-{ Quote: "Help file:
http://info.prevx.com/edgehelp.asp

soft, see detection overrides.

"Detection Overrides provide the user with the ability to change the default Edge behavior when it encounters specific files or folders. To add an override, click the "Add Override" button. This will open a dialog which will allow you to browse to a file or folder which you would like to modify the Edge behavior over.

If you select a folder, the folder will continue to be scanned but no detections will be reported. Edge will prevent you from selecting certain system folders from being excluded from the scan to prevent malicious software from exploiting the feature to evade detection."" }-

I saw this, but I want to exclude lets say all *.pas, *.dcu and *.bpl files, like I do with NOD32, but did not find anything where I can exclude files by mask.

-{ Quote: "I saw this, but I want to exclude lets say all *.pas, *.dcu and *.bpl files, like I do with NOD32, but did not find anything where I can exclude files by mask." }-

Excluding files by extension is generally a bad idea (as the file extension doesn't really mean anything - it is the file header which matters) so we don't offer the function. However, Edge functions by scanning code as it loads in memory and it wouldn't slowdown/detect those extensions unless they were harboring malware covertly :)

-{ Quote: "Although there were a few obvious false positives, Prevx Edge spotted and cleaned about a half dozen actual bad actors from several machines, a couple in the high threat class.:thumb:
I love the MyPrevx console to get the overall picture!" }-

If you still have a log, could you send it to me so I can double check/fix the FPs? :)

-{ Quote: "If you still have a log, could you send it to me so I can double check/fix the FPs? :)" }-
A few of them are some I already reported to you a week or so ago when running the trial version (which I deinstalled a few days ago prior to last night's install), but I WILL find the others as soon as I get this one laptop squared away and off the top of the priority list.

Has Prevx detected any new variants of Conficker Worm or any increase in the worm (C variant) activity. It is after midnight where I live and the only thing I noticed is that you can't get on Secunia or similar scanners. I assume a lot of people are scanning their computers with all the press.

i was going to ask that;D
is prevx edge going to be ready for tomorrow's attack;D ?

We have not seen any significant increase of malicious activity caused by Conficker worm at the moment, and I bet bad guys won't do anything today.

Anyway yes, Prevx Edge is ready against these kind of attacks, we're costantly monitoring the situation, 24/365 :)

Is there a way to copy & paste the licence key from the Prevx application? I often find I have to hand-write out the key when for instance upgrading from Prevx2 to Edge.

-{ Quote: "Is there a way to copy & paste the licence key from the Prevx application? I often find I have to hand-write out the key when for instance upgrading from Prevx2 to Edge." }-

We currently don't but I'll add this to the list for the next version :)

Biscuit, use faststone capture, free and portable screenshot software.
http://www.portablefreeware.com/?id=775

Take a screenshot of your prevx licence and save it as a jpeg.

...or do the same with Vista's snip tool...

philby

Or simply type it into a text file and save it somewhere convenient. I capture all my receipts and emails with PDF Factory when I buy software online and keep them with the install files.

On reflection, if you don't want to have to do any typing at all, Saraceno's suggestion seems more convenient because with Faststone you can copy text-only directly from a capture and paste it into a license field.

I can't see a way to copy pasteable text-only from Vista's snip tool - unless I'm missing something...?

I tried saving a rectangle-capture of the license key only and dropping the whole jpg into the license field, but of course this didn't work.

Thanks for the s/w tip Saraceno.

philby

Thanks guys

My request was not for a one-off. I am installing Prevx on customer's computers several times a day, renewing their Edge software & also upgrading Prevx2 to Edge. Being able to copy & paste the licence key would be a huge help (thanks Joe).

-{ Quote: "Is there a way to copy & paste the licence key from the Prevx application? I often find I have to hand-write out the key when for instance upgrading from Prevx2 to Edge." }-

TTT says in the interim, as a work-around, why not simply use the License renewal pages to scrape the lickkey off resulting webpages?

1. PX3 > "Configure Protection" > back notetab > "License Information > "Get a license" > highlite the key > rmb > "copy" etc,

2. PX2 > Prevx Console > License > Buy/Renew > "Click here to renew...." > highlite the lic key under "Thank you for choosing...." > cont as for 1. above...

Never hand write it Unless you're a sad masochistic numeroligist past his prime (number)......
;)

Good tip Horseman, thanks. :thumb:

-{ Quote: "anybody experience increase shutdown time after installing Prevx?

from 10secs shutdown time, now it goes to 30secs shutdown time....thats almost 20secs increase of shutdown time. Is there any scanning Prevx do when shutting OFF PC? I'm using default setting." }-

Yes, it happens on all three of my PC/laptops. I noticed it shortly after installing PrevX Edge, so I think it must be related.

-{ Quote: "Yes, it happens on all three of my PC/laptops. I noticed it shortly after installing PrevX Edge, so I think it must be related." }-

@PrevxHelp:

Is PE performing network activity upon a shutdown event...? Are you doing update checking or cloud uploading or network disconnect monitoring...? Shutdown delays could be atrtributable to such activity due to waiting for network responses...:-\

I am getting ready to purchase ~30 licenses...so, performance issues are an important consideration...:o

galileo

As of this day and in 9 months of running edge across many platforms, I can atest to no startup, shutdown lag whatsoever as of this date, since im a real stickler for quick startups and shutdowns, its something I pay close attention to.

Im ever curious what would cause it on the one fellows PC because it one of the most impressive features of Edge, the ability to protect yet almost seem like it isnt even there.

-{ Quote: "im a real stickler for quick startups and shutdowns" }-
Me too

-{ Quote: "Im ever curious what would cause it on the one fellows PC " }-
Me too

I've had no problems whatsoever on Vista HP - it really is like PE isn't there at all.

philby

I am surprised to hear the complaints about shutdown time coming from a few users, and I think it might be a case of perception and being suspicious of Edge as the culprit. We've done extensive testing on startup and shutdown times - on a wide range of systems, Edge delayed the startup time by 1.5 seconds after the first installation and it did not delay the shutdown time by any measurable amount.

We've intentionally designed Edge to move out of the way as soon as it sees that the system is shutting down, completely eliminating the possibility for a delay. If possible, could some of the people here which are having these shutdown delays run some comparison tests with Edge disabled and Enabled (right click on the tray icon and select "Enable on reboot" in the dropdown menu)?

Windows shutdown times are rarely regular, especially with Windows updates and the significant difference of a system with a number of programs open and one with no programs open so, from my experience, I would tend to attribute this to the OS rather than Edge but if it is possible to make a replicable scenario where Edge delays the shutdown time, we will definitely work on fixing it :)

While we are concerned about any potential performance/interaction issues...:doubt:...we can confirm that we have not experienced any shutdown delays with any machines on which PE has been installed (XPP+SP3+IE7/IE8 on corporate LAN)...:)...However, we are currently testing in Evaluation mode...::)...if that has any bearing...

galileo

-{ Quote: "While we are concerned about any potential performance/interaction issues...:doubt:...we can confirm that we have not experienced any shutdown delays with any machines on which PE has been installed (XPP+SP3+IE7/IE8 on corporate LAN)...:)...However, we are currently testing in Evaluation mode...::)...if that has any bearing...

galileo" }-

Evaluation mode has exactly the same overhead as registered mode :)

So no problem here (http://www.wilderssecurity.com/showthread.php?t=236156).

-{ Quote: "So no problem here (http://www.wilderssecurity.com/showthread.php?t=236156)." }-

Not sure what happened there but I have yet to hear back and no other users have reported it :-\

-{ Quote: "Evaluation mode has exactly the same overhead as registered mode :)" }-
That was what we thought we understood from many or your explanations throughout this thread. Thanks for the confirmation...:thumb:...:)

galileo

Joe,
I am one of those who have mentioned experiencing a slowdown on shutting down my machine, not sure there is any slowdown on start up. When I say a slowdown I am talking of maybe 10 secs longer, not enough to worry about. I don't have my machine set up with Edge at the moment as I am playing about with something else at the moment but will try and set it up tomorrow and get some timings. Is there any recommended free (or trial) diagnostic software that you would like me to run both with and without Edge to get an accurate picture of what happens? My machine is not new and processing would be considered pedestrian by to days standards, whether this is a contributory factor I don't know.

-{ Quote: "Joe,
I am one of those who have mentioned experiencing a slowdown on shutting down my machine, not sure there is any slowdown on start up. When I say a slowdown I am talking of maybe 10 secs longer, not enough to worry about. I don't have my machine set up with Edge at the moment as I am playing about with something else at the moment but will try and set it up tomorrow and get some timings. Is there any recommended free (or trial) diagnostic software that you would like me to run both with and without Edge to get an accurate picture of what happens? My machine is not new and processing would be considered pedestrian by to days standards, whether this is a contributory factor I don't know." }-

The best diagnostic software would be a stopwatch ;D If you could try ~5 reboots averaging the shutdown time without Edge and then install Edge and try ~5 more, that would give an accurate picture of the slowdown (and is exactly what we have done extensively internally to come up with a change of nearly 0s).

-{ Quote: "The best diagnostic software would be a stopwatch ;D If you could try ~5 reboots averaging the shutdown time without Edge and then install Edge and try ~5 more, that would give an accurate picture of the slowdown (and is exactly what we have done extensively internally to come up with a change of nearly 0s)." }-

Will do. Was going to use a watch but just wondered if you wanted a more detailed picture.
Will try and get back to you tomorrow :)

-{ Quote: "So no problem here (http://www.wilderssecurity.com/showthread.php?t=236156)." }-
Or here :thumb:

-{ Quote: "The best diagnostic software would be a stopwatch ;D If you could try ~5 reboots averaging the shutdown time without Edge and then install Edge and try ~5 more, that would give an accurate picture of the slowdown (and is exactly what we have done extensively internally to come up with a change of nearly 0s)." }-

Joe,
Have done a couple of shutdowns and restarts, no difference on the start up with or without Edge but the shutdown average with Edge is 38secs - without Edge (uninstalled) is 23secs, a difference of 15 secs :o
Will have another run tomorrow and report back :)

I have an issue.
I use the program molebox (molebox.com) to pack exe and datafiles etc. into one executable package, to protect them, and all this packages are immediately blocked by prevx edge.

-{ Quote: "I have an issue.
I use the program molebox (molebox.com) to pack exe and datafiles etc. into one executable package, to protect them, and all this packages are immediately blocked by prevx edge." }-

It may be easiest to use the whitelisting/overrides features if you are frequently building programs locally but if you do release a version of software which is packed with molebox, send me a link and I will get it whitelisted for other users :)

-{ Quote: "It may be easiest to use the whitelisting/overrides features if you are frequently building programs locally but if you do release a version of software which is packed with molebox, send me a link and I will get it whitelisted for other users :)" }-

This are about 250 applications I wrote and have to pack with molebox... there must be an easier solution than white listing all of them...

I figured out that when turning encryption of, and just compress the package with molebox, all is fine.
I guess, prevx does not like the encryption, what I can understand. I have to play around with encryption keys, maybe the key I used is similar to a malware encryption or whatever, I am no expert in this...

