-{ Quote: "thanks;) do you have the beta 9 of avira or just the version 8?thanks again" }-

Avira 9 Beta

-{ Quote: "Avira 9 Beta" }-cool,thanks may solve my problem here too:thumb:

I am getting hundreds of files being reported as infected on my Windows 7 laptop today.

I believe that this may not be corrrect.

Is there a problem with false negatives today? Currently my machine is reporting 202 infected files.

-{ Quote: "Yes, I believe it would - I didn't actually test it as I'm a bit short on virtual machines at the moment but based on the way that it drops files, it does look like it would be found heuristically." }-

I believe you - still, that's the reason layered defense is always a must. :)

-{ Quote: "I am getting hundreds of files being reported as infected on my Windows 7 laptop today.

I believe that this may not be corrrect.

Is there a problem with false negatives today? Currently my machine is reporting 202 infected files." }-

We just had a signature hit incorrectly on Windows 7 (64bit) comps - could you try either uninstalling/reinstalling or rescanning? It should correct the issue automatically, but if it doesn't, let me know and I'll take a look at what's causing it :)

Hello

Another issue that will interest you PrevxHelp:

I'm recently using a software called PC Boost from an Israeli Company called Reimage, and when the computer boots up PC Boost disables the CSIScanner Service, and I have to relaunch Prevx Edge.

Can you take a look at this software and how it can done this?

I also send a mail to the company about this.

Hmmm ??? You should definitely add CSIScanner to some allowed list in PC Boost (if they have one) :)

-{ Quote: "Hmmm ??? You should definitely add CSIScanner to some allowed list in PC Boost (if they have one) :)" }-

There is no configuration. It's like a install it and forget it.

I raised the self protection of Prevx to Medium and see what happens next boot.

-{ Quote: "We just had a signature hit incorrectly on Windows 7 (64bit) comps - could you try either uninstalling/reinstalling or rescanning? It should correct the issue automatically, but if it doesn't, let me know and I'll take a look at what's causing it :)" }-


Reinstalled and rescanned and its all showing as secure now, Thanks for your help.

And yes it was 64bit w7

After raising the level of self protection, the Prevx service has been disabled for 2 times but now Prevx re enables it immediately.

Meanwhile Prevx reported 8 files infected in the folders

Common files \microsoft shared

and

program files\microsoft visual studio 9

but they are surely FP. After a rescan Prevx didn't considered them infected again.

CRAP, I believed your statement (PrevxHelp) and allowed actions through TF out of interest - Prevx did nothing and now I don't know what will happen! :'(

-{ Quote: "CRAP, I believed your statement (PrevxHelp) and allowed actions through TF out of interest - Prevx did nothing and now I don't know what will happen! :'(" }-

Hmm... are you sure Edge was fully enabled? The file is still manually added as a detection in the database so it should be blocked. :-\

Well, it's detected during a manual scan as I figured out I would try that, but what's the point when prevention is better than the cure and Prevx EDGE is all about the real-time protection? :( And how do I know the manual detection of just the freakin' executable will remove everything that's created and modified? There were atleast 3-4 pop-ups from TF with EDGE never going inbetween, before or even after! :-\

Everything is enabled as I don't expect it to be disabled when EDGE is all green and all settings are default except for Self-Protection which is set to minimum for some good reason I can't remember... most likely incompatibility with other security software - always is...

I'm not sure what would have caused this, but if you want, email me a scan log and I'll see what was modified from there to help you undo the changes.

-{ Quote: "I'm not sure what would have caused this, but if you want, email me a scan log and I'll see what was modified from there to help you undo the changes." }-

... and hopefully add those traces into your protection. Already did before I saw this message - trying to stay positive. :P :D

-{ Quote: "... and hopefully add those traces into your protection. Already did before I saw this message - trying to stay positive. :P :D" }-

There was one file remaining in your system (C:\Windows\Norton2009_TrialReset.exe) - if you rescan, it should be detected now as well but after that last one, the rest is clean :)

Scanned again with following reboot for cleaning process (why is it always asking you to reboot anyway? :dry: ). Weird thing was why this file was left even in the first place. Are you sure it's malicious too? My guess would be that it's created, but not activated (the crack-fix that's) as I said no when asked if I would like the crack to apply its fix.

-{ Quote: "Scanned again with following reboot for cleaning process (why is it always asking you to reboot anyway? :dry: ). Weird thing was why this file was left even in the first place. Are you sure it's malicious too? My guess would be that it's created, but not activated (the crack-fix that's) as I said no when asked if I would like the crack to apply its fix." }-

It doesn't look all that terribly malicious but it is dropped in an overly discrete manner IMO and a few other AVs detect the file as well which lends some credence to removing it.

The reboot is done to ensure everything is removed thoroughly - Edge's removal modules load extremely early in the boot process so that they can undo any changes made by rootkits/spyware. Granted, its a bit of overkill for an "infection" like this, but its still better to be thorough by rebooting than to possibly miss cleaning up something or to crash a program while trying to unhook in memory (in our opinion at least :))

Is an option to reboot later (yes-no dialogue) on the to-do list? Seems very possible that Prevx could take care of it at a later point in time.

EDIT: The discrete manner, I would suppose is to avoid most AV's detection and most importantly Symantec's. Symantec didn't react at all, not even SONAR, even if I've sadly experienced this before...

-{ Quote: "Is an option to reboot later (yes-no dialogue) on the to-do list? Seems very possible that Prevx could take care of it at a later point in time." }-

It isn't, and the reason is that if an infection is active, the best thing to do at that point would be to disinfect it so we try and push users through the cleanup process as quickly as possible to get them disinfected. Edge also turns on some "lockdown" functionality when running the cleanup to prevent further infections from entering so it is recommended that you reboot as soon as possible after the cleanup actually finishes.

-{ Quote: "It isn't, and the reason is that if an infection is active, the best thing to do at that point would be to disinfect it so we try and push users through the cleanup process as quickly as possible to get them disinfected. Edge also turns on some "lockdown" functionality when running the cleanup to prevent further infections from entering so it is recommended that you reboot as soon as possible after the cleanup actually finishes." }-

Some lockdown to system-functionality in other words... I understand. But maybe you can now understand my "yet to confirm"-feeling when there was both questionable detection and protection. The protection was not even there in this case! No footprint, no heuristics - nothing! TF detected every single move - Prevx would not do anything before, inbetween or even after. TF "old-school" so untrue IMO. It's proved itself time after time when it really counts - no shitty test-files and tests overall. In this case it would literally save the user. :blink:

The approach Threatfire takes is completely different to the approach Edge takes. Threatfire is going to warn about different actions like copying a file into the Windows directory but that, in itself, is NOT malicious. Edge looks at the program as a whole along with input from other times that the program is run from other users and collects that data to make the determination.

I'm not sure what caused the problem with your blocking of the file, but I ran it here and Edge immediately blocked it as "Malicious Software" :-\

Most of the times *I* have got prompts from TF, they've been legit, only some FPs in its early days. It's been smart enough, but I know this has not been the case even lately for other users testing it against modification to for example system files.

Well, that was AFTER you added it footprinted into the db, correct? We both don't know if it would be detected without a footprint, but it seemed not to as EDGE sure analyzed the files. It was impossible to not see happening down to the right. The same case even after the footprint was added by you. The time when I tested to allow the actions, all the traces being created, through TF. Everything is on. Everything is active. No reaction from Prevx and Prevx comes before TF.


I mean no offense here. ;)

I'm going to be asking the database team to see what could cause this because it does look like something went wrong to make you not get the blocked determination but me get it ???

However, as I said before, you were the first user to see it so it isn't exactly a fair infection to compare against. It is possible that the first user who sees an infection would get hit by it - the first time you saw the file Threatfire blocked it from actually running so Edge never actually got any event data from it. The second time technically became the first time because THEN it was able to actually see the file running (although, it should have been blocked anyway because I set it to 'bad' so I'm not sure what went on there).

I'll investigate it further and let you know what I find :)

I have a problem removing 3 posibles malwares from my gf PC

c:\windows\system32\wmp.dll
c:\windows\system32\xpsp2res.dll
c:\windows\servicepackfiles\i386\sprt0404.dll

all 3 are tagged as malware components i followed the removal instructions 3 times but they still comming up every reboot thanks

-{ Quote: "I have a problem removing 3 posibles malwares from my gf PC

c:\windows\system32\wmp.dll
c:\windows\system32\xpsp2res.dll
c:\windows\servicepackfiles\i386\sprt0404.dll

all 3 are tagged as malware components i followed the removal instructions 3 times but they still comming up every reboot thanks" }-

A "malware component" designation means that they are replaced system files - an infection modified them and replaced them with malicious/patched copies.

Could you please write into the customer support inbox? It would be easier to work on it with you there as this will require more research-team assistance :) You can get to the inbox from http://www.prevx.com/support

-{ Quote: "I'm going to be asking the database team to see what could cause this because it does look like something went wrong to make you not get the blocked determination but me get it ???

However, as I said before, you were the first user to see it so it isn't exactly a fair infection to compare against. It is possible that the first user who sees an infection would get hit by it - the first time you saw the file Threatfire blocked it from actually running so Edge never actually got any event data from it. The second time technically became the first time because THEN it was able to actually see the file running (although, it should have been blocked anyway because I set it to 'bad' so I'm not sure what went on there).

