Anti-Spyware Background Processes..
JD
Process Explorer, from http://technet.microsoft.com/en-us/sysinternals
and I found a couple of new process running the the background:
SASCORE.exe: The Description is "core service." I run SUPERAntiSpyware
Free as an on-demand scanner and manually update it so I'm curious as to
why this process starts with Windows? The SAS response is: "You need it
for the free edition - leave it set as we set it. The core service
should be left running - that's the bottom line - it uses little memory
or cpu." Anybody here familiar with this service? I can easily set it to
manual or disabled using Control Panel, Administrative Tools, Services.
a2Service.exe: The Description is Emsisoft Anti-Malware Service. I run
Emsisoft Anti-Malware as an on-demand scanner and manually update it so
I'm also curious as to why this process starts with Windows? I haven't
found a real description of what it does. Anybody here familiar with
this service? I can easily set it to manual or disabled using Control
Panel, Administrative Tools, Services.
I'm not a big fan of services that run in the background for no real
reason.
--
JD..
David H. Lipman
The "a2Service.exe" Emsisoft Anti-Malware Service is for removing malware under a Limited
User Account (LUA).
I don't know know what SASCORE.exe is or what it is used for.
--
Dave
Multi-AV Scanning Tool - http://multi-av.thespykiller.co.uk
http://www.pctipp.ch/downloads/dl/35905.asp
Han
news:j6t1a...@news4.newsguy.com:
I have SAS paid, and have SASCore64.exe running from system, I believe.
--
Best regards
Han
email address is invalid
David H. Lipman
And you are running a 64bit OS Han ?
Han
I believe so, David. Got a new laptop, ASUS X53E, Intel core i3-2310M @
2.1 GHz, 8 GB RAM, 64 bit Win7 Pro.
David H. Lipman
> On Sun, 9 Oct 2011 17:15:39 -0400, "David H. Lipman"
> <DLipman~nospam~@Verizon.Net> wrote:
>> From: "Han" <nob...@nospam.not>
>>
>>>
>>> I have SAS paid, and have SASCore64.exe running from system, I believe.
>>>
>>
>> And you are running a 64bit OS Han ?
>
> I have Windows 7 Home Premium 64-bit and the free version of SAS
> installed.
> I have the service !SASCORE running - SAS Core Service
>
> Path to executable:
> "C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE"
>
> Startup type: Automatic
>
> --
So we know what the service belongs to and we knows there are 32 bit and 64 bit versiosn.
The questiion is what does this SAS NT Service perform ?
Han
news:j6t6f...@news4.newsguy.com:
> From: "FredW" <fr...@blackholespam.net>
>
>> On Sun, 9 Oct 2011 17:15:39 -0400, "David H. Lipman"
>> <DLipman~nospam~@Verizon.Net> wrote:
>>> From: "Han" <nob...@nospam.not>
>>>
>>>>
>>>> I have SAS paid, and have SASCore64.exe running from system, I
>>>> believe.
>>>>
>>>
>>> And you are running a 64bit OS Han ?
>>
>> I have Windows 7 Home Premium 64-bit and the free version of SAS
>> installed.
>> I have the service !SASCORE running - SAS Core Service
>>
>> Path to executable:
>> "C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE"
>>
>> Startup type: Automatic
>>
>> --
>
> So we know what the service belongs to and we knows there are 32 bit
> and 64 bit versiosn. The questiion is what does this SAS NT Service
> perform ?
Hi David:
SAS has been updating lately. The file in Windows Taskmanager has under
Properties a description of Core Service, type application, file version
1.0.0.1066, copyright 2005-2011 SUPERAntispyware, 0 bytes, but in
TaskManager it's listed as 1440K. Opening file location, and it is
138KB, dated 8/11/2011 7:38PM.
I tend to trust SAS, but I don't understand how this works, really. Do
you want me to email you the file?
