SecureAPlus’ powerful Application Whitelisting comes in 3 distinct modes that is designed to accommodate the different levels of security that users may require.
This is the default mode that SecureAPlus is on and is the one that gives you best balance between level of flexibility and control and is recommend for normal use. Every time a new and untrusted file runs for the first time, regardless of whether it was just downloaded/copied or has been in your computer for some time, SecureAPlus will stop it from running automatically.
You will then be prompted to make a decision whether to trust the file or block it. The prompt contains a diagnosis on whether the file is signed as well as letting you know how many of the Universal AV engines are detecting it as a threat.
Trusting the file will add it to your application whitelist and will no longer be prompted on subsequent launches. Blocking the file will simply terminate the file process to launch.
An exception would be when the Universal AV detects the already trusted file as a possible threat (when one or more engines detect it as a virus) when it’s virus definitions are updated. Universal AV will therefore prompt the user with the updated detection information, on which case the user can Quarantine, Delete, or Ignore the detected file.
Selecting Quarantine & Delete options will remove the file from the whitelist. On the other hand, selecting Ignore will continue to let the file stay in the whitelist and run freely.
This mode has the highest level of security and the lowest in flexibility. It blocks every file not on your application whitelist that tries to start a process on your computer. Non-Admin Windows User Accounts are set to Lockdown mode without the option to switch to other modes.
This is the perfect mode for users who do not wish to be prompted and is confident to operate with applications that he/she already trusts. Cases in which this level of security might come in handy would be when you are connected to an unsecure network (i.e. public wifi, campus network), for cases where a prompt may cause a disturbance (i.e. intense gaming, video rendering), and lastly for Non-Admin Users Accounts of a Windows PC.
Users can still launch new and untrusted applications in this mode by manually changing the trust level of the file you intend to launch prior to running it.
Note that manually changing the trust level of a file can only be done by Windows accounts with Admin privileges. As an added precaution it is highly recommended to manually scan the file before manually trusting it.
This mode has the highest level of flexibility and the lowest in terms of security. In this mode, all files that start a process are trusted. This means that during the period that SecureAPlus is in “Trust All” mode, all files are automatically added to your application whitelist.
Being in “Trusted All” mode doesn’t leave your computer vulnerable to attacks. Universal AV will still be functional and will notify you if a new threat has entered (downloaded or copied to) your computer. As this is only the Anti-Virus component operating, the file itself is free to auto-run even if it is detected and is only stopped at the time the user chooses to delete or quarantine the harmful file.
As this practically disables the added security component of maintaining an application whitelist with SecureAPlus, “Trust All” mode cannot be permanently enabled and it switches back to your previous mode after either 5 minutes, 30 minutes or on your next reboot.
This post is also available in: Japanese