I'll investigate it further and let you know what I find :)" }-


Thx for the information. :) So, what was happening, the event in the screenshot I took, was no event that Prevx could take determination from, even heuristically? It was only a file being created in sensitive areas?

I don't think your argument "you were the first user to see it so it isn't exactly a fair infection to compare against. It is possible that the first user who sees an infection would get hit by it" holds, as Prevx is more specifically about blocking new, yet unseen threats - but that may just be my opinion and view. ;D That's basically the main-point about using Prevx in the first place.

thanks for the information

-{ Quote: "Thx for the information. :) So, what was happening, the event in the screenshot I took, was no event that Prevx could take determination from, even heuristically? It was only a file being created in sensitive areas?

I don't think your argument "you were the first user to see it so it isn't exactly a fair infection to compare against. It is possible that the first user who sees an infection would get hit by it" holds, as Prevx is more specifically about blocking new, yet unseen threats - but that may just be my opinion and view. ;D That's basically the main-point about using Prevx in the first place." }-

According to the screenshot, all that happened was that the program copied another program into the Windows directory. We "could" detect it based on only that, but it would generate a lot of false positives because MANY legitimate programs do just that :doubt:

This is the same problem with leaktests like keylogger leaktests. People misinterpret the intention/abilities of these leaktests on modern security software. It is not difficult whatsoever to detect that a program is going to be monitoring keystrokes. Frankly, it is about 20 lines of code to do that if you already have a basic framework developed for monitoring behaviors. However, it is not malicious to monitor keystrokes. Games do it, hotkey programs do it, security software does it, web browsers sometimes do it, login programs do it.... there is a LONG list of reasons to do it, which is why Microsoft provides neat, convenient methods for monitoring keystrokes ;D If there wasn't a demand for monitoring keystrokes by legitimate applications, Microsoft wouldn't bother writing and maintaining the hooks necessary to manage them.

It is not possible to find 100% of threats on the "first sight". We can find a whole load of them automatically (thousands per hour), but it is not 100% - this is simply because we have a limited amount of information when a file first is seen. After a file is seen by a wider audience (i.e. 2 people instead of 0 ;D), the "shape" and dynamics of the file are much easier to analyze so we're able to make a much more educated interpretation of it.

*Steps off soapbox* ;D

Explains a lot. :) Just another question out of curiosity: WOULD it be possible to detect a lot of completely new infections on first sight, the first time it's ever seen by Prevx? I get the legitimate-action thing, but would it probably take care of it heuristically when coming a little further in the infection process if my protection wasn't seemingly broke, and would it also take care of all the traces? ( :-\ ) My understanding is that Prevx always monitors everything that's done to your system... Weird thing is this is happening in the latest stable version, and as explained everything default, effective out-of-box settings except for the self-protection... :(

Yes, it definitely - we use static analysis to find programs before they execute, as well as server-side sandboxing of samples as they come in for analysis so we catch a lot of malware the first time its ever seen, even if it is a completely new variant/technique. A recent example is the Conficker worm - we didn't have any knowledge of it but we blocked it from the first user that saw it.

My guess as to why it was let through for you was because we have some caching in place to cut down the user's bandwidth requirements so there may be a small window if you run a program a second time before it is checked again. This is generally not a problem as running a program twice just results in two reports of the same data - however, because Threatfire blocked it the first time, that interrupted the analysis.

A solution to this would be to see if the program actually DOES successfully load and only apply the logic in that case, rather than possibly not collect any data if another AV interrupts the process.

i am shocked ! prevx support is really fast :o
i really like this program !!

-{ Quote: "i am shocked ! prevx support is really fast :o
i really like this program !!" }-

Yes, Prevx has got a big lot of respect, both for their great software and EXCELLENT support. That's what makes a real company. ;)

What's the file "qc.csi"? It was detected and deleted by BitDefender Online Scanner as malware - even if I'd set it to prompt if things couldn't get disinfected, GRRR :P - so, is my installation of EDGE corrupted now or what? :doubt: From what I understand, it's a quarantine-file of malware, and thus also the detection.

-{ Quote: "i am shocked ! prevx support is really fast :o
i really like this program !!" }-
Why the shock...it is their trademark and one of their key differentiators with everyone else...;)

Glad you approve! ;D

-{ Quote: "What's the file "qc.csi"? It was detected and deleted by BitDefender Online Scanner as malware - even if I'd set it to prompt if things couldn't get disinfected, GRRR :P - so, is my installation of EDGE corrupted now or what? :doubt: From what I understand, it's a quarantine-file of malware, and thus also the detection." }-
I think that the best thing to do would be to uninstall Edge, reboot and then immediately re-install it. That is what I did when I had an issue like this early on and it seemed to work a treat...but I am sure that Joe will be along to advise (he never sleeps you know...always out there watching/listening...looking out for us! ;D )

-{ Quote: "I think that the best thing to do would be to uninstall Edge, reboot and then immediately re-install it. That is what I did when I had an issue like this early on and it seemed to work a treat...but I am sure that Joe will be along to advise (he never sleeps you know...always out there watching/listening...looking out for us! ;D )" }-

Yeah, he's awesome! ****! I think he saw that! ;D Now the real-time protection was doing stuff, detecting traces of the crack-infection I think, so I'll leave it without a reinstall for now.

Suggestion: I want to be able to view the Prevx report; more information by double-clicking or right-clicking in the "Undo Cleanup" section as well - would be more convenient and faster than search manually after something was blocked/removed like I have to do now...

EDIT: This was the Prevx report: http://www.prevx.com/filenames/2216395111511951385-0/PREVX.EXE.html ... was that really the crack-infection? I would suppose it's and that the team has been doing more research, thus the additional detection, but I'm still not 100% sure. Then again I didn't read the report that thoroughly. ;D

-{ Quote: "...EDIT: This was the Prevx report: http://www.prevx.com/filenames/2216395111511951385-0/PREVX.EXE.html ... was that really the crack-infection? I would suppose it's and that the team has been doing more research, thus the additional detection, but I'm still not 100% sure. Then again I didn't read the report that thoroughly. ;D" }-
Hi Raven

If you are still unsure then I would definately uninstall Edge, go to the Prevx website, download a new copy of Edge (from a known safe source), reboot and then immediately install Edge again from the fresh download. It should scan your PC as part of the install and look for/find the malicious versions, if any exist.

Hpoe that helps? ;D

-{ Quote: "What's the file "qc.csi"? It was detected and deleted by BitDefender Online Scanner as malware - even if I'd set it to prompt if things couldn't get disinfected, GRRR :P - so, is my installation of EDGE corrupted now or what? :doubt: From what I understand, it's a quarantine-file of malware, and thus also the detection." }-

Ok, announcement for everyone ;D

We have received many reports of antivirus softwares detecting qc.csi file. This is the quarantine file used by Prevx CSI/Edge, where infections are stored after cleaning.

Our quarantine feature makes use of a simple algorithm to encode infection files inside our container. Even if simple, it's obviosuly more than enough to securely disable and store all infections found by Prevx.

Some antivirus softwares are able to decode our quarantine file and they could find signature of malwares inside it. Some other softwares simply detect the encryption algorithm as suspicious and report it.

This doesn't mean qc.csi is infected or Prevx software has been corrupted/infected or Prevx drops infections inside the system.

This statement just to assure our customers there isn't any infection inside qc.csi :) Or, better, there are encrypted and disabled infection files removed by Prevx after a cleanup routine. Tho, it's not a false positive of other antivirus softwares. They are right :)

Thanks for the heads up Eraser.

Edge is the only detection app I run on my computer now so I got no worries.

-{ Quote: "Thanks for the heads up Eraser.

Edge is the only detection app I run on my computer now so I got no worries." }-me too:thumb:

-{ Quote: "
EDIT: This was the Prevx report: http://www.prevx.com/filenames/2216395111511951385-0/PREVX.EXE.html ... was that really the crack-infection? I would suppose it's and that the team has been doing more research, thus the additional detection, but I'm still not 100% sure. Then again I didn't read the report that thoroughly. ;D" }-

Definitely a good idea - I'll have us add a double-click on the 'Undo Cleanup' screen to open the filenames page (I thought that WAS in there but it definitely isn't ;D)

Based on the page you opened, it does look to be malicious - if you look at the "File Name Aliases" section, there are a number of filenames which are from this same program.... definitely not up to any good ;D

And Eraser is exactly correct about qc.csi as well :)

Is anyone using this on Windows 2003 Servers?

Curious what the overhead is on things such as file and Exchange servers where I don't want to be monitoring/scanning every file read to/from disk (with Exchange we have dedicated Exchange-aware antivirus), but do want to be sure the OS of the server hasn't been compromised remotely via some exploit rather than through someone doing something from the console.

-{ Quote: "Is anyone using this on Windows 2003 Servers?" }-
We have a number of corporate users running it on Windows 2003 servers - Edge doesn't scan every file as its written so its overhead is very light: it scans code as it is loaded into memory. A file being written can't actually infect just by being written so we decided to not bother scanning them, which dramatically reduces its overhead :) Edge will, of course, block an exploit which would come through or malware which enters by other means.

Hope that helps :)

Thanks, looks worth a try - happy enough with our current desktop A/V but not delighted with their server offerings.