JD
I set both services to Manual, using Control Panel, Administrative
Tools, Services and both programs seem to work without the services
running. I ended up updating Emsisoft Anti-Mailware from Version
5.1.0.19 to Version 6.0.6.40 and it changed the Service to version 6,
which I also set to Manual.
It also didn't give me an option on the install location. Not a good thing.
Do you use Emsisoft Anti-Mailware? It seems like it's turning into what
I call "crap-ware" where it has a whole slew of questionable things I
had to disable, "Enable Guard on system startup" and "Join the
Anti-Malware Network." What the Hell?
So much for a simple, on-demand, manually updated scanners. 8-)
--
JD..
David H. Lipman
You can upload it to http://www.uploadmalware.com/ but I believe it's a legitimate SAS NT
Service. I just don't know what that service is for.
David H. Lipman
I stopped using Nick Skrepeto's s software years ago.
JD
He's the author of SAS or Emsisoft Anti-M?
Besides your Multi-AV scanning tool, do you have a on-demand, manual
update anti-malware program that you like?
--
JD..
JD
From what I can tell, it's just some crap-ware service that you don't
really need to run to use the SAS program. You can set it to manual or
disable it. Control Panel, Administrative Tools, Services, SAS Core Service.
For the time being, I set mine to manual.
--
JD..
David H. Lipman
>>
>> Hi David:
>> SAS has been updating lately. The file in Windows Taskmanager has under
>> Properties a description of Core Service, type application, file version
>> 1.0.0.1066, copyright 2005-2011 SUPERAntispyware, 0 bytes, but in
>> TaskManager it's listed as 1440K. Opening file location, and it is
>> 138KB, dated 8/11/2011 7:38PM.
>>
>> I tend to trust SAS, but I don't understand how this works, really. Do
>> you want me to email you the file?
>>
>
> From what I can tell, it's just some crap-ware service that you don't really need to
> run to use the SAS program. You can set it to manual or disable it. Control Panel,
> Administrative Tools, Services, SAS Core Service.
>
> For the time being, I set mine to manual.
>
Please, do not assume it to be a some "crap-ware service" until you get the facts of its
functionality.
David H. Lipman
Nick Skrepeto is the author of SAS but it has been sold off. Now Nick can race his car
all he wants.
To the best of my knowledge, Christian Mairoll is the author of Emsisoft.
If I had another manually updated anti-malware program that I liked, I would replace
Kaspersky's DOS based scanner with it in my Mulkti-AV Scanning Tool.
JD
> From: "JD"<J...@example.invalid>
>
>>>
>>> Hi David:
>>> SAS has been updating lately. The file in Windows Taskmanager has under
>>> Properties a description of Core Service, type application, file version
>>> 1.0.0.1066, copyright 2005-2011 SUPERAntispyware, 0 bytes, but in
>>> TaskManager it's listed as 1440K. Opening file location, and it is
>>> 138KB, dated 8/11/2011 7:38PM.
>>>
>>> I tend to trust SAS, but I don't understand how this works, really. Do
>>> you want me to email you the file?
>>>
>>
>> From what I can tell, it's just some crap-ware service that you don't really need to
>> run to use the SAS program. You can set it to manual or disable it. Control Panel,
>> Administrative Tools, Services, SAS Core Service.
>>
>> For the time being, I set mine to manual.
>>
>
> Please, do not assume it to be a some "crap-ware service" until you get the facts of its
> functionality.
>
Before I made the original post in this newsgroup, I did a search
regarding the SAS core service, and somebody posted the following, which
I used in my original post:
The SAS response is: "You need it for the free edition - leave it set as
we set it. The core service should be left running - that's the bottom
line - it uses little memory or cpu."
Not much of a response.
I set it to manual, SAS worked. Call it what you want, I've said what I
think about it. 8-)
--
JD..
David H. Lipman
No, it isn't a response but it doesn't make it a "crap-ware service" either.
JD
I grow weary of having to turn things off that I never turned on in
software that is supposed to protect me from Malware/Spyware. I guess I
opted in when I installed the software and both programs are free
because I didn't pay for them but I wonder what the costs are to my
computer.
