Second opinion scanning mechanics is set to be updated upon the release of the next version of SecureAPlus.
Application Whitelisting has always been at the very core of the SecureAPlus solution. In fact, SecureAPlus was originally meant to be a pure application whitelisting solution. It was through the feedback of our Beta community that we have decided to integrate scanning capabilities which eventually led to what is now Universal AV.
As scanning capabilities became an integral part of SecureAPlus as a security solution, some users have voiced out that they would like to be able to consult other online services for further diagnosis on top of what was presented by the cloud engines from Universal AV. This became to the precursor to the addition of second opinion scanning functionality with the integration of VirusTotal and later Jotti.
The integration of second opinion scanning for SecureAPlus was strictly for Application Whitelisting prompts and was intended for users who preferred that additional information that they could access anyway by visiting second opinion scanning portals. SecureAPlus Application Whitelisting was so effective at blocking zero-day threats that it became a reliable way of security against unknown malware as well as contributing to the security community by giving a convenient option of uploading the samples to these second opinion scanners.
This however introduced some issues namely the changes in policies of the online services that are beyond our control, users concerned about uploading to these third-party solutions, and some users being unable to decide on a course of action while waiting for both Universal AV & the second opinion scanner to give a diagnosis.
The upcoming change to how second opinion scanning now works operates on the following considerations:
It’s Totally Optional Now
With the change, we will no longer automatically include second opinion scanning results. This helps making Application Whitlisting prompt decision making faster for those that are content with Universal AV or the Offline AV scan results.
You can Still Get Second Opinion Scanning Results (With Some Caveats)
Second opinion diagnosis can still be easily viewed. Instead of it being within the prompt itself, your default browser is launched and you can view results directly from VirusTotal’s website.
However, as we only send the hash of the blocked file (without the file size), there are some instances where it might collide with another file with the same hash but different file size. The easiest way to tell is to check if the filename does not match with VirusTotal.
While instances of hash collisions are uncommon, it does introduce an extra level of attention to detail that users should look out for. In the event that this happens, it should be treated as an unknown sample (see below).
Uploading Unknown Samples (And Contributing to the Security Community) is Still Convenient
In the event that VirusTotal doesn’t have a diagnosis yet, as is the case for zero-day threats, it’s easy to find the blocked file without deciding to block or trust it, and upload for second opinion scanning.
Simply click the file name on the prompt to go to the file location which can be easily dragged and dropped to VirusTotal for analysis. This allows users to contribute new samples to VirusTotal’s growing threat database.
Our hope is that with this change, SecureAPlus users will continue to take advantage of the powerful application whitelisting whilst welcoming a more conscious effort to consult a second opinion scan directly with the providers by making it incredibly simple from the SecureAPlus interface.
Changes Applied on Upcoming June Update
The revised functionality come into effect with the release of SecureAPlus 4.6.2 by the end of the month. It is strongly advised that users get the update as soon as it is released as older versions will simply return an error message on the second opinion scanning section of the prompts.
The SecureAPlus Team