I guess being paranoid I have to ask - what sort of issues, if any, have you seen on things such as Exchange servers which might be running/loading all kinds of "on the fly" processes into RAM (stating the obvious but with Exchange/SQL these executables can easily grow to over 1gb) as they cache database data?

Also any plans for centralized monitoring/management? I don't see a manual on the website but from what I could see with Edge, it's not possible with a couple dozen servers to monitor them all form one central point?

We honestly haven't had any problems from our users of Server 2000, 2003, or 2008. The only thing they're asking for is centralized management ;D Right now, we have CSI Enterprise which will allow you to scan computers on a schedule with a centralized management console (http://www.prevx.com/securitybreachmanagement.asp) but we will be releasing Edge Enterprise in the next couple weeks which will give all of the features of Edge and allow them to be managed centrally.

And just to be crystal clear, the price doesn't differentiate between "Desktops" and "Servers" as I only see the option/pricing on your website for "PC's".

Not complaining but the business pricing almost looks too good to be true if it does cover servers?

Is there a PDF manual I can grab or just download it/install it and use the Help?

Oh and P.S what host(s)/ports does it need outbound on a corporate firewall to work?

-{ Quote: "And just to be crystal clear, the price doesn't differentiate between "Desktops" and "Servers" as I only see the option/pricing on your website for "PC's"." }-
At the moment, we don't charge an extra fee for server installation or console installation, unlike most of the other companies :) We feel that it is largely unnecessary to charge an extra fee for the management console. The business pricing does include access to our online management, which you can use on a server or client - we currently don't have any distinction between a client PC install and a server PC install as in the end they are both PCs :)

You can learn more about our enterprise offerings by visiting http://www.prevx.com/securitybreachmanagement.asp and clicking "Downloads & Documentation"

-{ Quote: "
Oh and P.S what host(s)/ports does it need outbound on a corporate firewall to work?" }-

I believe you can configure a port to be open, but I'm not positive. The documentation would probably be more helpful there :)

-{ Quote: "Definitely a good idea - I'll have us add a double-click on the 'Undo Cleanup' screen to open the filenames page (I thought that WAS in there but it definitely isn't ;D)

Based on the page you opened, it does look to be malicious - if you look at the "File Name Aliases" section, there are a number of filenames which are from this same program.... definitely not up to any good ;D

And Eraser is exactly correct about qc.csi as well :)" }-

perhaps off-topic, but would it be possible to add a search function to the online database? there have been many times i wanted to see Prevx's determination on a random file, but no way to input it.


Mike

Joe, is Vipre Av compatible wiv PxE?

-{ Quote: "perhaps off-topic, but would it be possible to add a search function to the online database? there have been many times i wanted to see Prevx's determination on a random file, but no way to input it.


Mike" }-I like that idea.8)

-{ Quote: "perhaps off-topic, but would it be possible to add a search function to the online database? there have been many times i wanted to see Prevx's determination on a random file, but no way to input it.


Mike" }-

We used to have this functionality but it was very heavily abused so we took it out. We are very interested in helping the community, but unfortunately other security companies prefer to mine for data :(

-{ Quote: "Joe, is Vipre Av compatible wiv PxE?" }-

Yes :)

-{ Quote: "At the moment, we don't charge an extra fee for server installation or console installation, unlike most of the other companies :) We feel that it is largely unnecessary to charge an extra fee for the management console. The business pricing does include access to our online management, which you can use on a server or client - we currently don't have any distinction between a client PC install and a server PC install as in the end they are both PCs :)

You can learn more about our enterprise offerings by visiting http://www.prevx.com/securitybreachmanagement.asp and clicking "Downloads & Documentation"" }-

Thanks - will definitely be giving this a try on a couple of test boxes.

I appreciate you're likely to be a bit biased, but equally you know the product inside out - would you say it's suited to the kind of usage I've mentioned?

I don't like having Antivirus on servers simply because everything I've seen is bloated beyond words, and we don't do much from the console of servers so downloads/drive-by's aren't a real-world issue, it's just that nagging paranoia that "something" could happen.

Just to let you know that I'm still having problems with Right Clicking on My Computer and Right Clicking a Drive to do a full system scan on a Fresh Clean Copy of Vista 32bit.

But when I go to Advance scan and Click Full scan or Custom scan and select C and D drives it works fine!

TH

-{ Quote: "Just to let you know that I'm still having problems with Right Clicking on My Computer and Right Clicking a Drive to do a full system scan on a Fresh Clean Copy of Vista 32bit.

But when I go to Advance scan and Click Full scan or Custom scan and select C and D drives it works fine!

TH" }-

Ok, thanks for the report :) I'll make sure this is addressed in the next release!

-{ Quote: "Thanks - will definitely be giving this a try on a couple of test boxes.

I appreciate you're likely to be a bit biased, but equally you know the product inside out - would you say it's suited to the kind of usage I've mentioned?

I don't like having Antivirus on servers simply because everything I've seen is bloated beyond words, and we don't do much from the console of servers so downloads/drive-by's aren't a real-world issue, it's just that nagging paranoia that "something" could happen." }-

I think it is, however, I think our Edge Enterprise offering will suit you even better once we release it so that you'll be able to use it without any interaction on the server computer itself.

I definitely agree with not using a conventional antivirus on a server - intercepting every file read/write brings in a huge level of overhead.

-{ Quote: "I like that idea.8)" }-
Moi aussi :thumb:

-{ Quote: "I think it is, however, I think our Edge Enterprise offering will suit you even better once we release it so that you'll be able to use it without any interaction on the server computer itself.

I definitely agree with not using a conventional antivirus on a server - intercepting every file read/write brings in a huge level of overhead." }-

Any ideas if the pricing is likely to change significantly once the word "Enterprise" enters the equation? :)

Also, just been looking at the online help and unclear on something - everything I've seen/read/watched concentrates on problems occurring whilst someone is logged onto a machine and doing something i.e interactive.

With a server of course it spends nearly all its life "hands off" just sitting there humming away at ctrl-alt-del.

Would Edge still be protecting/dealing with threats and what happens due to the "hands off" nature as there's nobody logged on to hit block/allow if Edge thinks a process is suspect?

I don't think the price would increase much but I'm not sure at the moment. However, Edge would need a user to be logged in to protect/warn - I imagine we will add better support for a non-logged in server in the future, however. (I'm not sure on the time scale for this at the moment)

any thing new coming up?for prevx edge?thanks

-{ Quote: "any thing new coming up?for prevx edge?thanks" }-

All of the new features are still in development :)

-{ Quote: "All of the new features are still in development :)" }-
cool thanks,any beta ready ?thanks again

-{ Quote: "cool thanks,any beta ready ?thanks again" }-

Not yet, but soon ;D

-{ Quote: "Not yet, but soon ;D" }-
Joe, stop titilating us like this...it is cruel! ;)

-{ Quote: "Not yet, but soon ;D" }-thanks and let us know please;)

Hi Joe

Seriously though...I can advise that since installing 3.0.1.17 I have not seen or suspect a single untoward happening such as a red icon in sys tray or disappearing icon, etc.

Just thought I would let you know...for what it is worth! ;D

http://www.prevx.com/blog/112/ZEUS-steals-information-from-home-and-business-PCs.html

Quite interesting article ;)

Hi all


[B] d:\datos\seguridad informatica\pc tools antivirus\pctoolsantivirusextension.dll [PX5: E9EB03CF90AF9D2D799301716109D70023F251DC] Malware Group: High Risk Fraudulent Security Program


Think this is a false positive, because I had just installed PC Tools berfore running Prevx CSI.


By the way, what´s that PX5 number?

-{ Quote: "...By the way, what´s that PX5 number?" }-Some who knows for certain can correct me but my half-way educated guess is that it's a "hash" calculated from the contents of the file, somewhat like a fingerprint.

-{ Quote: "Some who knows for certain can correct me but my half-way educated guess is that it's a "hash" calculated from the contents of the file, somewhat like a fingerprint." }-

Yes, it is a one-to-one hash like MD5 which we use to identify unique files :)

-{ Quote: "Hi all


[B] d:\datos\seguridad informatica\pc tools antivirus\pctoolsantivirusextension.dll [PX5: E9EB03CF90AF9D2D799301716109D70023F251DC] Malware Group: High Risk Fraudulent Security Program


Think this is a false positive, because I had just installed PC Tools berfore running Prevx CSI.


By the way, what´s that PX5 number?" }-

Fixed :)

Good Work PREVX !


Programme gives glimpse into hackers' world

Associated Press

Monday, 16 March 2009


Getting hacked is like having your computer turn traitor on you, spying on everything you do and shipping your secrets to identity thieves.

Victims don't see where their stolen data end up. But sometimes security researchers do, stumbling across stolen-data troves that offer a glimpse of what identity theft looks like from criminals' perspective.