-{ Quote: "This are about 250 applications I wrote and have to pack with molebox... there must be an easier solution than white listing all of them...

I figured out that when turning encryption of, and just compress the package with molebox, all is fine.
I guess, prevx does not like the encryption, what I can understand. I have to play around with encryption keys, maybe the key I used is similar to a malware encryption or whatever, I am no expert in this..." }-

If you could send me a link to download these applications, we should be able to write a signature to whitelist them automatically :)

-{ Quote: "If you could send me a link to download these applications, we should be able to write a signature to whitelist them automatically :)" }-

I just made a sample program here: http://www.delphifreeware.com/downloads/audioconv.zip

I cannot publish the url's of the software, because that are paid software for my clients..

-{ Quote: "The best diagnostic software would be a stopwatch ;D If you could try ~5 reboots averaging the shutdown time without Edge and then install Edge and try ~5 more, that would give an accurate picture of the slowdown (and is exactly what we have done extensively internally to come up with a change of nearly 0s)." }-

Joe,
Have now done a series of reboots with and without Edge installed. Please note that the timings I quoted yesterday were for complete shutdown and restart - these are reboots:
With Edge installed, average of 5 reboots: close down - 29.10 secs
start up - 42.72 secs

With Edge uninstalled, average of 5 reboots: close down - 15.40 secs
start up - 42.75 secs

so, a difference of around 14 secs closing down, no difference re-starting.
Also removed Defense Wall and the results were the same.

i bet that if you clean you registry the problem will be solve;)
note:carefully when doing so,i clean my registry when i get this type of isue and problem solve like magic;D

-{ Quote: "Joe,
Have now done a series of reboots with and without Edge installed. Please note that the timings I quoted yesterday were for complete shutdown and restart - these are reboots:
With Edge installed, average of 5 reboots: close down - 29.10 secs
start up - 42.72 secs

With Edge uninstalled, average of 5 reboots: close down - 15.40 secs
start up - 42.75 secs

so, a difference of around 14 secs closing down, no difference re-starting.
Also removed Defense Wall and the results were the same." }-


i got almost the same delay time in shutdown and no delay in start up....when PE is installed and uninstalled

@jmonge, any advise how to clean registry? thanks

You could try "jv16 Power Tools 2009" from macecraft.

-{ Quote: "Joe,
Have now done a series of reboots with and without Edge installed. Please note that the timings I quoted yesterday were for complete shutdown and restart - these are reboots:
With Edge installed, average of 5 reboots: close down - 29.10 secs
start up - 42.72 secs

With Edge uninstalled, average of 5 reboots: close down - 15.40 secs
start up - 42.75 secs

so, a difference of around 14 secs closing down, no difference re-starting.
Also removed Defense Wall and the results were the same." }-

This is very interesting - thank you for the tests. Could you try turning the Edge self protection to "Minimum" and try rebooting to see if that improves the shutdown time? I'm guessing that the self protection would be the only thing that would cause an issue on shutdown, being that we have to allow Windows to close us to allow the system to shutdown.

-{ Quote: "This is very interesting - thank you for the tests. Could you try turning the Edge self protection to "Minimum" and try rebooting to see if that improves the shutdown time? I'm guessing that the self protection would be the only thing that would cause an issue on shutdown, being that we have to allow Windows to close us to allow the system to shutdown." }-

Joe,
I have run the tests again with the self protection reduced from medium to minimum and get exactly the same timings within tenths of a second :(
What next ???

I think each case of "Slow shutdown" will unique to the individual computer.

For instance...

1) Gateway 32-Bit QuadCore Vista Home Prem full patched.

Slow down for shutdown = new .net updates

2) Acer 32-Bit QuadCore XP Pro fully patched

Slow down for shutdown = pair of acer services responsible for disc encryption.

3) Toshiba Satellite Laptop Duo Core XP Pro fully patched

Slow down for shutdown = Toshiba Power Controls

4) Gateway P4 2G PC bought in 2000...

Whats not frigin slow!! :P


I had to hand check each machine until I either disabled and killed off every single item I didnt need running or available for my daily operations and then did a full disc clean up and defragment.

As for the registry, I have seen it where printers leave behind some horrible stuff in the registry which call for space within remote procedure call but never use it and this can cause mucho system burps but a registry cleaner doesnt deal with DependOn registry values.

Best to investigate all possible causes before concluding one single culprit.

Just my 2 cents

-{ Quote: "Joe,
I have run the tests again with the self protection reduced from medium to minimum and get exactly the same timings within tenths of a second :(
What next ???" }-


the next question is it is worth it to keep PrevxEdge vs. that 15secs delay shutdown?

also is it safe to run CCleaner to clean the registry while Rollback Rx is around?....might try to improve the shutdown slowdown.

-{ Quote: "Joe,
I have run the tests again with the self protection reduced from medium to minimum and get exactly the same timings within tenths of a second :(
What next ???" }-

Could you let me know what OS you're using and what other AVs you have installed? I'm still completely at a loss as to trying to reproduce it, but we're investigating possible reasons and could use as much information as possible to correct the issue :)

-{ Quote: "Could you let me know what OS you're using and what other AVs you have installed? I'm still completely at a loss as to trying to reproduce it, but we're investigating possible reasons and could use as much information as possible to correct the issue :)" }-

OS - Windows XP Home SP3
Returnil - on demand
Sandboxie
SAS - on demand
MBAM - on demand

@ fce -
I myself am not worried about the extra 15 secs delay, doesn't bother me - its just that Joe would like to understand what is causing this delay on my machine and also of other users that first raised the subject. I wasn't the first to report this, I just assumed it was a quirk of my particular machine which I think is what Cretemonster is saying.

-{ Quote: "I just made a sample program here: http://www.delphifreeware.com/downloads/audioconv.zip

I cannot publish the url's of the software, because that are paid software for my clients.." }-

From VirusTotal: ~Snip. Not allowed (http://www.wilderssecurity.com/showthread.php?t=180057) unless requested.~

U might wanna change it or you'll have to contact each vendors all the time.

False Positive: Core Temp 0.99.4 [High Risk Fraudulent Security Program]

http://www.alcpu.com/CoreTemp/

edit: Triggered when Heuristics is set to High and Max. (other settings not tried).

If you need me to send the executable, please PM.

Thanks

-{ Quote: "False Positive: Core Temp 0.99.4 [High Risk Fraudulent Security Program]

http://www.alcpu.com/CoreTemp/

If you need me to send the executable, please PM.

Thanks" }-

Fixed :) Thank you for the report!

That was quick! :D

Thanks!

-{ Quote: "From VirusTotal: ~Snip. Not allowed (http://www.wilderssecurity.com/showthread.php?t=180057) unless requested.~

U might wanna change it or you'll have to contact each vendors all the time." }-

Some AV report just totally nonsense (eSafe and CAT-QuickHeal).
EVERY single delphi program I uploaded to Virustotal is flagged as "suspicious" by for example eSafe. Even the official ogg dll's are flagged.
I did not find any single file at the moment which is not flagged in any way.

EDIT: I did now a test. I created a new empty delphi project, compiled it, uploaded it to virustotal, and its flagged 15/40. Is that cool?
But using the same AV (F-Prot for example) on my PC and scan the file, its clean!

But this is about prevx. Prevx at virustotal flag my delphi program too, but the local prevx edge I have running does not find anything bad in the file...

-{ Quote: "the next question is it is worth it to keep PrevxEdge vs. that 15secs delay shutdown?

also is it safe to run CCleaner to clean the registry while Rollback Rx is around?....might try to improve the shutdown slowdown." }-
Hi fce

I can't believe that question would be asked...+15 secs at shutdown vs. the protection that Edge provides...surely that is a no brainer? ;)

Has anyone seen this review:

http://www.youtube.com/watch?v=8bNWR5xVyFA

Could someone from Prevx comment? Im not sure how valid this test is as I believe Edge works with live / real infections, but I would like some feedback from Prevx themselves on this for peace of mind (I use edge!)

-{ Quote: "Has anyone seen this review:

http://www.youtube.com/watch?v=8bNWR5xVyFA

Could someone from Prevx comment? Im not sure how valid this test is as I believe Edge works with live / real infections, but I would like some feedback from Prevx themselves on this for peace of mind (I use edge!)" }-

Edge's on-demand scanner is about 2/3
If you execute new viruses, then EDGE's heuristics and stuff comes into live and will show it's performance! :thumb:
Like if he execute all of these undetected ones and scan after that, result will be different.
PrevxHelp will explain with more details.

The tester used to post here, probably still does. From memory, used Drive Sentry (in his signature).

Back to the video, the remaining files should be launched/run for prevx edge to detect and clean.

Look at a more accurate way of testing, see:
http://www.pcsecuritylabs.net

Latest report:
http://www.pcsecuritylabs.net/document/PCSL200903report.zip
Wilders thread
http://www.wilderssecurity.com/showthread.php?t=237869

You'll notice some security programs will have a low right-click and scan detection rate - 'static testing', but pick-up the remaining files when launched - 'dynamic testing'.

Just look at twister AV, had the second lowest right-click and scan detection rate, but when the malware files were launched, twister picked-up hundreds more bringing it at almost top of the list.

Maybe Joe can send 'Jeff' from PC Security Labs a message and organise prevx edge to be tested in the future. At least PC Security Labs has the right idea, to not just 'right-click' a folder and scan, but run/launch the remaining files. And that's where prevx edge's strength is.

Thats not a test, thats just a pointless demonstration is all, anyone anywhere can/could/will do this and always get varying results.

Scanning a folder full of files is about the worst possible way to test any Antivirus/Antimalware application.

The test are out in the field in the realtime nastiness of the internet.

Edge is just a portion of a greater whole and that video is no way to test real time disc and behaviour monitoring it provides.

Dont get me wrong, Edge isnt perfect nor does it claim to be but the video just isnt an accurate reflective test of but one thing, some poor chaps misconception of how to make drive sentry look good. :dry:

-{ Quote: "Thats not a test, thats just a pointless demonstration is all, anyone anywhere can/could/will do this and always get varying results.

Scanning a folder full of files is about the worst possible way to test any Antivirus/Antimalware application.

The test are out in the field in the realtime nastiness of the internet.

Edge is just a portion of a greater whole and that video is no way to test real time disc and behaviour monitoring it provides.

Dont get me wrong, Edge isnt perfect nor does it claim to be but the video just isnt an accurate reflective test of but one thing, some poor chaps misconception of how to make drive sentry look good. :dry:" }-
:thumb: :thumb:

Don't you just get fed up with these pointless tests? :dry: The person carrying this one out obviously did not bother to understand what Edge is AND how it works, hence the comment of 'just a glorifed CSI scanner' and a 'rehash' which as we know it definitively is NOT.

Best IMHO to ignore this sort of supposed test and leave the publication of tests to the professionals. Hmmmm!

