Jump to content
Guest ROCKNROLLKID

A few question for SAS

Recommended Posts

Guest ROCKNROLLKID

I have a few questions regarding SAS. Sorry for any misspells. I am not the best speller.

1. I am currently using SAS 5.0.1096 free edition and I have noticed some kinda of bug/glitch. While i was testing the program for bugs, I went into activate licenses. I just entered a random code in and after that instead of saying invalid license it said you have successfully entered a license. Obvious a license of 000 000 0000 is not a valid licnense. Anyways after i did that, I clicked on real time in the menu (not in the settings). At first it said for professional version only, but after I clicked the x on top, the realtime protection enabled itself. Is this suppost to happen or is this some kind of bug/glitch?

2. Every update that I install, I always check them out. I notice that in the defenition database, there are mostly some sort of trojan.agent. Now I know you guys work hard on this program and trojans are the most common type of infection around, but don't you think you can try to add something else. I mean I rarely see any kind of spyware, adware, rootkit, or even worms. Now I don't want to be mean on this, but maybe you could keep up to date on other types of infection.

3. Is there a way where i can see updates for program updates and new version of SAS? The reason why I ask this is because for 1 i like to see if i report a bug that you guys have fixed 2. I like the to see if its even worth the time to dl the latest program/version update.

Your friend

ROCK

Share this post


Link to post
Share on other sites

I have a few questions regarding SAS. Sorry for any misspells. I am not the best speller.

1. I am currently using SAS 5.0.1096 free edition and I have noticed some kinda of bug/glitch. While i was testing the program for bugs, I went into activate licenses. I just entered a random code in and after that instead of saying invalid license it said you have successfully entered a license. Obvious a license of 000 000 0000 is not a valid licnense. Anyways after i did that, I clicked on real time in the menu (not in the settings). At first it said for professional version only, but after I clicked the x on top, the realtime protection enabled itself. Is this suppost to happen or is this some kind of bug/glitch?

2. Every update that I install, I always check them out. I notice that in the defenition database, there are mostly some sort of trojan.agent. Now I know you guys work hard on this program and trojans are the most common type of infection around, but don't you think you can try to add something else. I mean I rarely see any kind of spyware, adware, rootkit, or even worms. Now I don't want to be mean on this, but maybe you could keep up to date on other types of infection.

3. Is there a way where i can see updates for program updates and new version of SAS? The reason why I ask this is because for 1 i like to see if i report a bug that you guys have fixed 2. I like the to see if its even worth the time to dl the latest program/version update.

Your friend

ROCK

1. The code doesn't actually fully activate the product. We can block that to avoid confusion for users.

2. We input hundreds of definitions daily. Many start with "Trojan." - that's just our naming, everyone calls things different names. The name doesn't really matter - meaning, detecting the threat does.

3. The final will link to the "what's new" page so you can see all changes.

Thanks for testing!

Share this post


Link to post
Share on other sites
Guest ROCKNROLLKID

Thanks for the answers, but I have some more questions.

1. When I send over a file for analyzation, do you guys actually analyze it or just update it to the latest defenition theh just scan it? I ask this because MSE has something similar to that, but all they do is just update it to the latest then just scan it, which is kind of pointless because you could have just done that yourself.

2. In the scanner options, why would having skip files over 4mb and only scan exe files be good? Doesn't that just lower the chance of removing all infection?

3. What does the rescue scan do and what if you used another program to remove the infection how would it know what to do then?

ROCK

Share this post


Link to post
Share on other sites
Guest ROCKNROLLKID

1 last question.

4. When I do a full system scan, there is an option that says scan inside .ZIP files. Does that also apple to .RAR files as well?

Also, could you answer the other set of questions I asked. I know they seem like stupid questions, but im just double checking.

Share this post


Link to post
Share on other sites

Thanks for the answers, but I have some more questions.

1. When I send over a file for analyzation, do you guys actually analyze it or just update it to the latest defenition theh just scan it? I ask this because MSE has something similar to that, but all they do is just update it to the latest then just scan it, which is kind of pointless because you could have just done that yourself.

2. In the scanner options, why would having skip files over 4mb and only scan exe files be good? Doesn't that just lower the chance of removing all infection?

