SecureAPlus: application whitelisting for additional security
Most Windows users these days run a firewall and up to date antivirus software, either those that ship with the operating system or advanced third party tools. Experienced users on the other hand often use other types of security related software to improve the system's overall security. This may include a sandboxing program like Sandboxie, exploit mitigation software like EMET, or programs that whitelist applications.
The latter is a simple but very effective concept. Only allow trusted programs to run on the program and block every other program that tries to run. Users get options to whitelist applications which is handy when new programs get installed or existing ones upgraded.
SecureAPlus is a program for Windows that combines application whitelisting with antivirus protection. What's interesting right from the start is that you do not have to install the antivirus component - it is ClamAV by the way - if you want to keep using your current security solution.
Note: The program uses an online installer by default which loads contents from the Internet during installation. You can request a link to an offline installer by mailing support.
When you start the program for the first time you will notice that it starts to scan the system to create the initial whitelist database. This can take quite some time depending on the programs you have installed on your system.
A click on status in the application whitelisting interface displays the current status of the process. If you see "in progress" or "running" there, you know that your system is still being crawled. You can browse the configuration here though to make changes to it while the database file is generated.
The default whitelist is generated based on a list of trusted certificates the application ships with. It includes a large list of companies, Adobe, Microsoft, Acer, Intel, Malwarebytes and many others. You can add or remove vendors easily from that list, for instance to reduce it in size or add vendor certificates to it.
It is possible to modify the certificate whitelisting, either to relax its rule set by trusting certificates as long as they are trusted by the operating system, or by securing it even more by limiting the list to files that need to have the certificate name and thumbprint in the trusted certificate list.
Another interesting feature that you will come across is the list of restricted applications in the Application Whitelisting interface. This refers to programs that may download, copy, or extract files from sources such as the Internet or removable media. While the programs listed here are still allowed to do so, SecureAPlus will limit the rights of files that land on the system by using those programs listed here.
The application supports process protecting as well, but it has not been built into the main graphical user interface. You need to open the program folder and start the process protector executable there to configure the feature.
It prevents code injection into processes that you specify here.
Once the initial setup is out of the way, your system is protected for as long as the program is running in the background. You will probably notice this the first time when you try to launch a new executable on your system. If it is not by one of the signed companies, it will spawn a notification window that requests that you make a decision on how to proceed.
The application displays the process name and ID, as well as a basic description of what it believes the process tries to do. A click on the more link displays additional options. You can allow the process for the session only, set the program to trust the file but do not add the process as a trusted installer, or notify the application that the process is not what it believes it to be.
If you want to add application whitelisting to your defense lineup on your PC, then you may want to give SecureAPlus a chance as it appears to be well suited for that. The only downside to that is that the current version will expire in a year's time. It seems possible to extend that period, but it is very likely that this has been implemented so that the program can be sold commercially at one point in the future.
That does not necessarily mean that there won't be a free version though.Advertisement