-{ Quote: "Edge's on-demand scanner is about 2/3
If you execute new viruses, then EDGE's heuristics and stuff comes into live and will show it's performance! :thumb:
Like if he execute all of these undetected ones and scan after that, result will be different.
PrevxHelp will explain with more details." }-

Yes, Im sure Edge will pick up more if they try to execute, but, my worry is that it does not pick them up whilst they just sit there / are accessed or moved about the system. My concern is that I have Edge as my sole AM and therefore, there is a possibility that if I receive malware that is not run, say in an email or disk etc, that without knowing, I could then send this to someone else and infect them.

Do Prevx have any plans to introduce on access scanning - as this test shows it does not detect in this way as yet.

Retadpuss, you are fine having it as your sole AM.

Besides, scenarios aside, no one is going to give unknown 'programs' to someone else without running the files first.

eg. 'Here's a file I downloaded from somewhere, from some site, haven't run it, but here you have it'....or...'Here's an email, check the attachments, cause I haven't'.

That's not gonna happen in the real world.

But if you want prevx edge to have a large signature database, that defeats the purpose of its 'in the cloud' scanning, checking a file that's run on your system with the prevx server.

A standard anti-virus on the other hand, means you'll have updates each day, more files on your c: drive, and longer scans slowing down your system. And you won't have the benefits of this local file/server checking that prevx edge brings.

What if - for example, someone knowingly sends me malware via email - say, one of thise Edge did not pick up in the youtube test. I know edge will probably save me if I try to run it, but Its going to offer no protection unless i do run it and in that case, I can infect soeone else. its just a worry as I use my system for business and obviously, dont want to expose clients to any risk.

-{ Quote: "What if - for example, someone knowingly sends me malware via email - say, one of thise Edge did not pick up in the youtube test. I know edge will probably save me if I try to run it, but Its going to offer no protection unless i do run it and in that case, I can infect soeone else. its just a worry as I use my system for business and obviously, dont want to expose clients to any risk." }-

On the one hand you are very serious about your clients and then you send e-mails to them without even checking the content? The reasoning does not really fly... :blink:

Fax

-{ Quote: "What if - for example, someone knowingly sends me malware via email - say, one of thise Edge did not pick up in the youtube test. I know edge will probably save me if I try to run it, but Its going to offer no protection unless i do run it and in that case, I can infect soeone else. its just a worry as I use my system for business and obviously, dont want to expose clients to any risk." }-

I may be wrong, but until that malware piece hasn't been executed, you are not infected.
Also, if someone else who have PE and run that malware, then you will get almost immediately protection against this threat (via scanner too)

-{ Quote: "I may be wrong, but until that malware piece hasn't been executed, you are not infected.
Also, if someone else who have PE and run that malware, then you will get almost immediately protection against this threat (via scanner too)" }-
:thumb: Agreed...and that is the basis that Edge works on as far as I am aware. Joe, would you be able to 'officially' lay this one to rest? ;)

-{ Quote: "On the one hand you are very serious about your clients and then you send e-mails to them without even checking the content? The reasoning does not really fly... :blink:

Fax" }-
With respect, you miss the point. With Edge as your only protection, it is not possible to "check content" properly as scanning a file does not mean it is clean (shown in the video). The only way to know would be to run the file and HOPE edge picks it up if it IS malware. It is NOT practicle to run or install software just to check if it is safe.

Given the fact Edge only seems to be effective in protecting an actual INFECTION on my system, Iwould argue I need to reinstall my AV as well - which will scan on access / email etc as I cant afford to expose clients to risk.

I like the idea of edge, but until it has on access protection, I cant rely on it - or so I feel.

This is turning into a 'what if' soap opera.

What if your client sends you malware their AV misses, but prevx edge picks up?

Response: You'll tell them their 'files are infected'.

Now going back to your example, first, you're assuming people don't have an AV or scanner. But if you send files to a client and one is a piece of malware, if the malware didn't run on your machine, how on earth is it going to run on your client's machine? Are they going to click on every file for no reason?

For example, do you know if all your system folder's files are clean? Have you clicked and tried to run each one?

I haven't! ;) Nor does it worry me.

Also, saying you can't rely on it, when nothing has ever happened shows a lot of doubt.

What if you go back to your AV, and many aren't so good with spyware or rootkits (prevx edge's strength), and what if you send them a possible rootkit your AV didn't pick up?

Also, he did a quick scan. It may no fully scan system32 folder.
He would try latest version with right click scanning.

-{ Quote: "This is turning into a 'what if' soap opera.

What if your client sends you malware their AV misses, but prevx edge picks up?

Response: You'll tell them their 'files are infected'.

Now going back to your example, first, you're assuming people don't have an AV or scanner. But if you send files to a client and one is a piece of malware, if the malware didn't run on your machine, how on earth is it going to run on your client's machine? Are they going to click on every file for no reason?

For example, do you know if all your system folder's files are clean? Have you clicked and tried to run each one?

I haven't! ;) Nor does it worry me." }-
The fact remains, Edge wont prevent malware being sent from your PC. This is a major failing of the product. End of.

-{ Quote: "The fact remains, Edge wont prevent malware being sent from your PC. This is a major failing of the product. End of." }-
Neither will an AV or suite that does not have that feature or has that feature turned off either by default or by the user.

This is turning into a pointless discussion IMHO given that Edge does what it says on the tin...it has never, ever been suggested by Prevx as far as I know that it is an AV replacement but rather a complementary app (hence why so much trouble has been taken by Prevx to make it probably the most compatible of apps when run with the mainstream AV/Suite, etc. out there...and they have been very, very successful in that endeavour, again IMHO).

Those who are not happy with the way it is are under no duress to use it. End of!

But that's a 'blanket' statement you're using - 'edge won't prevent malware' - all from one small test.

You checked where those 200 pieces of malware came from? 80 of them might be actually malicious, rest might be pieces of cr@pware that do nothing.

And ask yourself, what are the chances of coming into contact with those 200 files, out of several million or more problem files.

And those files might have been taken from crack gaming sites - hardly anyone visits.

Me, I'm more interested in the problem stuff that's circulating today. That you can download now. That's up right now on sites. Not some old cr@pware saved up on some guy's drive.

Anyway, each to their own, you've already made your mind up from one small test. One last note, no product is going to give you 100 per cent protection, so if you're disappointed by prevx, you'll be disappointed with your AV.

http://www.youtube.com/user/PrevxResearch
http://www.youtube.com/watch?v=AAx6Y2MW_uA
Look these videos. They will show Prevx EDGE's real power;D :thumb:

-{ Quote: "http://www.youtube.com/user/PrevxResearch
http://www.youtube.com/watch?v=AAx6Y2MW_uA
Look these videos. They will show Prevx EDGE's real power;D :thumb:" }-
I understand how good edge is -Im a registered user. My point is that unless it has realtime on access scanning, it cant replace an AV. I wish it could as I dont want to run a seperate AV as well. It is NOT enough to protect my system. I need to know Im not passing on junk to other people.

I will wait for a reply from Prevx to see if they are going to be adding this.

-{ Quote: "I understand how good edge is -Im a registered user. My point is that unless it has realtime on access scanning, it cant replace an AV. I wish it could as I dont want to run a seperate AV as well. It is NOT enough to protect my system. I need to know Im not passing on junk to other people.

I will wait for a reply from Prevx to see if they are going to be adding this." }-
I don't think that they will as they are not trying to create an alternative to an AV. That has always been my understanding to me in my conversations with Joe.

I run KIS AND Edge. To me the combination is perfect and as light as a feather on my rig.

But, as you say, lets see what Joe comes back with on this one.

Retadpuss, I understand your concern, but wait till Joe responds before coming to a definite conclusion.

Just for general interest, many of us recently were installing problem programs that many AVs missed. These files were appearing on active sites. Prevx did quite well.

Problem 1:
http://www.wilderssecurity.com/showpost.php?p=1398592&postcount=1
http://www.wilderssecurity.com/showpost.php?p=1398726&postcount=34
http://www.wilderssecurity.com/showpost.php?p=1399640&postcount=52

And another:
http://www.wilderssecurity.com/showpost.php?p=1401349&postcount=85
http://www.wilderssecurity.com/showpost.php?p=1401395&postcount=111

And another:
http://www.wilderssecurity.com/showpost.php?p=1401351&postcount=86
http://www.wilderssecurity.com/showpost.php?p=1401373&postcount=99

I know how good edge can be. I recently tested several AMs against a set of 38 pieces of malware - all less than 24 hours old and Edge got every one of them. Avira got 32, F-Secure 34 & A2 got 36.

I usually run IE sandboxed with Sansboxie and I have Zemma and also run Returnil - so I believe my system and my data is safe. Just want to make suer i dont look like some arse and unknowingly send a cient something nasty - however unlikley that may be.

I would prefer not to stick F-Secure back on as I like a light system.

Retadpuss, without taking this off topic, if your main concern is scanning a folder, but don't need another program weighing down your pc, you could download standalone scanners with removal ability.

eg. DrWeb's CureIt (http://www.freedrweb.com/) can be downloaded each day/week, a stand-alone scanner/removal tool that doesn't need to install, using all their definitions. You can load it up and scan the folder.

a-squared free (http://www.emsisoft.com/en/software/free/) can be installed. Runs one small service (2mb) to prevent it from being terminated by malware. Can integrate into your right-click menu. Needs to be manually updated each day, but contains a-squared's full definitions. Can remove all detections.

-{ Quote: "With respect, you miss the point. With Edge as your only protection, it is not possible to "check content" properly as scanning a file does not mean it is clean (shown in the video). The only way to know would be to run the file and HOPE edge picks it up if it IS malware. It is NOT practicle to run or install software just to check if it is safe." }-


Indeed this is foolish given whats available freely via the internet to do just such a thing.

VirusTotal
Virscan
Jottis
ThreatExpert
Anubis
VMware
VBox
JoesBox

Im sure there are so many other things which are freely available and useful for such a thing, I still to this day use ThreatExpert,Anibus and VirusTotal on a daily basis.

All can easily compile for someone a concensus of what the application or program does.

What exactly has VMware to do with this?

Hello,
Edge's purpose is to protect your computer. It does that by blocking code from loading, not by scanning every file as it is accessed, like some other AVs do. There is really only a marginal benefit with this type of protection, and I don't see how it would protect you from sending a virus onto someone else unless you literally attached it to an email yourself and sent it :-\

If malware was loaded and trying to mail out, Edge would block it. A 120/200 detection over a very arbitrary folder of samples with an on-demand scan in Edge using an old version (3.0.0.172, > 100 builds old) which had an issue in the on-demand scanner as well, is completely non-indicative of the real protection Edge provides. It would also be useful to see exactly where he got these samples from to eliminate any conspiracy theories which are bound to come up ;)

However, if you really do want a program to scan every file you read/write/create/delete, then you can install a conventional AV alongside Edge but we aren't going to change this because of the extreme amounts of system load it causes and how unnecessary it really is to protect your system. Edge does monitor file access - it collects the data for behaviors - but it does not scan every single file, and that is what makes it operationally different from a conventional AV.