--
JD..
David H. Lipman
You have to realize that for some actions or capabilities a NT Service will have to be
loaded and run as the System.
VanguardLH
> Doing some research about a question in another newsgroup, I fired up
> Process Explorer, from http://technet.microsoft.com/en-us/sysinternals
> and I found a couple of new process running the the background:
>
> SASCORE.exe: The Description is "core service." I run SUPERAntiSpyware
> Free as an on-demand scanner and manually update it so I'm curious as to
> why this process starts with Windows? The SAS response is: "You need it
> for the free edition - leave it set as we set it. The core service
> should be left running - that's the bottom line - it uses little memory
> or cpu." Anybody here familiar with this service? I can easily set it to
> manual or disabled using Control Panel, Administrative Tools, Services.
looks like it was there before in the Pro version and then got added in
August via update to the free version. Although claimed for use during
real-time protection, it's now there for the the free version that
doesn't have real-time protection. Despite going through all of its
configuration settings, it WILL be running processes on Windows startup.
Also, from what I've read (since I don't have it anymore), SAS will
re-insert its startup process. So you disable/delete it but SAS puts it
back in. I use WinPatrol and can have it *permanently* disable an item.
If it shows up again, WinPatrol will disable it again (before you reboot
and it loads again). For example, Apple's sticks its worthless
qttask.exe into the registry as a startup item and it will reappear (I
forget the event that reinstates this entry, like you run their program,
it's config, or due to an update), so I disable it in WinPatrol. If
WinPatrol sees it show up again as a startup entry then it disables it
again. From other users, sascore is NOT required despite the claims of
SAS techs but it keeps trying to reinstate itself so you need to keep
disabling it (unless you use something automatic to do that, like
WinPatrol). When queried about the purpose of this background process,
SAS won't elucidate. That's no big surprise since many anti-malware
authors rely on secrecy (and not help malware authors) rather than
robustness to deter anti-malware.
Even if you address the sascore process, SAS also installs a system hook
when it installs. It doesn't matter if you configure it to be passive
or not. It still injects a hook into the system. I'd have to install
it again and monitor that install. I suspect I either saw it using
Resplendence's Hook Analyzer (as a system API hook) or SysInternal's
AutoRun (as a "shell execute" hook). I just remember finding it despite
trying to keep SAS Free completely quiescent when not loaded.
Despite their claim that these measures were needed for SAS to attempt
to get "below" any existing active malware to ensure SAS could detect
and eradicate the malware, I wanted a completely passive on-demand
secondary anti-malware scanner. So I uninstalled SAS (and used the
snapshot recorded in Zsoft Uninstaller to eliminate any remnant registry
entries and files after the normal uninstall).
> a2Service.exe: The Description is Emsisoft Anti-Malware Service. I run
> Emsisoft Anti-Malware as an on-demand scanner and manually update it so
> I'm also curious as to why this process starts with Windows? I haven't
> found a real description of what it does. Anybody here familiar with
> this service? I can easily set it to manual or disabled using Control
> Panel, Administrative Tools, Services.
>
> I'm not a big fan of services that run in the background for no real
> reason.
SuperAntispyware (SAS) and a-Squared (Emsisoft). It's been way too long
since I trialed a-Squared to remember anything about that software.
From what I read, this is used to run A2 while logged on under a limited
user account (LUA). If you're always logged on under an admin-level
account, see if setting this service to "manual" startup mode has not
detrimental affects on using A2. Automatic means it gets loaded when
Windows is started (and before you login). That only means it gets
loaded, not that it remains loaded (some will load, do some checks, and
unload). Manual means it won't be loaded until called, so when you load
A2 then it'll call this service to load it. Of course, once the service
is started and running doesn't mean its gets stopped when you exit the
application. I suspect if you set the service to manual (service not
running when you start Windows) and then right-click on a folder or file
to select the A2 content menu entry to scan the file, the A2 service
gets loaded and it will continue running even after the scan has
completed. So if you use anything of A2 then the service gets started
and continues running until the next time you restart Windows. So
consider if the process' memory footprint is really that bad that you
need to keep the service from loading on Windows startup since anytime
you use A2 will start the service, anyway.