Researchers from security firm Prevx found one such trove, a website used as a stash house for data from 160,000 infected computers before it was shut down this month.

more here:

http://www.independent.co.uk/life-style/gadgets-and-tech/news/programme-gives-glimpse-into-hackers-world-1646007.html

i want to report one FP

[B] c:\windows\sonysys\vaio recovery\launcher.exe [PX5: E6A4DD67A0081B02C8480590BAFC4200CC51E06D] Malware Group: Low Risk Adware

virus total link
http://www.virustotal.com/analisis/f1723fef4f98fe83c3659b9382d8f6e3

and i want to know how to avoid prevx to send email about pc infected when i excluded the folder :wacko:

thanks

-{ Quote: "i want to report one FP

[B] c:\windows\sonysys\vaio recovery\launcher.exe [PX5: E6A4DD67A0081B02C8480590BAFC4200CC51E06D] Malware Group: Low Risk Adware

virus total link
http://www.virustotal.com/analisis/f1723fef4f98fe83c3659b9382d8f6e3

and i want to know how to avoid prevx to send email about pc infected when i excluded the folder :wacko:

thanks" }-

You may want to try just adding the file itself to the ignore list by clicking Settings > Detection Overrides. I'll take a look to see what the problem would be with sending the MyPrevx emails about an infected PC with an excluded folder. (I've fixed the FP as well, fwiw ;D)

when i scan with prevx edge in admin account does this also scan stuff in the standard account for example i know that when i use ccleaner in admin account it doesnt touch the standard account,i know they are different kinds of apps but ill ask anyway?thanks

-{ Quote: "when i scan with prevx edge in admin account does this also scan stuff in the standard account for example i know that when i use ccleaner in admin account it doesnt touch the standard account,i know they are different kinds of apps but ill ask anyway?thanks" }-

If you have malware in the limited account which can reach the admin account, it will scan it but if the files are inactive, it wouldn't scan them under a normal scan. However, if you switch users into the limited account, it will protect you against threats from there as well.

Just a small question about licensing - I have 3 PC's/Laptops all running Vista SP1 32-bit, and was looking to buy 3 licenses for 2 or maybe 3 years.

If, as is likely, I switch to Windows 7.0 later this year when it is released will I be able to fresh install Prevx Edge on the new platfoms and continue to use the same activation keys to license them for the remaining time?

NigelS

-{ Quote: "Just a small question about licensing - I have 3 PC's/Laptops all running Vista SP1 32-bit, and was looking to buy 3 licenses for 2 or maybe 3 years.

If, as is likely, I switch to Windows 7.0 later this year when it is released will I be able to fresh install Prevx Edge on the new platfoms and continue to use the same activation keys to license them for the remaining time?

NigelS" }-

You will probably get a license error but let me know when you do and I'll reset it for you :)

-{ Quote: "You will probably get a license error but let me know when you do and I'll reset it for you :)" }-
Come on Joe you know better than that ;)

If you register at myprevx.com, you will be able to manage your own license. This means when you come to replace your PC/OS, you can login, delete your old PC (which deactivates the license), and then successfully activate the same key on your replacement.

OK, thanks that makes sense, a bit like Adobe License Activation scheme.

Does PrevX Edge RTP co-operate with the RTP features of AVG Antivirus & Eset NOD32 (the AV progs I currently have in use on these PC's). I presume that by using both RTP scanning in place, there will be a more noticeable slow-down when loading programs and DLL modules from running programs?

Are there any "gotchas" I need to know about when using HDD Imaging programs to make and restore full image drive/partition backups. I use Paragon HDM 9.0 Professional and o&o DiskImage v3 Pro for this purpose but I always tend to cold boot into the recovery CD of each program to do backups & restores, rather than relying on the Windows applications (though these are installed for image verifying and recovery of individual files from the backup images).

Thanks
NigelS

Edge does cooperate completely with NOD32 and AVG - there shouldn't be much of a slowdown at all (maybe just a minor slowdown on the initial run of a new program, but after that it should be relatively quiet and quick).

You shouldn't run into any problems with disk imaging, but if you do run them within Windows, you may want to turn off the Realtime MBR Scanning (Settings > Edge Protection Settings) so that it won't warn when the imaging program changes the boot sector.

Other than that, you should be good to go ;)

Thanks. 3 PC's Licensed & covered.

Now, I've run a deep scan and come up with a THREAT from a High Risk Worm from a file called Felix2.exe. This is an animated cat (Felix the catfood people in the UK) basically viral advertising from years ago, before viral advertising became commonplace. I cant believe it's a high risk worm (and anyway cats dont eat worms;D ) so I assume it's a FP. How do I go about getting the file submitted for checking>

Thanks
NigelS

Could you click Tools > Save Scan Results and then send me the entry which references Felix2.exe (it should be near the top :))

I'll then fix it ASAP :)

OK I've sent you a PM.

Having read the entry in your database about Felix2; it seems it may have been modified & used as a malware file, since 2007. My copy of the program dates from 1999, so I'm pretty sure it's safe. However, I can delete it and live without it if necessary, since I don't think I've run it in years. It has just remained untouched in my Misc Utils folder since 1999.

Please advise
NigelS

-{ Quote: "Having read the entry in your database about Felix2; it seems it may have been modified & used as a malware file, since 2007. My copy of the program dates from 1999, so I'm pretty sure it's safe. However, I can delete it and live without it if necessary, since I don't think I've run it in years. It has just remained untouched in my Misc Utils folder since 1999. " }-
I'll PM you my email address to send it to me :) The file has been seen with literally hundreds of suspicious looking filenames (all feline names :what: ) so I'd like to manually analyze it ;D

Quite a few programs detect this as Adware or an unwanted program and it technically is so I think I will leave the file being detected (although High Risk Worm is technically an incorrect name, even though it does display worm-like behavior). However, you can override the detection by using the Detection Overrides screen under Settings > Detection Overrides.

-{ Quote: "Come on Joe you know better than that ;)

If you register at myprevx.com, you will be able to manage your own license. This means when you come to replace your PC/OS, you can login, delete your old PC (which deactivates the license), and then successfully activate the same key on your replacement." }-

Unfortunately that doesn't enable you to switch between PE and PX2 version licenses. That said conceptually a good idea although perhaps not quite as accurate as we would like or expect in it's license counts?

Saw Erasmus from Prevx on BBC Click (http://www.bbcworld.com/click)program. Nice mix of scare and fact, enough to make the masses take some action.
http://www.bbcworldnews.com/Pages/ProgrammeFeature.aspx?id=18&FeatureID=1077

-{ Quote: "Unfortunately that doesn't enable you to switch between PE and PX2 version licenses. That said conceptually a good idea although perhaps not quite as accurate as we would like or expect in it's license counts?" }-

Sorry, can you explain PE and PX2 licenses as I don't understand your post - are you contradicting the advice that PrevxWebDesigner gave me?

NigelS

-{ Quote: "Sorry, can you explain PE and PX2 licenses as I don't understand your post - are you contradicting the advice that PrevxWebDesigner gave me?

NigelS" }-

Horseman's use of license switching is different, however for your usage, PrevxWebDesigner's solution will work well :)

Guys I'm trying to install KIS 2009 on my system but I seem to have come upon a problem. I have Prevx Edge installed and while trying to install KIS the installer flags Prevx as incompatable/conflicting software and tells me to remove it. Now I cant just remove Prevx, install KIS then reinstall Prevx because the Prevx license key only works the once for one machine. So what do you suggest????

Joe, can you have a look at my system, there might be a situation: http://www.wilderssecurity.com/showthread.php?t=236449

-{ Quote: "Guys I'm trying to install KIS 2009 on my system but I seem to have come upon a problem. I have Prevx Edge installed and while trying to install KIS the installer flags Prevx as incompatable/conflicting software and tells me to remove it. Now I cant just remove Prevx, install KIS then reinstall Prevx because the Prevx license key only works the once for one machine. So what do you suggest????" }-

Hello,
You can uninstall Edge and then install KIS and the reinstall Edge without a problem. The problem with the licensing occurs if you reformat your computer and then try and reinstall, but you'll be fine if you just uninstall/reinstall :)

Thankyou, worked like a charm.;D :thumb:

How many "S0ulS" are working on/with Prevx INDUSTRIES ?
$****tech
Draco

-{ Quote: "How many "S0ulS" are working on/with Prevx INDUSTRIES ?
$
Draco" }-

We have a team of about 30 people :)

-{ Quote: "We have a team of about 30 people :)" }-

Seriously!? Is that the whole team!?

-{ Quote: "Seriously!? Is that the whole team!?" }-

Yes, its a relatively small company but the upside is that we don't have the many-layers of unnecessary management which many other companies fall into :)

And also note that virtually all of our research is automated, reducing the need for hundreds/thousands of researchers which most of the other companies have :)

I see. Makes sense and is also impressive. Your software is proven excellent (and your support is completely superior, don't forget that we think that about you guys :)) and there simply is no software that can catch it all. ;) Don't recall that ThreatFire has missed some real-deal though to be honest, atleast not clearly now, thanks to its special monitoring. ;D

We are also always working on improving our monitoring - Edge is far from static ;D We have some major engine improvements coming up in the coming weeks/months which will be quite exciting :)

No idle times in sight for us! :)

cool,will this be something like webscaners do?thanks

-{ Quote: "cool,will this be something like webscaners do?thanks" }-

I'm not going to divulge any information until we're further along in the development process with each feature :)

-{ Quote: "I'm not going to divulge any information until we're further along in the development process with each feature :)" }-ah ok

-{ Quote: "Yes, its a relatively small company but the upside is that we don't have the many-layers of unnecessary management which many other companies fall into :)" }-

And I would add that we don't need all those layers which just slow down all attempts to improve the technology with the essential speed

Prevx is flagging a few files as threats that I believe are harmless. I use a program called Vista Boot Pro 3.3, which is a front-end for BCedit. Here's a link to a screenshot. Let me know what you think. Thanks!

http://usera.imagecave.com/Victek/Prevx%20scan%20results.jpg

The Prevx botnet story made the local paper:

http://www.dailyherald.com/story/?id=279477

Since intalling PrevX Edge I have been unable to connect remotely to my companies server via Vista Remote Desktop Connection. This could of course be a total coincidence, the problem could lie at the server end, but just so I can rule out possibilities - Is it possible PrevX is doing something to block my access? What & How could I check? I did the obvious (put it in install mode for 15 mins) but that made no difference.