The benefit of an AV scanning email/files on-access is that it may find malware which slipped through that tries to send messages out... why not prevent the malware from slipping through in the first place? ;)

Also, if the poster of that video is reading this, it would be helpful if we could get a copy of the samples to see if they're really malware or if some files are corrupted. Conventional AVs pride which themselves in their on-demand scanning, optimizing their engines to detect 90+% of outdated files on-demand, not necessarily their actual protection against new threats, frequently detect corrupted/non-working malware and in every test I've seen where the testers have sent us samples, there have been between 10-50% of unworking, non-malicious files - many of which were found by other AVs for no reason. [And also note: in some tests, vendors are given the samples before they're tested or for the next round of tests which use the same samples]

It would also be interesting to see the samples to see how popular they really are in our community. We log a count of how many unique users see a file and the files from most tests are usually only seen by 1 user - the tester - which means that these files never infected anyone but were still included in tests (and I'm referring primarily to non-polymorphic static malware)).

I'll step off of my soapbox for now, but let me know if you have any questions or comments :) Edge protects against real threats - that's how we've designed it. A folder of dormant files sitting on your system, or an archive of files in some sub-folder of C:\FilesIDontWantMyWifeToSee\ can't infect you. You would have to execute them and that's where Edge steps in ;)

-{ Quote: "I would prefer not to stick F-Secure back on as I like a light system." }-
But go ahead...as that is the way the Edge was designed to work...as a complement rather than an alternative!!!! I have noticed NO performance impact when running KIS AND Edge compared to JUST KIS. Why try to turn Edge into something that it was never designed to be...just because you want it that way.

I really believe that we other users are more than happy with Edge the way it is...not bloatware, just light, unobtrusive until it needs to be obtrusive, ie, almost perfectly formed.

(@others please contradict me if I am incorrect)

-{ Quote: "But go ahead...as that is the way the Edge was designed to work...as a complement rather than an alternative!!!! I have noticed NO performance impact when running KIS AND Edge compared to JUST KIS. " }-

Exactly - Edge can hold its own as your only security software if you really want (I only use Edge and I know we have a large number of users who are only using Edge), but NO security software (Edge included) protects 100%.

We've developed Edge to be compatible with any other security software - an incremental solution - and in today's world you really should use multiple security products to increase your protection.

If an antivirus company tells you that their product provides total protection or complete security... they're lying and actually should be sued for false advertising ;D

-{ Quote: "Hello,
Edge's purpose is to protect your computer. It does that by blocking code from loading, not by scanning every file as it is accessed, like some other AVs do. There is really only a marginal benefit with this type of protection, and I don't see how it would protect you from sending a virus onto someone else unless you literally attached it to an email yourself and sent it :-\ " }-

We seem to be getting nowhere here. Given it is a fact that Edge detects some malware when it executes only and not when the file is scanned, it is a fact that a user who only uses edge can receive malware via any means - CD, P2P, USB drive, email, via Messenger etc and the user would not be alerted as the application has never been executed. the user would have a system which had inactive malware on it. The user for example could receive a rogue app or trojan etc via some means from someone else or download it and edge will not alert them. They may then forward this to someone else without knowing its a trojan or a rogue. I fail to see how you cant understand this is a big failing of Edge.

For instance there are many rogues out there now. Lets take Antispyware 2009. If I am the average user and I have say Avira, Norton, F-Secure etc installed, I will be alerted that Im downloading malware if I try to download it. With edge, I get no such protection and I can easily send this to another user in the belief it is legit as I have had no warnings.

As a matter of interest, I tried downloading Antispyware 2009 from the homepage www.antispyware.com and I emailed it to one of my other accounts - and hey presto, no alert.

It may interest you to know, I also installed the rogue on to my system and Edge gave no alert!

I have tried the same thing with files Edge does detect and it still allows them to be emailed, burned to disk etc with no alert.

Sure, Edge will probably protect my system from infection, but its not suitable as a sole means of protection.

Hello,
Rogue programs like the one at the link you posted are incredibly hard to detect automatically because they generally don't actually have an infection behind them - they just use user fears to get them to pay. If you scan Antispyware 2009 on VirusTotal, you'll see that only 20% of scanners actually find it - proving that no solution is 100% and Edge is not alone in allowing this threat through on your system.

If you receive malware by USB/P2P/CD/etc. Edge will block it if it tries to infect you.

I'm sorry, but I still don't understand your point of passing the infection on. If you are merely forwarding threats on, I don't see how any AV would effectively protect you. Ideally, the other user would be using Edge or another security product which would protect them, but you are explaining an issue which is more of human error than a real threat. Infections these days don't need an intermediary user to spread them and I've personally never heard of a case of someone downloading a threat and then just forwarding it on.... it seems like an extremely stray case that in no way warrants the ~500% increase in performance overhead.

If you are really that worried about spreading threats in this manner, you may want to install a virtual machine with Edge on it and run threats in there before sending them off, or just instruct your friends to install Edge or another security product.

What you are requesting is an antidote which prevents you from being infected as well as curing all of your friends from the disease - an impossibility if you are walking around injecting people with needles full of infected blood ;D

-{ Quote: "We seem to be getting nowhere here. Given it is a fact that Edge detects some malware when it executes only and not when the file is scanned, it is a fact that a user who only uses edge can receive malware via any means - CD, P2P, USB drive, email, via Messenger etc and the user would not be alerted as the application has never been executed. the user would have a system which had inactive malware on it. The user for example could receive a rogue app or trojan etc via some means from someone else or download it and edge will not alert them. They may then forward this to someone else without knowing its a trojan or a rogue. I fail to see how you cant understand this is a big failing of Edge.

For instance there are many rogues out there now. Lets take Antispyware 2009. If I am the average user and I have say Avira, Norton, F-Secure etc installed, I will be alerted that Im downloading malware if I try to download it. With edge, I get no such protection and I can easily send this to another user in the belief it is legit as I have had no warnings.

As a matter of interest, I tried downloading Antispyware 2009 from the homepage www.antispyware.com and I emailed it to one of my other accounts - and hey presto, no alert.

It may interest you to know, I also installed the rogue on to my system and Edge gave no alert!

I have tried the same thing with files Edge does detect and it still allows them to be emailed, burned to disk etc with no alert.

Sure, Edge will probably protect my system from infection, but its not suitable as a sole means of protection." }-

This is the same case when AV labs doesn't have sample for new rogue.
If someone in EDGE's family executes it, you will have protection via scanner/on access scanner for this threat almost immediately.
Many AVs will not be able to catch malware "one the fly" but only when someone sends it to their virus lab (or they find it themselves).
I am not defending Prevx Edge, but it is from my point of view. I like program, I like developers/support and I really think Prevx Edge is good protection.
Oh yeah, don't forget that some quite big upgrades for PE are coming soon.

-{ Quote: "Hello,
I'm sorry, but I still don't understand your point of passing the infection on. If you are merely forwarding threats on, I don't see how any AV would effectively protect you

What you are requesting is an antidote which prevents you from being infected as well as curing all of your friends from the disease - an impossibility if you are walking around injecting people with needles full of infected blood ;D" }-

I cant see how you cant understand the issue!

Edge does not detect malware / rogue files on access. Unless I have scanned the file AND tried to execute it (since scanning an install file with edge is no way to determine if it is malware). Given this, an Edge user can receive malware via mail, disk download etc, not execute it and then in the belief that it is legit, email it to another. This is because there is no on access scanning.

Avira, Norton etc will have alerted the user straight away that the files were NOT in fact legit on download, on every access and on aany atempt to emaail or stick on a disk.

I dont understand your comment about an antidote... simple on access scanning is required.

-{ Quote: "I cant see how you cant understand the issue!

Edge does not detect malware / rogue files on access. Unless I have scanned the file AND tried to execute it (since scanning an install file with edge is no way to determine if it is malware). Given this, an Edge user can receive malware via mail, disk download etc, not execute it and then in the belief that it is legit, email it to another. This is because there is no on access scanning.

Avira, Norton etc will have alerted the user straight away that the files were NOT in fact legit on download, on every access and on aany atempt to emaail or stick on a disk.

I dont understand your comment about an antidote... simple on access scanning is required." }-

How can you be sure that they would have alerted? On-Access scanning misses a very large part of any AV's protection. An On-Access scan cannot:

1) Include any behavioral analysis
2) Any dynamic analysis
3) It has to only use cut down signatures to work quickly so probably little/no heuristics.
4) No contextual analysis as no programs are loading it
5) No rootkit analysis as it isn't touching memory, etc.

An on-access scan is not an effective way to measure the safety of a file, and AVs are built so that they protect against threats from entering - not protecting users from browsing their own files.

If you trust a file enough to send it to someone else, then you clearly trust it enough to use yourself so why not run it before sending it? If you are recommending a program to someone else, you most likely would have used it before so wouldn't you have already run it?

PrevX is a great Product and i have some PC's Running PrevX alone, as Prevx team said there is no product that protects you 100% if you want add another layer of security is fine.

if prevx didnt pick one then soon will be fixed since they have a great support team, and lately trying to infect my pc is boring since :dry: PrevX is giving me a Hard Time :dry:

i have seen many trojans etc running with Avira DrWeb F-Prot etc etc so nobody catchs everything

if you make personal tests then send the samples that were missed to help everybody

-{ Quote: "How can you be sure that they would have alerted? On-Access scanning misses a very large part of any AV's protection. An On-Access scan cannot:

1) Include any behavioral analysis
2) Any dynamic analysis
3) It has to only use cut down signatures to work quickly so probably little/no heuristics.
4) No contextual analysis as no programs are loading it
5) No rootkit analysis as it isn't touching memory, etc.

An on-access scan is not an effective way to measure the safety of a file, and AVs are built so that they protect against threats from entering - not protecting users from browsing their own files.

If you trust a file enough to send it to someone else, then you clearly trust it enough to use yourself so why not run it before sending it? If you are recommending a program to someone else, you most likely would have used it before so wouldn't you have already run it?" }-

I agree, on access scanning is obviously more limited, but its important - if it were not, why would all the othes AMs have it? its part of standard security.

The comment about trusting a file is not the point. a user should be advised by security software if a file is trustworthy. Edge in these circumstances does not do this.

As I know edge does not have this function and it is not going to be added, I know I neeed to run my AV as fell for full protection - this is waht I wanted to know.

Regards

i'm bored this afternoon and since i'm still trying PrevxEdge (i'm still not convince if Prevx will protect me in real world) i click/download/run the link Retadpuss posted.

i build my security around KIS.....unfortunately, its PrevxEdge and Sandboxie do the work ;D fvckin' KIS don't do nothing ;D

1st picture: Sandboxie blocked MSIserver to start.
2nd picture: PrevxEdge pop up the message (KIS is silent ;D )
3rd picture: Sandboxie pop up another message, i dont know what does it mean.
4th picture: not sure what does it mean.

just want to share how PrevxEdge (and Sandboxie) works.....and my KIS, still love it even though Sandboxie and PrevxEdge give me all the first warning.

btw, after this testing of mine, i'll rollback my snapshot to previous snapshot to delete the uncleaned garbage.