So how many security products did you install on your host? If you're
only using some of them as only on-demand scanners, why not look at
using their online scanners? http://www.emsisoft.com/en/software/ax/ for
A2 but many other AV vendors have online detect-only scanners. They
still require installing a client, like an ActiveX control, that
downloads their newest signatures, but it only does a scan and nothing
of it is running before or after the scan. Of course, that also means
any currently active malware could deter, affect, or corrupt their
client regarding the detection and eradication of the pest. Many online
scanners only tell you about a pest and won't get rid of it since the
full client isn't running on your host; however, unless they say you are
infected then you don't need their full client. The detection rate is
the same (but doesn't do the cleanup provided by the full client).
That's about as quiescent a *scanner* as you can get when not using it.
A word of caution about using online scanners: use an install monitor to
record their changes. The prevalent majority of online scanner provide
no uninstaller. They install a small detect-only client on your host
either as an app or browser add-on (AX for Internet Explorer). I've
found way too many browser helpers, add-ons, AX controls, or even helper
apps (clients) don't add an entry to the Add/Remove Programs applet (no
entry under the Uninstall registry key) so you're stuck with them unless
you used something to record their installation that you can then later
use to eradicate them. I use Zsoft Uninstaller (free). There are
payware uninstall tools, too, that will monitor installations (e.g.,
Revo Unintaller and Total Uninstaller). If you're using a 64-bit
version of Windows, make sure you use an uninstaller that supports it
(Zsoft is too old and Revo free is an old version that doesn't support
Win x64).
JD
> On Sun, 9 Oct 2011 18:16:08 -0400, "David H. Lipman"
> <DLipman~nospam~@Verizon.Net> wrote:
>> From: "FredW"<fr...@blackholespam.net>
>>> On Sun, 9 Oct 2011 17:15:39 -0400, "David H. Lipman"
>>> <DLipman~nospam~@Verizon.Net> wrote:
>>>> From: "Han"<nob...@nospam.not>
>>>>
>>>>>
>>>>> I have SAS paid, and have SASCore64.exe running from system, I believe.
>>>>>
>>>>
>>>> And you are running a 64bit OS Han ?
>>>
>>> I have Windows 7 Home Premium 64-bit and the free version of SAS
>>> installed.
>>> I have the service !SASCORE running - SAS Core Service
>>>
>>> Path to executable:
>>> "C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE"
>>>
>>> Startup type: Automatic
>>
>> The questiion is what does this SAS NT Service perform ?
>
>
> http://forums.superantispyware.com/index.php?/topic/4135-what-is-sas-core-service/
>
> However all I can find (Site Admin) that it is also needed for the free
> edition (leave it set as we set it).
> (see also post #28)
>
> But nobody (as far as I can see) gives any clue why it should be
> running.
>
>
I saw the same reply. It's not very helpful. That's why I set the
Service to manual. No adverse effect so far.
--
JD..
JD
I'll stick with the two programs, for now. Not a big fan on online
scanners, for the reasons you mention.
Sorry to confuse with asking about two different programs. Both the
SAScore.exe and the a2service.exe run as Services and both can be set to
Automatic, Manual or Disabled. I have both set to Manual.
Using SysInternal's AutoRun, I see the hook you're talking about:
Description: SABShellExecuteHook ClassShellExecuteHook
Publisher: SuperAdBlocker.com
Image Path: superantispyware\sasseh.dll
What does that do, exactly?
And you are correct about using the content menu entry to scan a file
with Emsisoft Anti-Malware. (They don't call it a2 anymore). Once the
scan is complete, the a2Service is turned back on. When it is set to
Manual. I stopped it and set it to Disabled and Emsisoft Anti-Malware
will not run.