3. What does the rescue scan do and what if you used another program to remove the infection how would it know what to do then?

ROCK

1. What nonsense you are talking about. Even MSE analyse the files that you send them

Share this post


Link to post
Share on other sites
Guest ROCKNROLLKID

I submit files over to virustotal and then if a certain program doesn't detect it, then I submit samples over to the program that I use that didn't detect it. I had 3 spam messages all contain a file to download. I downloaded them, but I did not open them. I first scanned it using MSE, and no threats were found in any of them. So I sumbited it over to virus total and virustotal uses 43 different engines. I know that one of the files was detected by 25 engines. Not to sure how many engiens the other two were detected by, but it was about that high maybe a little under. Anyways, after that, I submitted over samples to MSE. When I got the final analyse of the 3 files, not one of them were detected as any sort of threats. That's were I get the idea they don't really analyse the files they just update and scan. Besides, this is just 1 person's(my) opinion on MSE. We all have different opinions on things, so there is no reason to get mad.

Share this post


Link to post
Share on other sites

I submit files over to virustotal and then if a certain program doesn't detect it, then I submit samples over to the program that I use that didn't detect it. I had 3 spam messages all contain a file to download. I downloaded them, but I did not open them. I first scanned it using MSE, and no threats were found in any of them. So I sumbited it over to virus total and virustotal uses 43 different engines. I know that one of the files was detected by 25 engines. Not to sure how many engiens the other two were detected by, but it was about that high maybe a little under. Anyways, after that, I submitted over samples to MSE. When I got the final analyse of the 3 files, not one of them were detected as any sort of threats. That's were I get the idea they don't really analyse the files they just update and scan. Besides, this is just 1 person's(my) opinion on MSE. We all have different opinions on things, so there is no reason to get mad.

When you send a file for analysis to a anti-virus company, the file is analysed, but it can take hours or days, depending their methods and other things. Those companies receive hundred or thousand files everyday and it takes time to analyse all of them. Try re-sending the file until MSE detect it.

Share this post


Link to post
Share on other sites
Guest ROCKNROLLKID

I don't use MSE anymore. I switch AV back to Avast. I started dislikeing MSE over the past months. The story I told was like a month ago.

Share this post


Link to post
Share on other sites

1 last question.

4. When I do a full system scan, there is an option that says scan inside .ZIP files. Does that also apple to .RAR files as well?

Also, could you answer the other set of questions I asked. I know they seem like stupid questions, but im just double checking.

RAR files are not currently supported.

Share this post


Link to post
Share on other sites

2. In the scanner options, why would having skip files over 4mb and only scan exe files be good? Doesn't that just lower the chance of removing all infection?

3. What does the rescue scan do and what if you used another program to remove the infection how would it know what to do then?

In our testing there are almost no infections over 4mb that can't be detected through other means. That 4mb limit is for our "brute force" scanning of every file and is there for speed reasons. The limit is ignored for detection rules that do not rely on reading the data within the file. You can choose not to enable it, but your scan times may suffer if you have a lot of files over 4mb.

The option "Ignore non-executable files" (not only scan exe files) does a quick check on the file to determine if it's possible to be loaded by Windows to run code. If it cannot execute the file, then those files can be safely skipped as they aren't a threat. This is another speed boost and is only for files that aren't detected through other means.

For clarification, there is also "Scan only known file types" which includes all file types that we have rules for (EXE, DLL, and many others). In most cases if the file isn't a recognized type it will not be executed by Windows and is not harmful. Again, you can turn this option off if speed is not a concern.

Most of our effort is focused on detecting and removing actual infections in real-world cases; not synthetic scenarios that our users never experience.

Share this post


Link to post
Share on other sites
Guest ROCKNROLLKID

Thanks for answering.

That's all the question I have for now. Ill keep you guys update on how SAS coorperates on my pc in the future and also submit samples over to you guys to help aid in dectection.

ROCK

Share this post


Link to post
Share on other sites

Still using ZIP for database packing :roll: 7-Zip can achieve higher compression ratios, but you already knew that.

Share this post


Link to post
Share on other sites

Still using ZIP for database packing :roll: 7-Zip can achieve higher compression ratios, but you already knew that.

Actually we are no longer using zip.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...