-{ Quote: "Edge does not detect malware / rogue files on access" }-

Not quite true. I have more than a few times had Edge flag a downloaded installer on my desktop as malware/suspicious as soon as the download has finished. That is without doing a right click scan. I have also had it detect malware installers while still in Sandboxie before attempting to empty the sandbox.

-{ Quote: "But go ahead...as that is the way the Edge was designed to work...as a complement rather than an alternative!!!! I have noticed NO performance impact when running KIS AND Edge compared to JUST KIS. Why try to turn Edge into something that it was never designed to be...just because you want it that way.

I really believe that we other users are more than happy with Edge the way it is...not bloatware, just light, unobtrusive until it needs to be obtrusive, ie, almost perfectly formed.

(@others please contradict me if I am incorrect)" }-

I find Edge and Online Armor are plenty good together but I do have a license for Avira Security Suite and flip over to that once in a while just for a difference...:o As many have already mentioned, Avira and Edge also dance well together...;D

-{ Quote: "i'm bored this afternoon and since i'm still trying PrevxEdge (i'm still not convince if Prevx will protect me in real world) i click/download/run the link Retadpuss posted.

i build my security around KIS.....unfortunately, its PrevxEdge and Sandboxie do the work ;D fvckin' KIS don't do nothing ;D

1st picture: Sandboxie blocked MSIserver to start.
2nd picture: PrevxEdge pop up the message (KIS is silent ;D )
3rd picture: Sandboxie pop up another message, i dont know what does it mean.
4th picture: not sure what does it mean.

just want to share how PrevxEdge (and Sandboxie) works.....and my KIS, still love it even though Sandboxie and PrevxEdge give me all the first warning.

btw, after this testing of mine, i'll rollback my snapshot to previous snapshot to delete the uncleaned garbage." }-


well this is interesting. i just installed this myself, around 40 minutes ago, and i received no MSIserver warning from Sandboxie, nor a malware warning from Edge.

i did not download the installer, just installed from within my sandboxed Opera browser, knowing that once i delete the sandbox this will be gone. i also do not have the sys file running, just the exe....strange.

i believe once i clean this sandbox i will download the Antispyware file locally and reinstall it to see if i get a different result.


Mike

-{ Quote: "How can you be sure that they would have alerted? On-Access scanning misses a very large part of any AV's protection. An On-Access scan cannot:

1) Include any behavioral analysis
2) Any dynamic analysis
3) It has to only use cut down signatures to work quickly so probably little/no heuristics.
4) No contextual analysis as no programs are loading it
5) No rootkit analysis as it isn't touching memory, etc.

An on-access scan is not an effective way to measure the safety of a file, and AVs are built so that they protect against threats from entering - not protecting users from browsing their own files.

If you trust a file enough to send it to someone else, then you clearly trust it enough to use yourself so why not run it before sending it? If you are recommending a program to someone else, you most likely would have used it before so wouldn't you have already run it?" }-
:thumb: :thumb: :thumb: Well said! I wonder about who actually does not understand what here ???

-{ Quote: "i'm bored this afternoon and since i'm still trying PrevxEdge (i'm still not convince if Prevx will protect me in real world) i click/download/run the link Retadpuss posted.

i build my security around KIS.....unfortunately, its PrevxEdge and Sandboxie do the work ;D fvckin' KIS don't do nothing ;D
..." }-
But is that not just THE point? It is all about layers that overlap and make one more secure...as there is no ONE security app that is 100%...at least none that I have ever heard about or come across (and I am a KIS fan & user ;) ).

And this is what Prevx have recognised and worked very hard to provide a very useful and all round compatible app for us to use (and in my opinion they have succeeded). ;D

-{ Quote: "I find Edge and Online Armor are plenty good together but I do have a license for Avira Security Suite and flip over to that once in a while just for a difference...:o As many have already mentioned, Avira and Edge also dance well together...;D" }-
Thanks Mongol :thumb:

The problem with those rogue programs, many used to infect your system and create all sorts of problems, not being able to uninstall and so on.

But these ones today are legitimate programs. The limited or paid version won't remove any threats, but they will have all working features such as autorun manager, IE toolbar explorer etc.

Yes many AV programs won't detect these 'rogue programs', as their main interest is not harming your system, but getting your money. But you know something? A simple add/remove programs uninstalls many of these. And with these programs popping up every hour, no one can expect any security program to detect all of these.

Many aren't malicious, they are just 'empty' programs, programs with no substance.

Why aren't many of these malicious? Because they've finally figured out, if they give you a program which doesn't cause you any problems and runs smoothly along all your other software, you will believe in their product, and give them your hard earned cash.

In my opinion, I still maintain, sending any files to anyone without running the files first, is not only dangerous but is a reason why malware spreads.

And even if the files you're sending aren't malicious, who's to say they won't severely 'corrupt' another's system (errors, blue screens etc).

-{ Quote: "In my opinion, I still maintain, sending any files to anyone without running the files first, is not only dangerous but is a reason why malware spreads.

And even if the files you're sending aren't malicious, who's to say they won't severely 'corrupt' another's system (errors, blue screens etc)." }-
Absolutely :thumb: :thumb: :thumb:

I always scan any file with and AV and Prevx and then run it either virtualized or sandboxed to see what it is going to do before I would send it to anyone. Part of doing my due diligence.

I have found another rogue AM that Prevx does not detect when it installs (It will install and you can even run it with no alert from Edge) Edge only detects it if you do a system scan.

How should I get this to Prevx for analysis?

-{ Quote: "I have found another rogue AM that Prevx does not detect when it installs (It will install and you can even run it with no alert from Edge) Edge only detects it if you do a system scan.

How should I get this to Prevx for analysis?" }-

Send me a PM with a link to the file and I'll analyze it or forward it onto the research team :)

-{ Quote: "Send me a PM with a link to the file and I'll analyze it or forward it onto the research team :)" }-
Done...

I haven't read this thread for a while but have skimmed the last couple of pages and am a bit confused about the issue of scanning files on access. I asked a (sort of) similar question a couple of months back and was told that PrevX Edge DOES do some scanning of non-executable files.

-{ Quote: "-{ Quote: "I'm wondering if Edge does any kind of scanning on non-executable files like movie, audio, PDF, Word or text files ?" }-
Edge does some scanning of non-executable file types but is primarily focused on executables as those pose the most significant threat. Malware originating from non-executables almost always results in an infection coming from an executable, which would be immediately blocked." }-

PS. I would still like an option added to disable the sending of filenames and paths, particularly for non-executable files. I know this information is used during analysis, but surely a lot of analysis could still be done without this info (ie. this info is not absolutely essential for doing analysis).

Also, the file "nircmd.exe" which you can get from here (http://www.nirsoft.net/utils/nircmd.html) is identified as "High Risk Cloaked Malware". I'm guessing this is a FP ?

-{ Quote: "I haven't read this thread for a while but have skimmed the last couple of pages and am a bit confused about the issue of scanning files on access. I asked a (sort of) similar question a couple of months back and was told that PrevX Edge DOES do some scanning of non-executable files.

PS. I would still like an option added to disable the sending of filenames and paths, particularly for non-executable files. I know this information is used during analysis, but surely a lot of analysis could still be done without this info (ie. this info is not absolutely essential for doing analysis)." }-

Yes, Edge scans non-executable files on-demand but not on read/write. The last posts have been primarily focused on whether Edge would scan files that aren't actually doing anything on the system, which it does not as they do not pose a threat.

In the case of non-executable files, Edge runs local analysis and does not send anything up to the database in virtually all cases so we don't collect/analyze that data (for pictures/documents for instance).

-{ Quote: "Also, the file "nircmd.exe" which you can get from here (http://www.nirsoft.net/utils/nircmd.html) is identified as "High Risk Cloaked Malware". I'm guessing this is a FP ?" }-

I tried downloading it and it isn't found here - could you send me an entry from the scan log which includes that file so I can see exactly what version is causing it? (FWIW, "NirSoft" files are frequently used by malware which is probably where this got caught from)

As requested. When it was detected, I right-clicked the file on the alert and chose "Report false positive" (in case that has changed things)

[NFP] c:\windows\nircmd.exe [PX5: 6847635E0031BF7978E500D454453000E3440291]

-{ Quote: "As requested. When it was detected, I right-clicked the file on the alert and chose "Report false positive" (in case that has changed things)

[NFP] c:\windows\nircmd.exe [PX5: 6847635E0031BF7978E500D454453000E3440291]
" }-

Thanks :) Now it is fixed!

-{ Quote: "Yes, Edge scans non-executable files on-demand but not on read/write. The last posts have been primarily focused on whether Edge would scan files that aren't actually doing anything on the system, which it does not as they do not pose a threat.

In the case of non-executable files, Edge runs local analysis and does not send anything up to the database in virtually all cases so we don't collect/analyze that data (for pictures/documents for instance)." }-So if I never ran a manual Scan, no non-executable files would be scanned (eg. .doc file opened/saved by Word, or mp3/avi files being played/accessed by a media player ?) ?

And... If I did run a manual scan and some doc/mp3/avi files were analysed, in virtually all cases, no file data, filename or file path would be sent to the PrevX servers ?

May I ask in what cases does PrevX collect/analyse data for non-executable files ?

-{ Quote: "Thanks :) Now it is fixed!" }-Lightning quick, as always! Do you ever sleep ? ;D

-{ Quote: "So if I never ran a manual Scan, no non-executable files would be scanned (eg. .doc file opened/saved by Word, or mp3/avi files being played/accessed by a media player ?) ?

And... If I did run a manual scan and some doc/mp3/avi files were analysed, in virtually all cases, no file data, filename or file path would be sent to the PrevX servers ?

May I ask in what cases does PrevX collect/analyse data for non-executable files ?" }-

We don't collect any data for non-executable files (it would simply be far too much server power required ;D we have billions of files and those are JUST executables :))

Locally, we run an analysis checking for exploits of non-executable files but you may see non-executable files being scanned in the "Scanning: " field. This is just because we don't look at the extension of the file - we read all of the files and check the file header to see if they're executable (as the file extension isn't reliable) so while it may look like we're scanning them, we most likely are going to ignore them :)

-{ Quote: "Lightning quick, as always! Do you ever sleep ? ;D" }-

I wish! ;D

One other thing - if I save the scan results, the log file is always opened in Notepad, rather than the app associated with the .log extension.

