This article lists requirements and dependencies for running SSProtect on your computer.
Introduction
SSProtect is a SaaS system aimed at protecting data (documents/ files and email) from organized intrusion attempts plaguing corporations. The desktop client (:Foundation Client) does not make use of traditional programming frameworks or common libraries, which helps avoid 0-day vulnerabilities held by nation states, well-funded electronic crime groups, and specialized teams or organizations that focus on host penetration.
SSProtect - or more precisely the :Foundation Client (which runs on your host computer) - is as a result relatively small (tiny), and is comprised of an Executable and several DLLs that run on Windows laptop, desktop, workstation, and even server computers to protect document/ data files and Outlook Email messages. The footprint, as of v10.7.x, is as follows:
- SSProtect Installer: ~ 7.0 MB
- SSProtect Installed: ~ 7.5 MB
- SSProtect Full Update: ~ 7.0 MB
- SSProtect FAST UPDATE: ~ 3.4 MB
- :Email Installer: ~ 3.5 MB
- :Email Installed: ~ 9.8 MB
SSProtect :Email and related Updates are dynamically downloaded and installed (w/ interactive guidance, when desired). Uninstallation removes all components while providing flexibility for removing or retaining configuration data. Note, however, that configuration data can be re-provisioned when using Remote Profile Deployment.
Windows Platforms
The :Foundation Client is a 64-bit binary supported on Windows 7 and Windows 10. It is designed for compatibility with host operating systems on bare metal or in virtual environments, independent from virtualization technologies. If you have needs for Windows XP, Windows 8.x, Windows Server, or need a 32-bit build, email Support at support@definisec.com.
:Email Outlook Add-On
:Email is an Outlook Add-In that protects email message content, compatible with:
- Microsoft Office 2010
- Microsoft Office 2013
- Microsoft Office 2016
- Microsoft Office 2019
- Microsoft Office 365
Refer to the section, "Product Email Trailers" for important information regarding email message content stripping.
System Resources
The software uses relatively little memory and storage space, and thus operates on any host computer that meets Windows minimum requirements (bare metal and VMs).
In-Place Encryption and Anti-Virus Software
SSProtect delivers In-Place Encryption and Protection, a mechanism for maintaining protective control over data file content even while it's being modified in a native application container, such as Microsoft Word. This is a non-specific mechanism that utilizes a filesystem driver, which can pose challenges to improperly developed third-party software, or software that uses undocumented procedures to implement various esoteric features (not uncommon in security products).
If you encounter inconsistent operation when using In-Place Encryption, refer to the information that follows specific to Anti-Virus Exceptions.
NOTE: Though we use the term anti-virus, it applies to anti-malware software, hybrid combinations of the two, and other similar host endpoint protection software.
Business Anti-Virus Editions
Enterprise anti-virus software is built with interoperability in mind, minimizing incompatibilities and exceptions when combined with other popular software technologies. When problems arise, deployment costs skyrocket while the accompanying support burden becomes unbearable. As a result, business anti-virus products have a fairly good track record of compatible operation with the :Foundation Client (see below for recent and unexpected issues with Microsoft Security).
At the time of this writing, all major business anti-virus products are inter-operable with DefiniSec products, out of the box (with no customizations), though built-in Microsoft Security requires additional exception configuration as noted and described below.
"In-Between" Host Security Software
Kaspersky had its early success with consumer solutions and leveraged this success to enter the business domain. Though peaking at a 5% market share, it was at one time one of the top four players on the business market.
In 2015, Kaspersky was not compatible with SSProtect without exception configuration (explained below), though in 2016 did not require adjustments. This has since changed again, and as a result, we recommend planning on configuring an exception to avoid spontaneous incompatibilities resulting from core software updates.
Anti-Virus Exceptions
Almost all anti-virus software provides a facility for excluding certain programs from scanning and other protective measures. If you encounter problems between AV software and SSProtect, refer to your vendor's procedures to exclude the following binary application file at minimum, and/ or related binaries in the same folder:
%ProgramFiles%\DefiniSec\SSProtect\SSProtect.exe
Windows Security
Security Essentials, the Windows 7 add-on which later integrated new technologies directly into Windows 8.x and Windows 10 as Defender and now Windows Security, was initially and for some time compatible with SSProtect.
Compatibility changed with the release of Controlled Folder Access, and though our team has contacted Microsoft, we were never able to receive any insight on the matter - or reparations for the issues. As such, you must configure Controlled Folder Access to ensure SSProtect does not overlap managed folders.
Additionally, Windows Security starting in 2019 released changes that inhibit consistent operation of In-Place Encryption, which results in sporadic results: Managed Access operations for SSProtect'd content sporadically fail.
In these cases, we are not aware of any result that exposes plaintext content. However, for improved consistency, refer to the procedures in the article, Anti-Virus Exceptions.
Product Email Trailers
Many anti-virus systems, not unlike tablets and smartphones, append a short message to the end of each email advertising the equipment and/or provider from which the message was sent, or anti-virus system that performed security cleansing or checking on the message.
SSProtect :Email takes this into consideration and removes this text before converting the protected information back into plaintext. This information is thus always removed from the final plaintext result, but remains with the original encrypted content when the message is closed. This is not a matter of arbitrary interference, as it is required in order to maintain certain operational capabilities that may, in the future, be addressed in another fashion.
Nothing Stays the Same
All technologies change. Security technologies must respond to the quickest-changing dynamics in the technology landscape. What works today may not work tomorrow. While the Enterprise Security vendors are required to retain ongoing compatibility, consumer products don't always have the same level of success. This is worth taking into consideration if you encounter unusual behavior over time, though to-date it has not yet been an issue (since early 2015 release).
Additional Resources
You can search this site for more information on various topics, or use this link to submit a specific request. You can also send email directly to support@definisec.com, and our staff will respond to your needs as soon as possible.
In the meantime, don't forget to check out our primary website and Insights columns for information on current trends, security topics, and how our technologies relate.
This article was updated w/ v10.7.1 of the :Foundation Client