SAScore does not exhibit that behavior using the content menu entry to
scan a file with SASfree.
Now I know how to deal with the two services. What about the SAS hook?
Just leave it alone?
--
JD..
JD
>
> I now have it set to manual (and stopped the service).
> At night I switch off my computer.
>
> So tomorrow the service will not run anymore.
> Tomorrow (ca. 18:00) I will do a full scan as every Tuesday.
>
> I will see what will happen, if anything different can be seen.
>
Great! Let me know what happens. Thanks.
--
JD..
VanguardLH
> Sorry to confuse with asking about two different programs. Both the
> SAScore.exe and the a2service.exe run as Services and both can be set to
> Automatic, Manual or Disabled. I have both set to Manual.
>
> Using SysInternal's AutoRun, I see the hook you're talking about:
> Description: SABShellExecuteHook ClassShellExecuteHook
> Publisher: SuperAdBlocker.com
> Image Path: superantispyware\sasseh.dll
>
> What does that do, exactly?
SAS/SuperAdBlocker won't say. They figure secrecy will deter malware
authors. I've some guesses by users but nothing concrete. If I still
had it, I'd use some tools (e.g., Nirsoft DLL export view) that let me
look into DLLs, like list their entry points or methods which might
divulge what type of functions are called from there.
>
> And you are correct about using the content menu entry to scan a file
> with Emsisoft Anti-Malware. (They don't call it a2 anymore). Once the
> scan is complete, the a2Service is turned back on. When it is set to
> Manual. I stopped it and set it to Disabled and Emsisoft Anti-Malware
> will not run.
>
> SAScore does not exhibit that behavior using the content menu entry to
> scan a file with SASfree.
>
> Now I know how to deal with the two services. What about the SAS hook?
> Just leave it alone?
A "shell execute" hook is code that loads when the "shell" gets loaded.
It depends on whose shell it is attached. For example, it could be
attached to Windows Explorer (explorer.exe) which means it loads for use
when WE gets loaded. The code isn't loaded until then. Again, it's
probably to assist SAS or SuperAdBlocker to detect malware.
http://zookaware.com/spyware-blog/shell-execute-hook-help/
http://blogs.msdn.com/b/oldnewthing/archive/2008/09/10/8938051.aspx
Both malware and anti-malware use shell hooks trying to incorporate
their functionality within the shell use to load apps. IShellExecuteHook
was deprecated (reduced functionality) from shell32.dll in Windows
Vista; see http://msdn.microsoft.com/en-us/library/bb775101(VS.85).aspx.
This caused problems with software that relied on it when ran under
Vista/7.
Did AutoRuns show to which process the hook was attached? SysInternals'
ListDLLs will show which DLLs are open (loaded). I've never used it but
"listdlls -d sasseh.dll" should show you if it is currently loaded.
The only [normal] way to get rid of the SAS hook is to uninstall SAS.
But I'd check after the uninstall that it went away.
Eddie
>
> Doing some research about a question in another newsgroup, I fired up
> Process Explorer, from http://technet.microsoft.com/en-us/sysinternals
> and I found a couple of new process running the the background:
>
> SASCORE.exe: The Description is "core service." I run SUPERAntiSpyware
> Free as an on-demand scanner and manually update it so I'm curious as to
> why this process starts with Windows? The SAS response is: "You need it
> for the free edition - leave it set as we set it. The core service
> should be left running - that's the bottom line - it uses little memory
> or cpu." Anybody here familiar with this service? I can easily set it to
> manual or disabled using Control Panel, Administrative Tools, Services.
program it returns to an autorun setting. SAS may be anti-malware, but setting
up as an autorun program of it's own, that I cannot control makes it no better
than a virus, trojan or malware. Most other programs have an auto-update
option, it's time SAS did the same.
JD
We've gotten past my level. I can live with both programs for the time
being, now that I know how to control their "services."
--
JD..
FromTheRafters
news:v896971mllrlhnil7...@4ax.com...