Thanks
NigelS

-{ Quote: "Since intalling PrevX Edge I have been unable to connect remotely to my companies server via Vista Remote Desktop Connection. This could of course be a total coincidence, the problem could lie at the server end, but just so I can rule out possibilities - Is it possible PrevX is doing something to block my access? What & How could I check? I did the obvious (put it in install mode for 15 mins) but that made no difference.

Thanks
NigelS" }-

Edge doesn't interface with the network/internet connection at all so I don't think it would be Edge causing it. You could try disabling Self Protection and then terminating both prevx.exe processes with Task Manager, however, and see if that clears it up (that would completely disable Edge).

Joe,
Possibly a bit of a loaded question ;) but not intended to be - if I am using SandboxIE will Edge detect malware and suspicious *items* that have been downloaded into the sandbox while they are being held in there prior to closing the browser and flushing the contents away. ie: an advanced warning that you have something malicious in the sandbox so that you don't accidentally let it out. I seem to think I saw something about this somewhere but cannot now find it. I think Edge and OA were the two that were mentioned that possibly had this ability to see into the sandbox. Is this correct or have I totally misunderstood it.

I believe that is indeed the case, however, I haven't seen it myself (I haven't used Sandboxie) but I do believe some other users have reported that behavior :)

Thanks for the reply Joe. Will do a bit of basic *testing* to see what happens.

Hi Joe

Build 3.0.1.32 has just 'schmoooozed' its way onto my system, silently & painless...and is running well vs. the usual things that I throw at a new build:thumb:

Any chance of an indication as to what has changed?

Cheers



Baldrick ;D

-{ Quote: "Hi Joe

Build 3.0.1.32 has just 'schmoooozed' its way onto my system, silently & painless...and is running well vs. the usual things that I throw at a new build:thumb:

Any chance of an indication as to what has changed?

Cheers



Baldrick ;D" }-

This is a new beta build - the full version will be coming out in the next couple days :) Relatively minor changes this time around for the consumer product, however. It contains mostly changes for our Enterprise products and a few changes which have just been preliminarily integrated but are disabled from view for the time being ;D

We should have a new build tomorrow which will be close to being ready for release, but overall its still just a handful of minor fixes which have crept up over the last few weeks of 3.0.1.17.

Oh and trjam - this build has your new tray icons in it ;D

Cheers Joe

Good to know...but will keep trying to break it! ;)

Balders

Hi Joe this Beta build still does not do a full scan when I right click My Computer and now it will not do a single file scan. Just to let you know.

TH

So how many people works for Prevx?

-{ Quote: "So how many people works for Prevx?" }-

It was mentioned earlier. Around 30 staff!

http://www.wilderssecurity.com/showpost.php?p=1426756&postcount=2598

TH

-{ Quote: " Oh and trjam - this build has your new tray icons in it ;D" }-

Looks the same to me LOL

-{ Quote: "Looks the same to me LOL" }-

Yep ;D Not much of a difference. We know about the scan issue and should have it fixed in the next build :) However, we've decided that right clicking on My Computer should just run a normal scan (you can still get to the full scan from the Advanced Scan screen :))

-{ Quote: "It contains mostly changes for our Enterprise products and a few changes which have just been preliminarily integrated but are disabled from view for the time being ;D

We should have a new build tomorrow which will be close to being ready for release, but overall its still just a handful of minor fixes which have crept up over the last few weeks of 3.0.1.17.

Oh and trjam - this build has your new tray icons in it ;D" }-

I take it that the new tray icon is one of the things that are disabled from view? I still have the old one here :(

-{ Quote: "I take it that the new tray icon is one of the things that are disabled from view? I still have the old one here :(" }-

It's really only a couple pixels different ;D You would have to really be looking at it constantly to notice, but we had some requests that the center of the tray icon stand out a bit more :)

-{ Quote: "It's really only a couple pixels different ;D You would have to really be looking at it constantly to notice, but we had some requests that the center of the tray icon stand out a bit more :)" }-

Yes, I suppose looking at it again the green does stand out a bit more, I think I was expecting something a bit more radical.
I'll have to download something to turn it red now for curiosities sake ;D

-{ Quote: "Yep ;D Not much of a difference." }-
Looks a little 'more' 3D or perhaps more defined that the old one...if you know what I mean. Nice either way. :)

Joe,

Hello....

False positive - Avira 9 AV component....

Thanks,
Mark.

-{ Quote: "Joe,

Hello....

False positive - Avira 9 AV component....

Thanks,
Mark." }-

If you rescan, I believe I fixed it ~10 hours ago ;)

Hmmm - weird - the 2nd time I got it was 1 hour ago but I will scan again.

Thanks,
Mark.

-{ Quote: "Hmmm - weird - the 2nd time I got it was 1 hour ago but I will scan again.

Thanks,
Mark." }-

You also do have heuristics on maximum and are testing beta software - the "FP" will automatically correct itself, and in this case its probably fastest just to click Trust Always.

Joe,

Actually it's released as far as I see. :) But the scan did indeed clear.

Thanks,
Mark.

(Released meaning Avira 9, not Edge - still on .17 there)

Ah ok, thanks for the clarification ;D

No worries - released just 2 days ago or so...I'm sure you've been busy doing a few other things :)

Yo Joe: Don't know if the new build trying to update but this is the error I received, ESET got rid of a TON of Prevx files. Have notified support but no way to upload the error. What happened?

-{ Quote: "Yo Joe: Don't know if the new build trying to update but this is the error I received, ESET got rid of a TON of Prevx files. Have notified support but no way to upload the error. What happened?" }-

Add the Prevx folder to the exclusions in NOD32 :)

-{ Quote: "Yo Joe: Don't know if the new build trying to update but this is the error I received, ESET got rid of a TON of Prevx files. Have notified support but no way to upload the error. What happened?" }-

ESET does periodically produce FPs against us - you will have to add the Edge folder (C:\program files\prevx\) to the exclusions list in ESET, as well as the install file which exists at %TEMP%\pxinstall*.exe

In the meantime, you may want to just use the current public version 3.0.1.17 as I believe that is not detected by ESET.

one FP

e:\lenovo\lan\2tjy53usa.exe [PX5: 17967055002B894854600DCDB067D60094B5A5FD]

Eset detecte JUST the setup of upgrade prevx 3.0.1.17 -> 3.0.1.32
disallow eset, make update and when finish, re-activate protection ;)

-{ Quote: "ESET does periodically produce FPs against us - you will have to add the Edge folder (C:\program files\prevx\) to the exclusions list in ESET, as well as the install file which exists at %TEMP%\pxinstall*.exe

In the meantime, you may want to just use the current public version 3.0.1.17 as I believe that is not detected by ESET." }-

After running exclusions on ESET there was still a file in the C:\WINNT\TEMP directory by the name of px something. Went by so fast, but in the meantime 3.0.1.7 auto updated to the 3.01.32 and appears the waters have calmed once again. :dry:

-{ Quote: "Yep ;D Not much of a difference. We know about the scan issue and should have it fixed in the next build :) However, we've decided that right clicking on My Computer should just run a normal scan (you can still get to the full scan from the Advanced Scan screen :))" }-

Yes that is what it does a normal scan! ;D Just to confirm about the single file scan it also does a normal scan.

TH

-{ Quote: "Yes that is what it does a normal scan! ;D Just to confirm about the single file scan it also does a normal scan.