-{ Quote: "One other thing - if I save the scan results, the log file is always opened in Notepad, rather than the app associated with the .log extension." }-

Yes, that's true - we open it by default in Notepad just in case malware has modified the .log extension handler. Not much of a chance for that to really happen, but this way we execute a program which we know rather than an arbitrary associated program :)

Suppose Notepad has been modified/replaced by malware ? ;D

-{ Quote: "Suppose Notepad has been modified/replaced by malware ? ;D" }-

Fair point ;D It does cut down risk a "bit" however by controlling what we're opening it in ;D

I got a few FP's today :(

c:\windows\system32\drivers\oamon.sys
c:\windows\system32\drivers\oadriver.sys
c:\program files\superantispyware\saskutil.sys
c:\windows\system32\drivers\oanet.sys

-{ Quote: "I got a few FP's today :(

c:\windows\system32\drivers\oamon.sys
c:\windows\system32\drivers\oadriver.sys
c:\program files\superantispyware\saskutil.sys
c:\windows\system32\drivers\oanet.sys" }-

Hello,
Could you save a scan log and PM me the entries including these files? Thanks :)

-{ Quote: "We don't collect any data for non-executable files (it would simply be far too much server power required ;D we have billions of files and those are JUST executables :))

Locally, we run an analysis checking for exploits of non-executable files but you may see non-executable files being scanned in the "Scanning: " field. This is just because we don't look at the extension of the file - we read all of the files and check the file header to see if they're executable (as the file extension isn't reliable) so while it may look like we're scanning them, we most likely are going to ignore them :)" }-

If you only collect executable file data then does this mean that Edge cannot detect non-executable threats such as script viruses e.g. VBS?

-{ Quote: "If you only collect executable file data then does this mean that Edge cannot detect non-executable threats such as script viruses e.g. VBS?" }-

Edge protects primarily against executable threats (the vast majority) but we detect certain threats locally without submitting the data to the server.

The on demand isn't picking it up ???

-{ Quote: "The on demand isn't picking it up ???" }-

The files may have been automatically trusted by our database - if you send me a log after a scan it should contain the files (I'll PM you my email address :)) and I'll double check their status.

hi,
have you got an date for new release ? tank you

Arnaud

-{ Quote: "hi,
have you got an date for new release ? tank you

Arnaud" }-

We have a very exciting change/release/announcement coming very soon (that's all I can say for now ;))

-{ Quote: "We have a very exciting change/release/announcement coming very soon (that's all I can say for now ;))" }-

I'll be up early in the morning then ;D

-{ Quote: "We have a very exciting change/release/announcement coming very soon (that's all I can say for now ;))" }-

Looking forward to it.
(Patiently waiting)

Wow, the new version got a major GUI overhaul... gonna check it out now! ;)

edit: I see the self protection is enabled in Windows 7 x64 now? very nice!

edit2: The new interface is great! Very easy to use now, compliments to you guys!

-{ Quote: "Wow, the new version got a major GUI overhaul... gonna check it out now! ;)

edit: I see the self protection is enabled in Windows 7 x64 now? very nice!

edit2: The new interface is great! Very easy to use now, compliments to you guys!" }-

I was wondering how long it would take for someone to find it ;D (FWIW - the update is only for beta users currently)

Self protection is now enabled on x64, but the levels still aren't as strong as the ones on 32bit just because of how the OS is designed but we're going to be rolling out increased protection constantly behind the scenes :)

Thanks for the compliments! Please let me know if you find anything that needs improving/changing. We have a great deal of additional features coming soon as well, this merge was just the first step :)

Also, for what its worth - Prevx CSI and Prevx Edge are now completely merged into Prevx 3.0 (with CSI Cleanup and Edge Protection). This was done to significantly simplify the branding and make it into more of an "a la carte" product rather than having two separate downloads. Let me know if you have any questions!

-{ Quote: "was wondering how long it would take for someone to find it (FWIW - the update is only for beta users currently)" }-
Don't blame me, your installer works way to fast! ;D

Everything's running smooth for now, gonna run some stability tests later on.

Question about Edge settings: what exactly does 'Only alert me if an infection is found' in Basic settings do? I assume it makes Edge less talkative?

-{ Quote: "I'll be up early in the morning then ;D" }-
Me too!:P :P :P

Because v3.0.1.40 is just working far to well...and I need something to test! ;D

-{ Quote: "Wow, the new version got a major GUI overhaul... gonna check it out now! ;)" }-

But the main Status Window looks washed out here on Vista.

In addition the Security Status indicates that Edge's real-time protection is off.

However, I thought that previously the standalone Edge in evaluation mode gave protection in real time! :-\

CPU time may be up here too compared to solo Edge.

So without going through 3000+ posts,
how does one become a beta tester?

new version !
but warning, eset detect an FP :
http://www.wilderssecurity.com/showthread.php?p=1440201#post1440201

-{ Quote: "But the main Status Window looks washed out here on Vista.

In addition the Security Status indicates that Edge's real-time protection is off.

However, I thought that previously the standalone Edge in evaluation mode gave protection in real time! :-\

CPU time may be up here too compared to solo Edge." }-

Depending on your monitor, the status screen does indeed look a bit washed out - I'll see what our graphic designer has to say :)

Edge only provides realtime monitoring in the evaluation - it won't block threats but it will detect threats and scan (basically a realtime on-demand scanner).

Also, CPU usage should be lower in this version because of optimizations throughout and a simplification of the driver/usermode communication but if you see anything excessively high, let me know so I can investigate further :)

very nice :

207634

-{ Quote: "Question about Edge settings: what exactly does 'Only alert me if an infection is found' in Basic settings do? I assume it makes Edge less talkative?" }-

We have actually just moved this setting under 'Scheduler' now because it fits more logically there - if unchecked, Edge would show its window after a scan completes even if it is clean. It is set by default and does indeed make Edge less talkative.

What's the difference between the "Scan with Prevx 3.0" and "Scan with Prevx Edge" options in the context menu?

-{ Quote: "What's the difference between the "Scan with Prevx 3.0" and "Scan with Prevx Edge" options in the context menu?" }-

Nothing besides an apparent bug in the updater ;D Do you have both entries currently on your system? Ideally it would change it to just say "Scan with Prevx 3.0" however we'll be investigating this shortly to get it fixed in the next build :)

-{ Quote: "Nothing besides an apparent bug in the updater ;D Do you have both entries currently on your system? Ideally it would change it to just say "Scan with Prevx 3.0" however we'll be investigating this shortly to get it fixed in the next build :)" }-
Yes, got both entries in my context menu. Quick question, the name "edge" will be replaced by "3.0" ?

Edit: Never mind, answered my own question ;) still see the edge name in the menu.

-{ Quote: "Depending on your monitor, the status screen does indeed look a bit washed out - I'll see what our graphic designer has to say :)" }-
Definitely washed out on this laptop monitor. But the least of my worries with any program!

-{ Quote: " Edge only provides realtime monitoring in the evaluation - it won't block threats but it will detect threats and scan (basically a realtime on-demand scanner)." }-
Thanks. I meant detection and not protection previously.

-{ Quote: "We have actually just moved this setting under 'Scheduler' now because it fits more logically there - if unchecked, Edge would show its window after a scan completes even if it is clean. It is set by default and does indeed make Edge less talkative." }-
Thx for the clarification.

New beta looking good. ;D
So far running smooth as can be. :thumb:

-{ Quote: "I was wondering how long it would take for someone to find it ;D (FWIW - the update is only for beta users currently)" }-

Got it! Installer was as slick as ever. Yeeha...here we go!!!!! ;D

-{ Quote: "Nothing besides an apparent bug in the updater ;D Do you have both entries currently on your system? Ideally it would change it to just say "Scan with Prevx 3.0" however we'll be investigating this shortly to get it fixed in the next build :)" }-
I only have 'Scan with Prevx Edge' so perhaps another version of the same issue ???

-{ Quote: "new version !
but warning, eset detect an FP :
http://www.wilderssecurity.com/showthread.php?p=1440201#post1440201" }-

That would be a NOD32 problem.
Up to Eset to fix.

-{ Quote: "I only have 'Scan with Prevx Edge" }-

Same here.
No problems so far.

Hi Joe

Can you explain the rationale, when you have a moment, of both 'CSI malware Cleanup' AND 'Edge Realtime Protection' taking the user to 'License Information'? Seems a bit pointless if one has a license...or is this just a placeholder for something else yet to be released. ;)...as there is space available under 'Security Status'?

Other than that so far seems to be running a bit lighter both in terms of 'feel/responsiveness of rig' & what I am seeing in Task Manager & Process Explorer.

Well done...goes from strength to strength. :thumb: :thumb:

-{ Quote: "Hi Joe

Can you explain the rationale, when you have a moment, of both 'CSI malware Cleanup' AND 'Edge Realtime Protection' taking the user to 'License Information'? Seems a bit pointless if one has a license...or is this just a placeholder for something else yet to be released. ;)...as there is space available under 'Security Status'?

Other than that so far seems to be running a bit lighter both in terms of 'feel/responsiveness of rig' & what I am seeing in Task Manager & Process Explorer.

Well done...goes from strength to strength. :thumb: :thumb:" }-

This is primarily there just to show them their remaining license duration (shown on the license screen), however, we are planning more things to put under those menus to be a bit less... completely redundant ;D

-{ Quote: "This is primarily there just to show them their remaining license duration (shown on the license screen), however, we are planning more things to put under those menus to be a bit less... completely redundant ;D" }-
Understood...;) ;) ;D

-{ Quote: "I only have 'Scan with Prevx Edge' so perhaps another version of the same issue ???" }-

This is indeed an issue - we'll have the next update automatically clear down "Scan with Prevx Edge" by default as it installs so you'll be left with "Scan with Prevx 3.0".

Sorry for the bit of stolen screen real estate in your context menus for a day or so! ;D However, if you want to clean up the menu now, if you click Settings > Basic Configuration and untick the "Enable "Right Click" Scanning in Windows Explorer", click Save Changes, and then go back and re-enable it, it will clear down the menu and leave you with a single "Scan with Prevx 3.0" item :)

-{ Quote: "I was wondering how long it would take for someone to find it ;D (FWIW - the update is only for beta users currently)" }-

I tried the Beta download link just after you posted about the upcoming announcement and the was nothing there then - a bit too eager;D
Anyway, running nicely here - just looking forward to the filling now we have a nice new case to put it in ;)

I do like that new Prevx GUI...:thumb: ;D

Working fine here. Think the initial scan at install took a bit longer - or is it my imagination? As for the GUI - looks fine to me!

-{ Quote: "I do like that new Prevx GUI...:thumb: ;D " }-what is the news version?thanks

-{ Quote: "Working fine here. Think the initial scan at install took a bit longer - or is it my imagination? As for the GUI - looks fine to me!" }-

The initial scan does now take a bit longer as we've made some improvements to our rootkit engine and added some more scan areas :)

(It should get quicker on subsequent scans FWIW)

-{ Quote: "The initial scan does now take a bit longer as we've made some improvements to our rootkit engine and added some more scan areas :)

(It should get quicker on subsequent scans FWIW)" }-
Yes, subsequent system scan is about 10 seconds faster than previous version - but it can vary if memory serves.

What has improved in general realtime detection and or on demand scan?

-{ Quote: "Yes, subsequent system scan is about 10 seconds faster than previous version - but it can vary if memory serves.

