Jump to content
raffnixpert

SAS Pro real-time not working?

Recommended Posts

I have been using SAS Real-Time protection since 01/29/2011 and have not seen a single popup so far. Doesn't this mean that SAS real-time protection does not work on my system? Could anybody give me an inoffensive IP address for testing purposes that would definitely trigger a SAS popup?

Could the reason for this malfunction be o wrong proxy setting within Firefox? I have selected "manual proxy configuration" with

  • HTTP-Proxy: "localhost"
  • Port: "12080"
  • No Proxy for: "localhost, 127.0.0.1, *.superantispyware.com"

Share this post


Link to post
Share on other sites

I have been using SAS Real-Time protection since 01/29/2011 and have not seen a single popup so far. Doesn't this mean that SAS real-time protection does not work on my system? Could anybody give me an inoffensive IP address for testing purposes that would definitely trigger a SAS popup?

Could the reason for this malfunction be o wrong proxy setting within Firefox? I have selected "manual proxy configuration" with

  • HTTP-Proxy: "localhost"
  • Port: "12080"
  • No Proxy for: "localhost, 127.0.0.1, *.superantispyware.com"

f your Internet connection requires the use of a proxy, you will need to create an exception for superantispyware.com. This will ensure that SUPERAntiSpyware can update both its program components and its definition databases.

To do this, go to your Internet Explorer Tools menu -> Internet Options... item -> Connections tab -> LAN Settings button -> Proxy server group.

Click on the Advanced... button. In the Exceptions list, add:

*.superantispyware.com

Share this post


Link to post
Share on other sites

As you can see in my #1 I had done this already for my firefox browser. I do not use MS Internet Explorer. But anyway in case these IE settings are additionally required for SAS real-time to work, I have made now these settings. However, I still cannot se whether SAS real-time protection is on now. Couldn't you give me an inoffensive IP address for testing purposes that would definitely trigger a SAS popup?

Share this post


Link to post
Share on other sites

Keep in mind that SAS PRO does not scan web pages and the various links that load when you open a web page.

You can use TrojanSimulator to see real-time block a "malicious" file from running in your computer. TrojanSimulator is a benign file that simulates a malicious file.

1. Turn off your anti-virus scanner so that it does not detect the benign TrojanSimulator.exe file before SAS PRO does.

2. Go to the link below and download the TrojanSimulate.zip file. Save it on your desktop.

http://www.misec.net/products/TrojanSimulator.zip

3. Unzip the file. SAS PRO should/may trigger when you unzip the file and attempt to quarantine file trojansimulator.exe. Let SAS quarantine it if it does trigger.

4. If you do not get an SAS trigger, execute file trojansimulator.exe. That should definitely cause it to trigger.

5. Once you have completed the test, remove the .ZIP file and the unzipped folder from your system and reactivate your anti-virus scanner.

You can read about TrojanSimulator at the link below.

http://www.misec.net/trojansimulator

Share this post


Link to post
Share on other sites

Thank you siliconman01 for this useful and pertinent answer.

The first thing I saw was a blocking message by McAfee Site Advisor when trying to download the zip file. The only other reaction from security software was a warning by SAS Pro when executing TrojanSimulator.exe. The presence or not of avast did not change anything. Avast did not detect the intruder.

By the way, if TrojanSimulator is a benign file as you wrote why do I have to remove the zip file? Couldn’t I keep it for further tests?

@ SAS Customer Service (#2)

If your Internet connection requires the use of a proxy, you will need to create an exception for superantispyware.com. This will ensure that SUPERAntiSpyware can update both its program components and its definition databases.

To do this, go to your Internet Explorer Tools menu -> Internet Options... item -> Connections tab -> LAN Settings button -> Proxy server group.

Click on the Advanced... button. In the Exceptions list, add:

*.superantispyware.com

Is it really necessary to create the proxy settings in Internet Explorer Tools as explained above given the fact that I have never touched those settings before but have only created them in and for Firefox?

Share this post


Link to post
Share on other sites
The first thing I saw was a blocking message by McAfee Site Advisor when trying to download the zip file. The only other reaction from security software was a warning by SAS Pro when executing TrojanSimulator.exe. The presence or not of avast did not change anything. Avast did not detect the intruder.

By the way, if TrojanSimulator is a benign file as you wrote why do I have to remove the zip file? Couldn’t I keep it for further tests?

What was the warning that SAS issued when you executed TrojanSimulator.exe? It should have wanted to quarantine it.

It would be best to put TrojanSimulator.zip on a flash drive or DVD so that none of the scanning programs will unzip it and flag TrojanSimulator when you scan. It is definitely benign and is only for testing.

Take a look in MSConfig at your startup programs and make sure that Trojansimulator.exe or Tsserv.exe are not started up when you startup your computer. If they are, remove them from your startup program list. Please read the instructions for TrojanSimulator uninstall.

http://www.misec.net/trojansimulator

Share this post


Link to post
Share on other sites

But it did block trojansimulator.exe from running which is exactly what SAS real-time is designed for. Check the Quarantine folder of SAS and see if TrojanSimulator.exe is there.

Share this post


Link to post
Share on other sites

But it did block trojansimulator.exe from running which is exactly what SAS real-time is designed for. Check the Quarantine folder of SAS and see if TrojanSimulator.exe is there.

TrojanSimulator.exe was in fact there (cf. the following screenshot).

6315118zkp.jpg

Thanx to siliconman01 for guiding me up to this point.

Perfect! Let us know if you have any other questions. You can additionally open a Customer Service Request on SUPERAntiSpyware.com under support.

I did in fact open a Customer Service Request on this but I regret to say they were very slow and not expedient. That is why I signed in this forum and put my question here.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×