Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Super Antispyware ligitmacy


  • Please log in to reply
22 replies to this topic

#1 allstock

allstock

  • Members
  • 120 posts
  • OFFLINE
  •  
  • Local time:07:16 AM

Posted 01 November 2014 - 11:37 PM

Hey guys, hop you're doing well! Gotta question for all of you that are pretty familiar with SuperAntiSpyware. I noticed something funny/questionable about the behavior of this app. First: I just downloaded it and Second: I know it's free and some may think it sucks.
 
However my question refers to the question of what it is exactly doing when I "check for updates" and I haven't given it automatic internet access through Zonealarm? It seems to be doing something even though it was never allowed to connect - even to the point it says it's finished and updated. Try it if you guys have this application, any ideas???  Thanks for any help.

Edited by Queen-Evie, 01 November 2014 - 11:39 PM.
moved from Malware Removal Logs to the appropriate forum


BC AdBot (Login to Remove)

 


m

#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,579 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:16 AM

Posted 02 November 2014 - 08:43 AM

What SUPERAntiSpyware does and how often depends on your settings...see this FAQ: How do I keep SUPERAntiSpyware up to date

Database Definition Information (Core and Trace definitions) is located here.

If set for automatic updates...it will attempt to check even though no Internet access is available.


SUPERAntiSpyware Free does not provide real-time protection, auto-Scanning, auto-updates or scheduled scanning so there is no need for it to run at startup, waste system resources and possibly cause conflicts with other security software. However, when installing SUPERAntiSpyware it installs to run at each start-up automatically. I recommend to disable its' startup and use it as a separate stand-alone on-demand scanner. As such, I do not have it configured to automatically update/check for updates. When I want to perform a scan...I manually check for and download updates at that time.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 FlannelBack

FlannelBack

  • Members
  • 327 posts
  • OFFLINE
  •  
  • Local time:08:16 AM

Posted 02 November 2014 - 10:28 AM

It seems to be doing something even though it was never allowed to connect - even to the point it says it's finished and updated.

Does SuperAntiSpyware(SAS) display a list of the updates when it says it's finished? Or does it just say "Definitions are UP To Date", and "Complete"?  It will show a list of the definition updates when it actually updates.  Have you specifically denied SAS internet access through ZoneAlarm?  Check your firewall logs to see what ZoneAlarm shows.

When I had the "McAfee LiveSafe" suite installed, SAS was automatically recognized as a safe legitimate program.  ZoneAlarm may be doing the same thing.

After I rid myself of McAfee and installed Avast along with  PrivateFirewall, SAS, MBAM, Avast and just about everything else I've installed were/are snagged at every action they made/make by PrivateFirewall.  But PrivateFirewall is a bit of a different critter.



#4 allstock

allstock
  • Topic Starter

  • Members
  • 120 posts
  • OFFLINE
  •  
  • Local time:07:16 AM

Posted 02 November 2014 - 01:26 PM

 

It seems to be doing something even though it was never allowed to connect - even to the point it says it's finished and updated.

Does SuperAntiSpyware(SAS) display a list of the updates when it says it's finished? Or does it just say "Definitions are UP To Date", and "Complete"?  It will show a list of the definition updates when it actually updates.  Have you specifically denied SAS internet access through ZoneAlarm?  Check your firewall logs to see what ZoneAlarm shows.

When I had the "McAfee LiveSafe" suite installed, SAS was automatically recognized as a safe legitimate program.  ZoneAlarm may be doing the same thing.

After I rid myself of McAfee and installed Avast along with  PrivateFirewall, SAS, MBAM, Avast and just about everything else I've installed were/are snagged at every action they made/make by PrivateFirewall.  But PrivateFirewall is a bit of a different critter.

 

That's the goofy thing about super antispyware, it actually does show a list of defintions or files that it had "downloaded/updated" even after the fact that zonealarm has restricted it from accessing the internet during the whole process....how goofy is that?? To me that's blatantly false representation of what would've happened had it actually had connected. They're probably copying the contents of my harddrive.



#5 FlannelBack

FlannelBack

  • Members
  • 327 posts
  • OFFLINE
  •  
  • Local time:08:16 AM

Posted 02 November 2014 - 03:41 PM

I don't know what to tell you. This is what happens when I block SAS with the firewall and then try to update:

SAS_Blocked_Update.jpg

It stays that way until I click the "Cancel" button.  It looks like your firewall settings are not configured to block SAS.  What "Database Version"(lower right corner) is the SAS UI showing? Where did you download SAS from?