TH" }-

Yes, this is "correct" (well, that's what it does not and it is definitely NOT correct, but it should be fixed shortly ;D)

Is the final new version planned soon, or should I download the beta-build to ensure frequent new updates? ;D

-{ Quote: "Is the final new version planned soon, or should I download the beta-build to ensure frequent new updates? ;D" }-

You may want to wait - the final version will be out quite soon (maybe today, possibly over the weekend :))

The next beta will be coming out in ~30 mins or so. It fixes the handling of the right click scans and now won't bother the user with a popup when the update finishes :)

-{ Quote: "You may want to wait - the final version will be out quite soon (maybe today, possibly over the weekend :))" }-

Okay, Joe - I'll wait (if you want me to :blink: ;D :P). Excited about the version with lots of new features. :)

-{ Quote: "Okay, Joe - I'll wait (if you want me to :blink: ;D :P). Excited about the version with lots of new features. :)" }-

That isn't coming just yet, but we're in the process of planning out exactly when the new features will be coming ;)

-{ Quote: "That isn't coming just yet, but we're in the process of planning out exactly when the new features will be coming ;)" }-

Oh, I mean no rush ("DAAAAH!" ;D). No, seriously, I'm just joking. 8) :)

fixed :

Journal de l'analyse
Version de la base des signatures de virus : 3951 (20090320)
Date : 20/03/2009 Heure : 12:21:23
Disques, dossiers et fichiers analysés : C:\Documents and Settings\Arnaud\Bureau\pxinstall515\pxinstall515.exe
Nombre d'objets analysés : 1
Nombre de menaces détectées : 0
Heure d'achèvement : 12:21:23 Temps d'analyse total : 0 sec. (00:00:00)

-{ Quote: "fixed :

Journal de l'analyse
Version de la base des signatures de virus : 3951 (20090320)
Date : 20/03/2009 Heure : 12:21:23
Disques, dossiers et fichiers analysés : C:\Documents and Settings\Arnaud\Bureau\pxinstall515\pxinstall515.exe
Nombre d'objets analysés : 1
Nombre de menaces détectées : 0
Heure d'achèvement : 12:21:23 Temps d'analyse total : 0 sec. (00:00:00)" }-

Great :thumb: Thanks for letting us know :)

Bug report: Each day when i look in the main GUI it will still report As of today, Edge has cleaned 7 infections wich was days ago as u might remember. It seems it doesnt reset itself.

-{ Quote: "Bug report: Each day when i look in the main GUI it will still report As of today, Edge has cleaned 7 infections wich was days ago as u might remember. It seems it doesnt reset itself." }-

That is correct - since installation, as of today, Edge has cleaned 7 infections. It is a historical count :)

Got an update this morning to v37. Started out being blocked by my firewall, came back and said OK, but Prevx didn't run. So brought it up manually, and it said it had entered my registration, looked like it updated, and said I should reboot. Reboot got me a consistent BSOD from pxscan.sys with the message DRIVER_UNLOADED_WITHOUT_CANCELLING_PRNDING_OPERATION. So I tried to go to Safe mode, and near the end of the boot sequence, got another BSOD from Prevx. Then the computer would no longer boot at all. So currently restoring an image, but WARNING WARNING: Do not select option to run a scan at boot time; there appears to be no way out if you have a problem-Prevx still loads stuff in Safe mode. :( :( :(

-{ Quote: "Got an update this morning to v37. Started out being blocked by my firewall, came back and said OK, but Prevx didn't run. So brought it up manually, and it said it had entered my registration, looked like it updated, and said I should reboot. Reboot got me a consistent BSOD from pxscan.sys with the message DRIVER_UNLOADED_WITHOUT_CANCELLING_PRNDING_OPERATION. So I tried to go to Safe mode, and near the end of the boot sequence, got another BSOD from Prevx. Then the computer would no longer boot at all. So currently restoring an image, but WARNING WARNING: Do not select option to run a scan at boot time; there appears to be no way out if you have a problem-Prevx still loads stuff in Safe mode. :( :( :(" }-

Hello,
I'm very sorry you experienced these problems :( Could you please let me know what firewall and OS you're using so we can prevent these issues from occurring in the future?

I am running Online Armor full, beta 36, under VIsta Ultimate with SP1. Might have been OK if I had not selected to run a scan at boot, but ???

-{ Quote: "I am running Online Armor full, beta 36, under VIsta Ultimate with SP1. Might have been OK if I had not selected to run a scan at boot, but ???" }-

I'm thinking there may be an incompatibility during the upgrade process with Online Armor because of the warning that it gave. If for some reason the upgrade process was corrupted, its possible that the driver wasn't fully installed or became partially uninstalled.

Either way, we are now implementing a change which will prevent this from happening in the future. Sorry again for the inconvenience that this has caused :(

Seems a lot like a corrupted install, but normal OA request to OK the install was up for several minutes and blocked because I was out of the room. Problem was it being unrecoverable by going to Safe mode.

Well the restored image (Acronis 10) won't boot into Windows either. Off to the repair shop. :(

-{ Quote: "Well the restored image (Acronis 10) won't boot into Windows either. Off to the repair shop. :(" }-

Hmmm :-\ That sounds like it might be harddisk corruption in that case... could your hardware have gone bad recently? It might be worth taking out the harddrive and making it a slave partition on another computer so you can diagnose it "remotely".

v3.0.1.35 has just 'schmoooozed' it way (as usual) onto my rig! Smooth install, smooth and rapid post installation scan. No issues to report yet! Not sure I will even try to break this one based on my total lack of success with .32! :-[ ;D

Nice one Joe and all at Prevx.

-{ Quote: "v3.0.1.35 has just 'schmoooozed' it way (as usual) onto my rig! Smooth install, smooth and rapid post installation scan. No issues to report yet! Not sure I will even try to break this one based on my total lack of success with .32! :-[ ;D

Nice one Joe and all at Prevx." }-
Do you know where I can get the latest version?

-{ Quote: "Do you know where I can get the latest version?" }-

The new version will be released to the public on Monday/Tuesday :)

-{ Quote: "The new version will be released to the public on Monday/Tuesday :)" }-is there any new thing added to the real time shield ?thanks

-{ Quote: "is there any new thing added to the real time shield ?thanks" }-

Not yet :) Just a minor update release.

-{ Quote: "Not yet :) Just a minor update release." }-ah,i see

there is not a changelog? (i like see xD )
but today there are 3.0.1.32, 3.0.1.34, 3.0.1.35

what are they the new change for futur version? soon new language ? when automatic update ?

thank you ;D

-{ Quote: "there is not a changelog? (i like see xD )
but today there are 3.0.1.32, 3.0.1.34, 3.0.1.35

what are they the new change for futur version? soon new language ? when automatic update ?

thank you ;D" }-

We will be releasing this version out by next week, but it is still just minor changes over the current version (we're getting ready for the large changes ;))

The changelog between these versions is just small bug fixes - by Monday we'll have the right click scanning working completely, but that's about all for now :)

-{ Quote: "by Monday we'll have the right click scanning working completely, but that's about all for now :)" }-

Joe please let us know what the Right Click Scans will do!

TIA,

TH

-{ Quote: "Joe please let us know what the Right Click Scans will do!

TIA,

TH" }-

No actual functional changes besides it now working properly :) Right clicking on My Computer will run a standard scan, right clicking on a folder/file will scan that folder/file :)

-{ Quote: "No actual functional changes besides it now working properly :) Right clicking on My Computer will run a standard scan, right clicking on a folder/file will scan that folder/file :)" }-

Right click a Drive does what?

"Scan with Prevx Edge" is on the menu when I right click a drive.

-{ Quote: "The new version will be released to the public on Monday/Tuesday :)" }-
Is there any way I can get it before then? I'd really like to try it now.

Thanks!

-{ Quote: "Is there any way I can get it before then? I'd really like to try it now.

Thanks!" }-

You will have to wait like the rest of us!

TH

-{ Quote: "You will have to wait like the rest of us!

TH" }-
How come some of the users here are using the latest version? Are they beta testers?

-{ Quote: "How come some of the users here are using the latest version? Are they beta testers?" }-If I was an example you had in mind, I wasn't clear enough. When I right click on My Computer to Scan with Prevx Edge, it doesn't work for me either. However, scanning DOES work in v3.0.1.17 for me from right click on a drive. HOWEVER, if you're referring to 3.0.1.35 like Baldrick got, well (I assume he's a paid user, unlike myself) I reckon they're phasing distribution on the update which is not all that unusual, especially considered they are only about 30 staff and they aren't as "ignert" as Symantec sometimes acts, just screwing up everyone at once.

-{ Quote: "If I was an example you had in mind, I wasn't clear enough. When I right click on My Computer to Scan with Prevx Edge, it doesn't work for me either. However, scanning DOES work in v3.0.1.17 for me from right click on a drive. HOWEVER, if you're referring to 3.0.1.35 like Baldrick got, well (I assume he's a paid user, unlike myself) I reckon they're phasing distribution on the update which is not all that unusual, especially considered they are only about 30 staff and they aren't as "ignert" as Symantec sometimes acts, just screwing up everyone at once." }-
Hi crofttk

Yup, I am a paid user but a while before that (and I don't remember when exactly) I took up Joe's offer to run the Edge beta at that time. Since then I have received regular updates to what I believe is either the latest release version but also any new betas that come along. How Prevx have got me tagged so that I get the betas I do not know...but it is great as I am a selective but avid beta tester (rig set up to do it, etc.). ;D

@ambient

If you are interested in using the beta I would PM Joe (sorry...PrevxHelp) requesting a link to the appropriate download link, and see what he says. ;D

We aren't "advertising" the new beta version because it really isn't much different from the existing version so there isn't much to test. The "right click scanner" is the main issue which will be fixed, but that will be fixed in the next beta build, which will probably end up going out to all users as an official release on Monday :)

(and yes, right clicking on a drive will scan the drive ;))

The next round of new versions is still a few weeks away - we are still developing the new features and after that, we have a lot of internal quality assurance which includes testing on 26 different operating systems against 30+ popular AVs.