What has improved in general realtime detection and or on demand scan?" }-

The core improvement lies in the much tighter integration between the scan engine and the interface. Realtime and on-demand scans should now be faster (relatively faster - on-demand scans now scan deeper in the same/less time) and a more versatile engine which will be used to facilitate security in an upcoming feature which is still behind the scenes :)

-{ Quote: "The core improvement lies in the much tighter integration between the scan engine and the interface. Realtime and on-demand scans should now be faster (relatively faster - on-demand scans now scan deeper in the same/less time) and a more versatile engine which will be used to facilitate security in an upcoming feature which is still behind the scenes :)" }-
Cool, Pitty I didnt know about this version a few hours ago - as I just finished testing Edge, SAS, MBAM and Avira to see how they handled rescuing a system infected with eight rogue Am/AVs!

Looking great! And smaller installer 788kb I guess you are on track to keep it under 1mb LOL

TH

Hi Joe

Just came across what I believe are a couple of FPs and am emailing you the Scan Log very shortly. ;)

Balders

Liking the new UI a lot. Loving the technology behind the fair face!

Love the new interface - fast and simply awesome. ;D

2 Prevx.......... Do u have the Rustock E ?

-{ Quote: "2 Prevx.......... Do u have the Rustock E ?" }-

I'm unaware of any Rustock variants higher than C (although it depends on where you get your nomenclature from :))

-{ Quote: "Love the new interface - fast and simply awesome. ;D" }-

theres a new UI? anyone post screenshots please :thumb:

EDIT: nvm i went back a page and saw it.... the new one looks awesome btw ;D

if the new version release, do i need to uninstall my old PE or it will do automatic update without uninstalling?

-{ Quote: "if the new version release, do i need to uninstall my old PE or it will do automatic update without uninstalling?" }-

It will automatically update to the newest version once we release it :)

-{ Quote: "It will automatically update to the newest version once we release it :)" }-

thanks!

do i need to turn off my AV when the new update pop up?

-{ Quote: "thanks!

do i need to turn off my AV when the new update pop up?" }-

Probably not - ESET has a FP against us at the moment, but I believe KIS is fine :)

What version/build is Edge up to now? I currently have 3.0.1.40...

-{ Quote: "What version/build is Edge up to now? I currently have 3.0.1.40..." }-

3.0.1.40 is the current live version but the beta is at 3.0.1.44 :)

I think that 3.0.1.44 GUI needs alittle more green in it maybe some a the top the bottom looks to have a wave! And for the first time I seen an amber Icon in the tray!

Hi, I currently have PrevxEdge 3.0.1.40 paid. I use it with NIS2009 with nothing on either disabled.Will it stay the same on the new version so it can be run along with another anti virus, real time? Thanks.


NIS 2009
WinPatrol
GeSWall
PrevxEdge

-{ Quote: "Hi, I currently have PrevxEdge 3.0.1.40 paid. I use it with NIS2009 with nothing on either disabled.Will it stay the same on the new version so it can be run along with another anti virus, real time? Thanks.


NIS 2009
WinPatrol
GeSWall
PrevxEdge" }-

Yes, it will always be compatible with all other major security products :)

Where is the beta download of the 3.0.1.44?

-{ Quote: "Yes, it will always be compatible with all other major security products :)" }-

Thanks and I think PrevxEdge is one Terrific program.;D

-{ Quote: "Where is the beta download of the 3.0.1.44?" }-

There is no beta download as such.

Beta testers are selected and added to the beta program, so only they get the update...For now :D

You have to PM PrevxHelp for the link!

TH

-{ Quote: "what is the news version?thanks" }-

Sorry I was out wreaking havok for a bit. There is a picture of it at post #3136...:o ;D

-{ Quote: "" }-The file "iexplore.exe.mui" was detected this evening as cloaked malware by PrevxEdge 3.0.1.40. I uploaded/checked this file to VirusTotal and am receiving NO detections OTHER than their version of Prevx1 V2...ALL other AV checks return negative. Earlier PE scans did not flag this file...this appears to be a false positive.

The file version is listed as:

8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

FWIW: Scans with current databases using Malwarebytes Anti-Malware (1.36) and Threatfire (4.1.0.25) both DO NOT detect this file.

Running: XPP+SP3 up to date + Windows Firewall + IE8 + PE 3.1.0.40 + Threatfire 4.1.0.25 - behind Netgear router.

galileo

-{ Quote: "The file "iexplore.exe.mui" was detected this evening as cloaked malware by PrevxEdge 3.0.1.40. I uploaded/checked this file to VirusTotal and am receiving NO detections OTHER than their version of Prevx1 V2...ALL other AV checks return negative. Earlier PE scans did not flag this file...this appears to be a false positive.

The file version is listed as:

8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

FWIW: Scans with current databases using Malwarebytes Anti-Malware (1.36) and Threatfire (4.1.0.25) both DO NOT detect this file.

Running: XPP+SP3 up to date + Windows Firewall + IE8 + PE 3.1.0.40 + Threatfire 4.1.0.25 - behind Netgear router.

galileo" }-

Hello,
Please try scanning again - I believe the false positive is fixed now :)

-{ Quote: "Hello,
Please try scanning again - I believe the false positive is fixed now :)" }-

...Bingo...scan is now clean...:)...Thanks!!!...

galileo

I get an alert during the installation of RJ TextEd. I believe it's a FP. RJ TextEd is a well known editor http://www.rj-texted.se/

Downloaded from the official site...if I remember well during installation Edge flagged Install.exe as a malware. Unfortunately I don't have the time to provide more infos, but I'm sure you'll check this.

Thank you.

Thought about something on the GUI, though... the color down to the left and such has a very weird, green color.

Please see the attached image!

EDIT: And while I'm still on it... Personally I think the green circle with a check could be slightly bigger. The space for the "check" looks a little too tight.

I am running a scan with beta version 3.0.1.44. See screenshots:

I don't agree with these detections, considering there were no detections with the current version 3.0.1.40, I was using previously.

Most likely FPs, Joe will fix them. It is beta.;)

The new GUI is awesome.

It may well be an accurate detection. I believe the new version scans areas that were not scanned previously. Also, see:

http://www.prevx.com/filenames/4042460208085755464-0/RSIT.EXE.html

-{ Quote: "It may well be an accurate detection. I believe the new version scans areas that were not scanned previously. Also, see:

http://www.prevx.com/filenames/4042460208085755464-0/RSIT.EXE.html" }-

Could you send me a scan log or an entry including the files? I suspect they "may" be FPs but its hard to tell with a program like this which accesses the system :) (some do it legitimately, some don't but they look very similar :))

-{ Quote: "It may well be an accurate detection. I believe the new version scans areas that were not scanned previously. Also, see:

http://www.prevx.com/filenames/4042460208085755464-0/RSIT.EXE.html" }-

Upload to VirusTotal for a quick check...:dry:...I received a "cloaked malware" FP last night (see above)...apparently either a database or a heuristics change has occurred in the last 24 hours and has resulted in an increased sensitivity to various "clean" files...

galileo

-{ Quote: "Could you send me a scan log or an entry including the files? I suspect they "may" be FPs but its hard to tell with a program like this which accesses the system :) (some do it legitimately, some don't but they look very similar :))" }-

I suppose you meant me, Joe.:)

Here is the first part of the scan log, hope it is what you need to fix the FPs.;)

Prevx Scan Log - Version v3.0.1.44
Log Generated: 7/4/2009 23:03, Type: 1,8192
Windows XP Professional Service Pack 2 (Build 2600) 32bit|1033
Some non-malicious files are not included in this log.
Heuristics Settings: Age: 2, Pop: 2, Heu: 2 (Dir: 1)
Last Scan: Tue 2009-04-07 20:26:30 E. Australia Standard Time. Number of Scans: 154. Last Scan Duration: 18 minutes 38 seconds.
[BP] h:\downloads copy\downloads\rsit.exe [PX5: FDC2281D1BB3A911EE270BF6DD664900B84D976D] Malware Group: High Risk Cloaked Malware
[DN] c:\recycler\s-1-5-21-1417001333-2049760794-725345543-1003\dc862.exe [PX5: 740143B42824D854FF6900F59C482F008779C99F] Malware Group: Community.OuterEdge
[B] h:\downloads copy\downloads\artificialdynamicssafespace1.2.107.exe [PX5: 7242C342007867888F75A911D50F8300E6272D8F] Malware Group: Low Risk Adware
[B] h:\downloads copy\downloads\artificialdynamicssafespace2.0.41.exe [PX5: 7242C34235786788A075AE11D50F8300E6272D8F] Malware Group: Low Risk Adware
[BP] h:\downloads copy\downloads\rsit.exe [PX5: FDC2281D1BB3A911EE270BF6DD664900B84D976D] Malware Group: High Risk Cloaked Malware
[U] (ACTIVE) c:\windows\system32\defensewall_serv.exe [PX5: 9766B22400ED6ABC50290160738CF50042CD79D3]
[U] (ACTIVE) c:\program files\opera 10.0 alpha\opera.exe [PX5: 4EFAD42D007EF469B829017B73836900EE370BD3]
[U] (ACTIVE) c:\windows\system32\drivers\dwall.sys [PX5: 81C359C700D686D8DC320A7864362C00E81DCE8F]
[UP] (ACTIVE) c:\program files\opera 10.0 alpha\opera.dll [PX5: E3467D9D00CF925F4E3B3BC7B5C3F9001AE5677B]
[U] (ACTIVE) c:\program files\sunbelt software\vipre\vipre.dll [PX5: E6350F1D28487D4345330480B5718C00A20CE2D7]

-{ Quote: "I suppose you meant me, Joe.:)

Here is the first part of the scan log, hope it is what you need to fix the FPs.;)
" }-

Oddly enough.... those files are each quite suspicious, after looking at their entries in the database. Could you email the files themselves to me so I can analyze them manually? (Sorry for the runaround, if they are FPs I want to get them fixed, but they are doing some things that programs "shouldn't" do ;D)

-{ Quote: "Thought about something on the GUI, though... the color down to the left and such has a very weird, green color.

Please see the attached image!

EDIT: And while I'm still on it... Personally I think the green circle with a check could be slightly bigger. The space for the "check" looks a little too tight." }-

I think the color looks a bit odd because it is a "mesh" rather than a solid color. Our graphic designer is going to be looking into GUI changes to make everything a bit slicker/less washed out and I'll be sure he's aware of this observation as well :)

I THINK I had an issue with the beta... not 100% sure.
I installed the beta, it then found a trojan (which in fact was not a trojan...), it then told me that the PC must be restartet, what I did, and it stopped at the login screen. I could not go back into Windows.
I then started Windows in safe mode, and did a system restore.
Now it boots fine, but it also reverted to the 3.0.1.40. I did not try to install the beta again.