#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,579 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:16 AM

Posted 02 November 2014 - 05:10 PM

When disconnected from the Internet and Firewall off, attempting to update via the program's interface, SAS should say...
Authenticating Connection...Complete
Checking for Definition Updates...Failed
Definitions Update Failed
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 FlannelBack

FlannelBack

  • Members
  • 327 posts
  • OFFLINE
  •  
  • Local time:08:16 AM

Posted 02 November 2014 - 05:56 PM

Sorry Quietman7, I only waited a couple of minutes.  SAS usually completes updates in 20sec. at most for me.  Probably didn't wait long enough for failed update message.

But the computer was connected to the internet, I just changed the firewall rule for SAS from allow to block.



#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,579 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:16 AM

Posted 02 November 2014 - 06:06 PM

The free version shows the info and check boxes for Application and Malware Database Updats. The Automatic updates itself will not be enabled...you need to purchase the Pro version for that feature.

Therefore, SAS should not be updating unless you specifically use the link "Click here to check for updates" in the lower right corner under Database version.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 allstock

allstock
  • Topic Starter

  • Members
  • 120 posts
  • OFFLINE
  •  
  • Local time:07:16 AM

Posted 02 November 2014 - 06:50 PM

I've never gone into permissions and directly changed things. Whenever the dialog box comes up and asks if zonealarm should allow the action, I click no. It doesn't seem to make a difference and it finishes the downloading from what I can see.

#10 allstock

allstock
  • Topic Starter

  • Members
  • 120 posts
  • OFFLINE
  •  
  • Local time:07:16 AM

Posted 02 November 2014 - 06:54 PM

Also: I have the latest free version. It tries to connect on its own as soon as it's opened.

#11 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,579 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:16 AM

Posted 02 November 2014 - 07:24 PM

I just installed the newest free version too and it does not try to connect. Are you sure you declined the trial version after setup completed?
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#12 titan1

titan1

  • Members
  • 121 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Bengal,India
  • Local time:05:46 PM

Posted 02 November 2014 - 08:33 PM

@quietman 7, I used to use superantispyware.But after they released the new version I saw that even I disabled the start up of SAS free though a process named SAScore.exe was running.I disabled the start up from CCleaner.But still the process was there after start up.And SAS was present at right click context menu.Though it was not in system tray.The system tray icon appeared only when I myself initiated a scan by SAS.Have witnessed something like this?

#13 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,579 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:16 AM

Posted 02 November 2014 - 09:05 PM

When installing SUPERAntiSpyware, it will install SAS Core Service (SAScore.exe) as a Windows service set on Automatic as well as a separate start-up entry which can be disabled through the programs main GUI...System Tools > Preferences. The service is required and should be left alone or it will impact the effectiveness of scanning and removal. If SUPERAntiSpyware is not running, the core service will utilize very little system resources.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#14 FlannelBack

FlannelBack

  • Members
  • 327 posts
  • OFFLINE
  •  
  • Local time:08:16 AM

Posted 02 November 2014 - 10:34 PM

Sure enough Quietman7! I set the firewall rule to block SAS, tried to update SAS definitions, waited 4-5min. But the failed to update messages finally appeared.

What I don't understand is why, for allstock, SAS is trying to connect to the internet as soon as it launches. Doesn't do that here.  Maybe "anonymous threat reporting"?  And why it still downloads updates when it is supposedly being blocked by ZoneAlarm.

I'm currently showing:
SUPERAntiSpyware Version 6.0.1158
Free Edition
Database Version 11586
The Database Definition Information page shows current Database Version 11587, as of 11/02/2014 04:57AM PST.



#15 allstock

allstock
  • Topic Starter

  • Members
  • 120 posts
  • OFFLINE
  •  
  • Local time:07:16 AM

Posted 03 November 2014 - 04:25 AM

Here's some screen shots in sequence from the point I open SAS...not set to autoupdate - free version, not free trial of pro version.

SASZA_zps995e86af.png

 

 

To the point I click to check for updates...no Zonealert...never actually downloaded any updates(keep in mind the whole time it doesn't have internet privilages).

SASZAupdated_zps7206413b.png

And now after I've clicked "ok" and taken to the SAS mainscreen....notice it has been updated even without ever connecting to the internet.....in the below pic afterwards, what is it trying to do on the internet???

SASZAafterupdate_zps2e6a233c.png


Edited by allstock, 03 November 2014 - 04:26 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users