-{ Quote: "Hi crofttk

Yup, I am a paid user but a while before that (and I don't remember when exactly) I took up Joe's offer to run the Edge beta at that time. Since then I have received regular updates to what I believe is either the latest release version but also any new betas that come along. " }-

Yep, me too. Paid user and AFTER installing a beta on top of current program its been "auto updating" every version. Right click works everywhere on 1.35 version. Did NOT install beta on laptop, still running .17 on it but when the new final comes out, it will auto update. Prevx is an EXCELLENT program! ;)

i run Prevx Edge and DefenseWall in familly pc and it is fast and secure;D

-{ Quote: "Yep, me too. Paid user and AFTER installing a beta on top of current program its been "auto updating" every version. Right click works everywhere on 1.35 version. Did NOT install beta on laptop, still running .17 on it but when the new final comes out, it will auto update. Prevx is an EXCELLENT program! ;)" }-

I see the difference now I use the Beta but when the offical release comes out I always uninstall the Beta even though it is the release version and Download the official version from there website. Very interesting.

TH

-{ Quote: ""Scan with Prevx Edge" is on the menu when I right click a drive." }-

Yes I have the same. But before it use to do a Full system scan by Right clicking My Computer and Scan with Prevx Edge and now it does a Normal Scan and when I do a single file scan it does a normal scan again also that is what Joe is talking about that these things will be fixed in the next Build.

Joe will clarify what the Right Click Scans will do after this has been done!

TH

-{ Quote: "I see the difference now I use the Beta but when the offical release comes out I always uninstall the Beta even though it is the release version and Download the official version from there website. Very interesting.

TH" }-
I would not as if what is released is different to the beta you have it will update what you have and then you will have the release version...I think! ;D

-{ Quote: "That is correct - since installation, as of today, Edge has cleaned 7 infections. It is a historical count :)" }-

It doesnt say since installation

-{ Quote: "It doesnt say since installation" }-
Joe

Perhaps it should say "As AT today..." or "UP TO today..." rather than "As OF today..."?

What do the peeps think?

;D

-{ Quote: "Joe

Perhaps it should say "As AT today..." or "UP TO today..." rather than "As OF today..."?

What do the peeps think?

;D" }-"To Date" does it for me, but that could be UK/US difference.;)

Also Joe, could you have your techinical support guys have a look at my setup n frequent issue - id still like these products to function 100%. If its not a bother offcourse.

Well for me as of today means today, holland here

I think "To date" is the perfect replacement for "As of today" :)

However, to support our current wording - the Wikipedia About page says: "As of today, there are 2,800,867 articles in English." This means that today the total number of articles is 2,800,867, accumulated since its start.

GES/POR - if you could send me your license key, I can see if there are any problems :)

Prevx Edge says that is is a r00tkit...................Description:

vcore.dll is a vipre\r belonging to VIPRE Threat detection and remediation system\r


S0urce: http://www.processlibrary.com/directory/files/vcore/

-{ Quote: "Prevx Edge says that is is a r00tkit...................Description:

vcore.dll is a vipre\r belonging to VIPRE Threat detection and remediation system\r


S0urce: http://www.processlibrary.com/directory/files/vcore/" }-

We have a number of samples which indeed are rootkits named vcore.dll - could you save a scan log by clicking Tools > Save Scan Results and send me the entry including vcore.dll via PM so I can investigate it further? Thanks ;D

-{ Quote: "We have a number of samples which indeed are rootkits named vcore.dll - could you save a scan log by clicking Tools > Save Scan Results and send me the entry including vcore.dll via PM so I can investigate it further? Thanks ;D" }-


Yes ! U fast "baztardz" :-)

It has been sent 2 1 of your e-mailz!

Nice!!

"U" should give the results 2 sunbelt and A*****************quest

Is the AccuWeather desktop program really an adware infection, or is this a Prevx false positive?

-{ Quote: "Is the AccuWeather desktop program really an adware infection, or is this a Prevx false positive?" }-

If it is based on WeatherBug, it might be considered adware. Some of those are a bit risky/suspicious with how they report their data. If you would like, send me an email with the file and I'll take a look :)

-{ Quote: "If it is based on WeatherBug, it might be considered adware. Some of those are a bit risky/suspicious with how they report their data. If you would like, send me an email with the file and I'll take a look :)" }-
did you check the virus link a send you;D i want to know the results thanks

-{ Quote: "did you check the virus link a send you;D i want to know the results thanks" }-

PM sent ;D

-{ Quote: "If it is based on WeatherBug, it might be considered adware. Some of those are a bit risky/suspicious with how they report their data. If you would like, send me an email with the file and I'll take a look :)" }-

Hi - I'm trying to send the file, but get this message:

"Delivery to the following recipients was aborted after 0 second(s)"

i am not able 2 remove prevx E in TaskMa......
I also disabled it(tray), but it re enabled it self..
Hmmm

3 scans and 3 different results

-{ Quote: "i am not able 2 remove prevx E in TaskMa......
I also disabled it(tray), but it re enabled it self..
Hmmm

3 scans and 3 different results" }-

Edge prevents you from terminating it, and it will re-enable itself after being disabled within ~15 minutes or on a reboot (depending on the settings you set for it being disabled).

I have 3 PCs & 3 licenses. Today I needed to fully activate a copy of PrevX temporarily in a Virtual PC on the same machine as one of my legal licenses. So I punched in the code, expecting it to be rejected and that I would have to deactivate a current activation first. However I was surprised to find it was actually accepted.

Then I went into MyPrevX Console where it stated I was using "4 of 3" licenses!! I scanned my Virtual PC, and then disabled the Virtual PC again from within MyPrevX console. Back to "3 of 3" licenses. Then I tried to do another scan on the Virtual PC and got an error message (as expected) "Error L057: This PC cannot be activated it has been removed from the license and the maximum number of PC" (which doesnt make sense by the way).

Now I did expect the 4th copy of PrevX Edge to go back to a trial copy and continue to allow the free scanning - but it doesn't. The program still says it is activated, and everytime I try to scan it refuses to scan at all - giving the error msg already mentioned.

Why has it not reverted to a trial copy? How to fix?

Thankyou
NigelS

-{ Quote: "I have 3 PCs & 3 licenses. Today I needed to fully activate a copy of PrevX temporarily in a Virtual PC on the same machine as one of my legal licenses. So I punched in the code, expecting it to be rejected and that I would have to deactivate a current activation first. However I was surprised to find it was actually accepted." }-

Hello,
This would be better solved by writing into the customer service inbox ;D Could you write this exact message in? I'll make sure one of our team looks at it ASAP :)

Well the exact error msg is exactly as I posted previously.

In the end, the only thing which got me going again was to uninstall & reinstall a fresh trial copy.

quick question, would Prevx Edge and Mamutu have any conflicts together alongside Avira? i know Mamutu and Edge work differently, but they both have sort of a Behavior blocking ability dont they?

-{ Quote: "quick question, would Prevx Edge and Mamutu have any conflicts together alongside Avira? i know Mamutu and Edge work differently, but they both have sort of a Behavior blocking ability dont they?" }-

There is some overlap between Avira/Edge/Mamutu but as far as we've seen, all three work fine together :)

They may work, but are not needed. ;)

-{ Quote: "There is some overlap between Avira/Edge/Mamutu but as far as we've seen, all three work fine together :)" }-

ye i anticipated some overlap, but i dont feel like going for a HIPS app, and edge does add something to the others since it does detect malware in a bit of a different way, i was gunna use it possibly as simply an notification tool (free version).

-{ Quote: "ye i anticipated some overlap, but i dont feel like going for a HIPS app, and edge does add something to the others since it does detect malware in a bit of a different way, i was gunna use it possibly as simply an notification tool (free version)." }-hey buddy "got some coffee"
tim horton?;D

-{ Quote: "hey buddy "got some coffee"
tim horton?;D" }-

mmmm... i love timmies, screw starbucks :P

-{ Quote: "mmmm... i love timmies, screw starbucks :P" }-yeahhh;)

one time i drunk startbucks and coudnt sleep for 2 days:)

-{ Quote: "yeahhh;)

one time i drunk startbucks and coudnt sleep for 2 days:)" }-

lmao, i just dont like the taste of starbucks and its 5x price compared to timmies for a coffee, like WTF and all the stupid starbucks talk/lingo that i can never understand...

-{ Quote: "lmao, i just dont like the taste of starbucks and its 5x price compared to timmies for a coffee, like WTF and all the stupid starbucks talk/lingo that i can never understand..." }-agree:)
by the way are you running avira 9 free and prevx at same time?and does prevx complament avira or the other way?thanks

i was running avira and prevx but my wife told me that since i got the program with the red umbrella she was very slow,so got rid off the umbrella:)

-{ Quote: "agree:)
by the way are you running avira 9 free and prevx at same time?and does prevx complament avira or the other way?thanks" }-

im using Avira Premium, and i havent installed edge yet, im still thinking about it. ill probly just make an image and test it out.

-{ Quote: "im using Avira Premium, and i havent installed edge yet, im still thinking about it. ill probly just make an image and test it out." }-
ah,i see i had to uninstall avira cause slow down at some time

ok i just installed edge to test out, no noticeable slow downs as of yet, btw what is the current version number? i want to make sure i have the correct one.

-{ Quote: "ok i just installed edge to test out, no noticeable slow downs as of yet, btw what is the current version number? i want to make sure i have the correct one." }-it is 3.0.1.17

-{ Quote: "ok i just installed edge to test out, no noticeable slow downs as of yet, btw what is the current version number? i want to make sure i have the correct one." }-
The current version is 3.0.1.17.