> On Mon, 10 Oct 2011 11:10:21 -0500, JD <J...@example.invalid> wrote:
>
> I now have it set to manual (and stopped the service).
> At night I switch off my computer.
>
> So tomorrow the service will not run anymore.
> Tomorrow (ca. 18:00) I will do a full scan as every Tuesday.
>
> I will see what will happen, if anything different can be seen.
Let's play "what if ... ?"
What if there is malware out and about that prevents SAS from updating
when it is called upon to do an on demand scan? What if you contract that
malware and it loads from some registry entry? What if SAS found that they
could ensure the "up-to-dateness" of their program by having the update
occur prior to the malware's opportunity to load and detect that SAS has
been invoked?
If one were to remove that service, they might not ever see anything
untoward and yet they have practically defeated the entire program.
...all because you don't like stuff running, and you don't like the lack
of answer from the vendor about what it does.
If you don't trust them, why are you running their program?
David H. Lipman
JD
> On Mon, 10 Oct 2011 12:11:35 -0500, JD<J...@example.invalid> wrote:
>> FredW wrote:
>>> On Mon, 10 Oct 2011 11:10:21 -0500, JD<J...@example.invalid> wrote:
>>>> FredW wrote:
>>>>>
>>>>> I found this thread in the SAS forum:
>>>>> http://forums.superantispyware.com/index.php?/topic/4135-what-is-sas-core-service/
>>>
>>>>
>>>> Service to manual. No adverse effect so far.
>>>
>>> I agree, it's a mystery.
>>>
>>> I now have it set to manual (and stopped the service).
>>> At night I switch off my computer.
>>>
>>> So tomorrow the service will not run anymore.
>>> Tomorrow (ca. 18:00) I will do a full scan as every Tuesday.
>>>
>>> I will see what will happen, if anything different can be seen.
>>>
>>
>> Great! Let me know what happens. Thanks.
>
>
> SAS Core service is not running.
> I did a manual update.
> (update to the latest database version at the time of update.)
> I did a manual "Complete Scan".
> (see scan log below.)
> I noticed nothing unusual.
>
>
> Scan log:
> SUPERAntiSpyware Scan Log
> http://www.superantispyware.com
>
> Generated 10/11/2011 at 03:26 PM
>
> Application Version : 5.0.1128
>
> Core Rules Database Version : 7778
> Trace Rules Database Version: 5590
>
> Scan type : Complete Scan
> Total Scan Time : 00:32:46
>
> Operating System Information
> Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
> UAC On - Administrator
>
> Memory items scanned : 573
> Memory threats detected : 0
> Registry items scanned : 69129
> Registry threats detected : 0
> File items scanned : 41048
> File threats detected : 0
>
Thanks Fred.
Thats kind of what I figured, the service is not necessary for the Free
version. I have it set to Manual and I turned it Off and it will stay
that way until somebody comes along with an explanation as to what the
SASCore.exe service actually does.
--
JD..
FromTheRafters
> On Mon, 10 Oct 2011 19:10:37 -0400, "FromTheRafters"
> <erratic...@gmail.com> wrote:
>>"FredW" <fr...@blackholespam.net> wrote in message
>>news:v896971mllrlhnil7...@4ax.com...
>>> On Mon, 10 Oct 2011 11:10:21 -0500, JD <J...@example.invalid> wrote:
>>>>FredW wrote:
>>>>> On Sun, 9 Oct 2011 18:16:08 -0400, "David H. Lipman"
>>>>> <DLipman~nospam~@Verizon.Net> wrote:
>>>>>>
>>>>>> So we know what the service belongs to and we knows there are 32 bit and
>>>>>> 64
>>>>>> bit versiosn.
>>>>>> The questiion is what does this SAS NT Service perform ?
>>>>>
>>>>> I found this thread in the SAS forum:
>>>>> http://forums.superantispyware.com/index.php?/topic/4135-what-is-sas-core-service/
>>>>
>>>>Service to manual. No adverse effect so far.
>>>
>>> I agree, it's a mystery.
