME: #Thanatos #Ransomware
    SPECIAL SAMPLE(S) [X] SAMPLES PACK [ ]
    PROVIDED BY
    : @Der.Reisende
    THREAD AT MTAC SECTION: http://tweakbytes.com/threads/thanatos-ransomware.6228/

    --------------------------------------------------------------------

    SAP UPDATES:

    U.png


    SAP STATIC SCAN:

    ST.png


    SAP LOCKDOWN MODE:

    LD1.png


    SAP INTERACTIVE MODE:

    I1.png


    AFTER DYNAMIC TESTING:

    AR.png


    SECOND OPINION SCAN RESULTS: All Clean

    SOS.png


    COMMENTS: N/A.
     
    maoxu, revC0de, jerzy6012.50 and 5 others like this.
  24. RGiskardR

    RGiskardR Malware Tester Silver Member

    --------------------------------------------------------------------

    NAME: #Zeus/Panda (21-2-2018)
    SPECIAL SAMPLE(S) [X] SAMPLES PACK [ ]
    PROVIDED BY
    : @silversurfer
    THREAD AT MTAC SECTION: http://tweakbytes.com/threads/zeus-panda-21-2-2018.6235/

    --------------------------------------------------------------------

    SAP UPDATES:

    U.png


    SAP STATIC SCAN:

    ST.png


    SAP LOCKDOWN MODE:

    LD1.png LD2.png


    SAP INTERACTIVE MODE:

    I1.png I2.png I3.png I4.png I5.png


    AFTER DYNAMIC TESTING:

    AR.png


    SECOND OPINION SCAN RESULTS: All Clean

    SOS.png


    COMMENTS: It seems there is a mismatch between antivirus engines: SAP UniversalAV and the results of same engines (included on SAP UAV) in online VirusTotal service (see in SAP Interactive Mode results).
     
    maoxu, revC0de, jerzy6012.50 and 6 others like this.
  25. RGiskardR

    RGiskardR Malware Tester Silver Member

    --------------------------------------------------------------------

    NAME: #Gootkit (22-2-2018)
    SPECIAL SAMPLE(S) [X] SAMPLES PACK [ ]
    PROVIDED BY
    : @silversurfer
    THREAD AT MTAC SECTION: http://tweakbytes.com/threads/gootkit-22-2-2018.6239/

    --------------------------------------------------------------------

    SAP UPDATES:

    U.png


    SAP STATIC SCAN:

    ST.png


    SAP LOCKDOWN MODE:

    LD1.png LD2.png


    SAP INTERACTIVE MODE:

    I1.png I2.png I3.png I4.png I5.png I6.png


    AFTER DYNAMIC TESTING:

    AR.png


    SECOND OPINION SCAN RESULTS: All Clean

    SOS.png


    COMMENTS: It seems there is a mismatch between antivirus engines: SAP UniversalAV and the results of same engines (included on SAP UAV) in online VirusTotal service (see in SAP Interactive Mode results).
     
    maoxu, revC0de, jerzy6012.50 and 6 others like this.
  26. RGiskardR

    RGiskardR Malware Tester Silver Member

    After all these testing posts :read: I would like to add some extra info:

    1.- When We run an on demand Scan with SAP, it will mark automatically to Quarantine/Delete only those samples that are detected at least by 2 engines, as shown in this example:

    ST.png

    2.- About false positives, We may also get this warning:

    FALSE POSITIVE WARNING.png
    3.- Periodically We will get an email malware report (previously signing/login our user/password in SAP Account portal, and with SAP Premium License) similar to this:

    EMAIL REPORT1.png


    EMAIL REPORT2.png
     
    maoxu, hakah, Raul90 and 9 others like this.

Share This Page