-{ Quote: "it is 3.0.1.17" }-

ok ty to both of u, i do have the correct version then :)

-{ Quote: "ok ty to both of u, i do have the correct version then :)" }-and this happen on xp2;D

3.0.1.36 is out now! Joe is this the final for now?

TH

yep, like the green in the tray icon.;)

-{ Quote: "3.0.1.36 is out now! Joe is this the final for now?

TH" }-

We just have one more coming which just fixes scanning network drives with the on-demand scanner but after that we should be going out live :)

-{ Quote: "We just have one more coming which just fixes scanning network drives with the on-demand scanner but after that we should be going out live :)" }-

Aprox. when?

v3.0.1.37 up and running well here ;D ...although this time I had to ask for it rather than it just appearing as it has normally done in the past. ???

But it may be that I looked earlier than usual and that normally the auto update occurs with the schedueld daily scan (would make sense to check for new releases automatically at that time).

Anyway, as I said...running as smooth as silk...as we have come to expect. But that said I just cannot wait to test the new beta when it is out (in the next few weeks I hope, eh Joe?).

PS - I also like the new shade of green in the tray icon...and if I am not imagining it, have there not been a bit more 3D definition add?

-{ Quote: "v3.0.1.37 up and running well here ;D ...although this time I had to ask for it rather than it just appearing as it has normally done in the past. ???

But it may be that I looked earlier than usual and that normally the auto update occurs with the schedueld daily scan (would make sense to check for new releases automatically at that time).

Anyway, as I said...running as smooth as silk...as we have come to expect. But that said I just cannot wait to test the new beta when it is out (in the next few weeks I hope, eh Joe?).

PS - I also like the new shade of green in the tray icon...and if I am not imagining it, have there not been a bit more 3D definition add?" }-

You are not imagining the icon change ;D And yes - we have a load of new functionality to add but it should be ready within the next couple weeks :) (betas will, of course, be distributed as soon as its ready :))

The update occurs on the scheduled scan time so I'm guessing that you are correct in that you hit it before the scan queried the database as the update to .37 was just put out ~5 minutes ago ;D

-{ Quote: "Aprox. when?" }-

Should be out within this week, probably by tomorrow.

v3.0.1.37 is the newest version which appears to have everything fixed now :)

-{ Quote: "We just have one more coming which just fixes scanning network drives with the on-demand scanner but after that we should be going out live :)" }-

Great!

-{ Quote: "You are not imagining the icon change ;D And yes - we have a load of new functionality to add but it should be ready within the next couple weeks :) (betas will, of course, be distributed as soon as its ready :))

The update occurs on the scheduled scan time so I'm guessing that you are correct in that you hit it before the scan queried the database as the update to .37 was just put out ~5 minutes ago ;D" }-
Hi Joe

Glad my eyes are not defective. Really like the whole look and feel of Edge now...very, very professional!

Thanks for clarifying the timing. First time I have ever been that close to a new release being issued.

Finally, excellent news about the upcoming betas...just bring them on when the Team is ready to release them...we will be ready to test them...and make Edge even better than it is now (...is that possible ??? ). ;D

Joe can you tell us what the all Right Click Scans do? Because I just did a RCS on C Drive and it just did a normal scan.

TIA

-{ Quote: "Joe can you tell us what the all Right Click Scans do? Because I just did a RCS on C Drive and it just did a normal scan.

TIA" }-

The bug in the right click scanner will fix itself after you run one more right click scan using .36 or .37. Could you try updating and run a scan and then try running one more scan? ;D Right clicking the C drive should scan the C drive once the bug is avoided :)

-{ Quote: "The bug in the right click scanner will fix itself after you run one more right click scan using .36 or .37. Could you try updating and run a scan and then try running one more scan? ;D Right clicking the C drive should scan the C drive once the bug is avoided :)" }-

Yes it now works with 3.0.1.37 thanks! ;D

-{ Quote: "They may work, but are not needed. ;)" }- There's been over 2,700 posts covering a lot of evolution of this so I decided to ask for a simplistic, current recommendation of what is 'needed' besides Edge. Potentially I'll buy 5 licences, two for myself and one each for my 3 'kids'.
Can I let my Trend Internet Security lapse in July (it provides a lot of 'stuff' including a firewall but, being on dial-up, the downloads to support it are getting very tedious and time consuming)?
I'm also one of the lucky ones with FD-ISR and along with Edge I'd like that to be 'enough'. ???

-{ Quote: "There's been over 2,700 posts covering a lot of evolution of this so I decided to ask for a simplistic, current recommendation of what is 'needed' besides Edge. Potentially I'll buy 5 licences, two for myself and one each for my 3 'kids'.
Can I let my Trend Internet Security lapse in July (it provides a lot of 'stuff' including a firewall but, being on dial-up, the downloads to support it are getting very tedious and time consuming)?
I'm also one of the lucky ones with FD-ISR and along with Edge I'd like that to be 'enough'. ???" }-

I personal opinion is to have a layered security you can have what you have and Prevx Edge or Prevx Edge and a free AV such as Avira Antivir and your FD-ISR!

TH

-{ Quote: "There's been over 2,700 posts covering a lot of evolution of this so I decided to ask for a simplistic, current recommendation of what is 'needed' besides Edge. Potentially I'll buy 5 licences, two for myself and one each for my 3 'kids'.
Can I let my Trend Internet Security lapse in July (it provides a lot of 'stuff' including a firewall but, being on dial-up, the downloads to support it are getting very tedious and time consuming)?
I'm also one of the lucky ones with FD-ISR and along with Edge I'd like that to be 'enough'. ???" }-

The only other suggestions is make sure all security patches are up to date for Windows, IE7, Quicktime, Real Player, etc., you should also be running some sort of firewall hardware or software and if you use IE7 add something like Spyware Blaster http://www.javacoolsoftware.com/spywareblaster.html or a modified HOSTS file http://www.mvps.org/winhelp2002/hosts.htm. Both are free and don't take up any resources. I tried a trail version of FD-ISR and had problems with KAV at the time. Glad to see it is still around. A key stroke or two and you are back to a good snapshot.

Excellent RCS of C Drive. :thumb:

-{ Quote: "I personal opinion is to have a layered security you can have what you have and Prevx Edge or Prevx Edge and a free AV such as Avira Antivir and your FD-ISR!

TH" }-
I agree with the principle that Triple H has stated :thumb:

-{ Quote: "There's been over 2,700 posts covering a lot of evolution of this so I decided to ask for a simplistic, current recommendation of what is 'needed' besides Edge. Potentially I'll buy 5 licences, two for myself and one each for my 3 'kids'.
Can I let my Trend Internet Security lapse in July (it provides a lot of 'stuff' including a firewall but, being on dial-up, the downloads to support it are getting very tedious and time consuming)?
I'm also one of the lucky ones with FD-ISR and along with Edge I'd like that to be 'enough'. ???" }-
yes, I also have FD-ISR and threw in Sandboxie not as just a safeguard, but to clean out the trash.;)

I was going to check the site about Prevx Edge, but, I'm unable to access it for quite a long time now.

I've already tried with two systems, unconnected with each other, and separate Internet connections.

Can anyone confirm it?


Thanks

I was just there and it worked.

take that back, just tried to go and could not. Joe?

Jep its down but Joe is online though ;D

We've been making website changes throughout the day - all users are still completely protected, just the website will be down for a bit :)

yeah right, that is what Symantec said.;D

-{ Quote: "yeah right, that is what Symantec said.;D" }-

It's true ;) Try downloading EICAR when your copy of Edge doesn't know about it and it will block it ;) The website and database are completely separate (for security and technical reasons) ;D

Joe,
I notice that the download size of these latest beta are larger than 3.0.1.17 which is 848kb against 996kb for 3.0.1.36. Is this accounted for by all the hidden goodies waiting to be unleashed on us Beta testers when the next *version* goes live ;D

-{ Quote: "Joe,
I notice that the download size of these latest beta are larger than 3.0.1.17 which is 848kb against 996kb for 3.0.1.36. Is this accounted for by all the hidden goodies waiting to be unleashed on us Beta testers when the next *version* goes live ;D" }-

Yes ;D ;D We are working on cutting it back though - we <cannot> break 1MB!

It worked, as I knew it would but, here is a interesting thought. It asked me to block or gave me options to allow. With kids, there are no options. It would be nice if it just blocked if you wanted it to. Kid Proof.

-{ Quote: "Joe,
I notice that the download size of these latest beta are larger than 3.0.1.17 which is 848kb against 996kb for 3.0.1.36. Is this accounted for by all the hidden goodies waiting to be unleashed on us Beta testers when the next *version* goes live ;D" }-

Interresting observation

-{ Quote: "It worked, as I knew it would but, here is a interesting thought. It asked me to block or gave me options to allow. With kids, there are no options. It would be nice if it just blocked if you wanted it to. Kid Proof." }-

Yes, that's a good point. I'll see what we can do with a "Child-proof" mode which automatically blocks infections :)

I think it is. Something that can be password protected. It will make the world of difference for folks wanted to put it on their kids computers.

Under Edge Protection settings there are 2. Save and automatically block actions and automatically remove blocked files. I guess I kind of thought with these ticked, it did what I am suggestion. But it doesnt based on the Eicar test. This is the failing of HIPS and families.;)