>>
>
>
>
>>If you don't trust them, why are you running their program?
>
>
>
>
> I am just curious as what will happen when I stop a service with no
> visible purpose.
Purposes aren't always visible. In my above hypothetical scenario, there
would be no output event except failure when the hypothetical malware
was encountered.
> The manual update today performed as usual.
> The manual scan today performed as usual.
> Maybe one or the other performed a little bit slower,
> but I did not notice and I don't mind if that would be so.
I was just suggesting that it might be more important than it appears to
be if you are only judging by observing output events. For instance, if it
was an update thingy, you could log before and after disabling it and look
at difference data, and still get no clue as to its purpose of loading sooner
in the boot axis than some hypothetical malware loading from the registry.
Of course you can do as you like, in fact I'm perfectly happy not having
it at all - which is in effect the same as the hypothetical scenario except
I'm not using up any cycles to do so.
David W. Hodgins
> Thats kind of what I figured, the service is not necessary for the Free
> version. I have it set to Manual and I turned it Off and it will stay
> that way until somebody comes along with an explanation as to what the
> SASCore.exe service actually does.
quarantining of malware, when the scan is run by a limited user.
Regards, Dave Hodgins
--
Change nomail.afraid.org to ody.ca to reply by email.
(nomail.afraid.org has been set up specifically for
use in usenet. Feel free to use it yourself.)
JD
> On Tue, 11 Oct 2011 14:18:41 -0400, JD <J...@example.invalid> wrote:
>
>> Thats kind of what I figured, the service is not necessary for the Free
>> version. I have it set to Manual and I turned it Off and it will stay
>> that way until somebody comes along with an explanation as to what the
>> SASCore.exe service actually does.
>
> I don't know, but my guess would be that it may be needed for the
> quarantining of malware, when the scan is run by a limited user.
>
> Regards, Dave Hodgins
>
From my limited experience with this SAS service, if it is set to
Manual, when SAS needs it, it will start, to serve whatever purpose it
serves.
It's not a big deal to most computer users. Leave it set as SAS suggests
and there shouldn't be any problem or set it to Manual and there
shouldn't be any problem.
SAS isn't saying what it does and I understand that. It's up to each
user to decide how to handle this particular Windows Service.
--
JD..
FromTheRafters
> On Tue, 11 Oct 2011 14:33:57 -0400, "FromTheRafters"
>>"FredW" <fr...@blackholespam.net> wrote in message
>>news:8iv8979km24vc3pmg...@4ax.com...
>>> On Mon, 10 Oct 2011 19:10:37 -0400, "FromTheRafters"
>>> <erratic...@gmail.com> wrote:
>>>>
>>>>Let's play "what if ... ?"
>>>
>>> I did: "what if I close the service for which I can find no reason."
>>>
>>>>If you don't trust them, why are you running their program?
>>>
>>> Why would I run SAS twice per week when I would not trust SAS?
>>>
>>>
>>> I am just curious as what will happen when I stop a service with no
>>> visible purpose.
>>
>>Purposes aren't always visible. In my above hypothetical scenario, there
>>would be no output event except failure when the hypothetical malware
>>was encountered.
>>
>
> Thank you for your (hypothetical) scenarios.
> I have read (and reread) them carefully.
>
> I have now 69 services running (and more not running).
> There are many services running for which I never bothered to look for
> their purpose.
> I now also found a service for a program I run only once per week.
>
> I will leave the SAS Core Service stopped (and manual) for now.
> When the next version of SAS appears (end of this month), I will
> uninstall and install as I usually do with new versions of programs.
> When SAS Core Service will be installed as "automatic", I will leave it
> as it will be installed.
It would be nice to hear from the vendor exactly why they feel it is best
to have it enabled. I'm sure you are not the only user with concerns
about what is running and why, perhaps if you voiced your concerns to
the vendor they may give you more insight. I'm sure many users want
their on demand security tools to not have active components wasting
cycles - after all, that is usually why they opt for on demand.