-{ Quote: "I THINK I had an issue with the beta... not 100% sure.
I installed the beta, it then found a trojan (which in fact was not a trojan...), it then told me that the PC must be restartet, what I did, and it stopped at the login screen. I could not go back into Windows.
I then started Windows in safe mode, and did a system restore.
Now it boots fine, but it also reverted to the 3.0.1.40. I did not try to install the beta again." }-

You can save latest scan log and send it to PrevxHelp to look what may cause that :)

-{ Quote: "I THINK I had an issue with the beta... not 100% sure.
I installed the beta, it then found a trojan (which in fact was not a trojan...), it then told me that the PC must be restartet, what I did, and it stopped at the login screen. I could not go back into Windows.
I then started Windows in safe mode, and did a system restore.
Now it boots fine, but it also reverted to the 3.0.1.40. I did not try to install the beta again." }-

Could you let me know some information to help diagnose what might be going wrong? I'm interested in what OS you're using, what other security products you may have, what your self protection level is, and if you installed the beta over your existing installation or if you uninstalled/reinstalled.

Sorry for the inconvenience this caused :-\

so what I want to know is, since the beta, there are numerous reports here of possible FPs. Joe feels there may be some actual reality to these detections. Joe please let us know what you determine because I am hoping for actual detections. If FPs are real then what became of this statement.

"Hello all,
Just wanted to let you all know that we just completed a complex new module on the database which will dramatically reduce the number of false positives. This change is, by far, the widest reaching false positive reduction improvement we've ever implemented. It comes after a great deal of analysis over the data from the first 3 months of Edge being "in the wild". We've engineered this improvement so that it will not affect protection but only false positives - especially the ones reported here frequently with the age/spread warnings.

I do enjoy fixing false positives quickly, but I'm sorry to say I won't have to do it as often now I'm still here, of course, if you need any other assistance or if you do experience a FP which escapes our new "trap" for them"
!

-{ Quote: "so what I want to know is, since the beta, there are numerous reports here of possible FPs. Joe feels there may be some actual reality to these detections. Joe please let us know what you determine because I am hoping for actual detections. If FPs are real then what became of this statement.

"Hello all,
Just wanted to let you all know that we just completed a complex new module on the database which will dramatically reduce the number of false positives. This change is, by far, the widest reaching false positive reduction improvement we've ever implemented. It comes after a great deal of analysis over the data from the first 3 months of Edge being "in the wild". We've engineered this improvement so that it will not affect protection but only false positives - especially the ones reported here frequently with the age/spread warnings.

I do enjoy fixing false positives quickly, but I'm sorry to say I won't have to do it as often now I'm still here, of course, if you need any other assistance or if you do experience a FP which escapes our new "trap" for them"
!" }-

That still holds true. In light of Conficker and a number of other threats surfacing now, we've bumped up our heuristic levels on the server which have generated a handful more FPs. Most of the FPs reported here in the last few days are from the same files (iexplore.exe.mui for instance), or from people with heuristic settings on Maximum, or files that are simply so suspicious that we actually do need a sample to see the intent.

Its impossible to judge the FP rates of a program from forum posts where there is a wide range of users using abstract/unpopular/system-level utilities :) Across "normal" users (no offense intended ;D), FPs are down dramatically :)

that would make perfect sense. Thanks Joe.

-{ Quote: "Oddly enough.... those files are each quite suspicious, after looking at their entries in the database. Could you email the files themselves to me so I can analyze them manually? (Sorry for the runaround, if they are FPs I want to get them fixed, but they are doing some things that programs "shouldn't" do ;D)" }-


Email sent.:)

-{ Quote: "Email sent.:)" }-

After some careful analysis, the files ARE legitimate (a few other security vendors don't think so, however ;D) but personally I don't blame Edge for detecting these because they really are quite suspicious looking :)

Let me know if you find anything else!

-{ Quote: "Could you let me know some information to help diagnose what might be going wrong? I'm interested in what OS you're using, what other security products you may have, what your self protection level is, and if you installed the beta over your existing installation or if you uninstalled/reinstalled.

Sorry for the inconvenience this caused :-\" }-

As much info I can give:

OS: Vista Ultimate 32-Bit SP1
Other Security Products: NOD32 V4.0.417.0, DefenseWall V2.53, Vista Firewall Control
Self protection level: Medium
I installed the beta over the existing non-beta

It MIGHT have been something else, who knows, and just happen at the same time. I will just observe and will install the beta again.

-{ Quote: "After some careful analysis, the files ARE legitimate (a few other security vendors don't think so, however ;D) but personally I don't blame Edge for detecting these because they really are quite suspicious looking :)

Let me know if you find anything else!" }-
thanks for the clarification and honesty.:thumb:

1 more FP:

PS3 Media Server (pms.exe) - Program to stream video/audio/images to PS3 via lan

"High Risk Cloaked Malware" is the message.

-{ Quote: "1 more FP:

PS3 Media Server (pms.exe) - Program to stream video/audio/images to PS3 via lan

"High Risk Cloaked Malware" is the message." }-

Fixed :) It does indeed look suspicious, especially with some of the underlying proxy/low-level network functionality, it looks like a covert keylogger.

Running the newest version here 3.0.1.46 Beta any change log?

TH

I love the new GUI... left tabs are better.

I'm afraid the self-protection does basically nothing on win 7 x64. Prevx has his self-protection on medium but both processes are easily shut down by task manager

-{ Quote: "I'm afraid the self-protection does basically nothing on win 7 x64. Prevx has his self-protection on medium but both processes are easily shut down by task manager (placebo effect?)" }-

We'll be putting additional self protection in soon but for now the levels apply to internal settings rather than the processes as the 64bit architecture doesn't support the same kinds of hooking which security vendors use on 32bit OS's.

-{ Quote: "Running the newest version here 3.0.1.46 Beta any change log?

TH" }-

Some dialog changes (registered users are given a dialog with a button named "Remove" if Edge blocks it in realtime) and if you look under the Settings > Basic Configuration menu, you can "Automatically block files when detected without prompting". There is also a bug fix for right click scanning over networked drives (which completely fixes it finally ;D) and a handful of changes to features which are not yet visible :)

So the "Child Proof" block has been added. Great.:thumb:

just installed .46 on 3 computers. Full scan and not one FP. I really thought I would. I love the GUI, it is amazing how fast you continue to evolve Edge. Others could learn. Lol.

But it is running perfectly on all computers. Do you folks ever crap?::)

Hi Joe

v3.0.1.46 running here smooth as silk...so smooth in fact that I did not notice the upgrade from 44 to 46 ;D

However, when I went into 'Advanced Scan' I found the previoulsy checked 'Use Smart scanning to improve speed' unchecked although I had previously hecked it in 44. I suspect that the update resets the check box to unchecked. Is there any way to keep the previous setting as part f an update to a new version?

Will check to make sure that closing down does not wipe the setting as well as there is no 'Save Changes' option on that panel. ;D

-{ Quote: "Hi Joe

v3.0.1.46 running here smooth as silk...so smooth in fact that I did not notice the upgrade from 44 to 46 ;D

However, when I went into 'Advanced Scan' I found the previoulsy checked 'Use Smart scanning to improve speed' unchecked although I had previously hecked it in 44. I suspect that the update resets the check box to unchecked. Is there any way to keep the previous setting as part f an update to a new version?

Will check to make sure that closing down does not wipe the setting as well as there is no 'Save Changes' option on that panel. ;D" }-

Currently the Smart Scan checkbox doesn't persist but we'll make it persist in the next version :) Thank you for the suggestion!

-{ Quote: "
Do you folks ever crap?::)" }-
What kind of question is that? ;D

-{ Quote: "After some careful analysis, the files ARE legitimate (a few other security vendors don't think so, however ;D) but personally I don't blame Edge for detecting these because they really are quite suspicious looking :)

Let me know if you find anything else!" }-

Two down, one to go!;D

Prevx Scan Log - Version v3.0.1.44
Log Generated: 8/4/2009 05:11, Type: 1,8192
Windows XP Professional Service Pack 2 (Build 2600) 32bit|1033
Some non-malicious files are not included in this log.
Heuristics Settings: Age: 2, Pop: 2, Heu: 2 (Dir: 1)
Last Scan: Wed 2009-04-08 05:07:29 E. Australia Standard Time. Number of Scans: 155. Last Scan Duration: 20 minutes 16 seconds.
[DN] c:\recycler\s-1-5-21-1417001333-2049760794-725345543-1003\dc862.exe [PX5: 740143B42824D854FF6900F59C482F008779C99F] Malware Group: Community.OuterEdge
[B] (ACTIVE) h:\downloads copy\downloads\artificialdynamicssafespace2.0.41.exe [PX5: 7242C34235786788A075AE11D50F8300E6272D8F] Malware Group: Low Risk Adware

P.S. Also, noticed new beta 3.0.1.46 is out, will try soon!

-{ Quote: "What kind of question is that? ;D" }-
xD can't stop laughing:thumb: :thumb: ;D ;D

-{ Quote: "Two down, one to go!;D " }-

Fixed (completely this time ;D)

-{ Quote: " Do you folks ever crap?::)" }-

Our automated analysis systems don't... yet... ;D

Version 3.0.1.46 beta scanning now! :)

-{ Quote: "Our automated analysis systems don't... yet... ;D" }-
Aren't they designed by Prevx to deal with the crap? ;D

They seem to do it very, very well!!! :thumb:

Nearly there.....finished! :)

-{ Quote: "Our automated analysis systems don't... yet... ;D" }-

To quote: "As of today", the Prevx database has yet to take a crap. ;D


On a completely different note, and I just have to say this... the new interface overall is so neat! :D

any news of release date re: new version?

i got 1 FP, ive sent u a PM PrevxHelp

I like what I see

Hi guys!

Well I just got a question.

Will Prevx Edge run well together with CIS (Comodo internet security)
as i currently use. I run the full suite with AV, FW, and D+.
Or will they start a fight? :P

And if some one here DO run Edge and CIS together how does it work?

Thanks.

-{ Quote: "Hi guys!

Well I just got a question.

Will Prevx Edge run well together with CIS (Comodo internet security)
as i currently use. I run the full suite with AV, FW, and D+.
Or will they start a fight? :P

And if some one here DO run Edge and CIS together how does it work?

Thanks." }-

they should work fine together, but only way to know for sure is to try it out.

-{ Quote: "any news of release date re: new version?" }-

We're still adding new functionality but it should be out in the next week or two :)

-{ Quote: "Hi guys!

Well I just got a question.

Will Prevx Edge run well together with CIS (Comodo internet security)
as i currently use. I run the full suite with AV, FW, and D+.
Or will they start a fight? :P

And if some one here DO run Edge and CIS together how does it work?

Thanks." }-

We are fully compatible with CIS and as firzen771 says, the best way to see is to try it ;D

Thanks to both of you guys, i'll guess i might have to try it out then :o

:thumb:

Hmmm...apologies but the thread linkage appears to be broken because pouring through the "bowels" of this topic I distinctly recall TRJAM commenting on how "PX folks find time to Continually Read All Posts"?

-{ Quote: "Our automated analysis systems don't... yet... ;D" }-

However for accuracy .... on a historical note in the distant past they used to PAWS for the odd dump.....

This caught me out with the upgrade to the beta version. See screenshot:
It is self explanatory. Edit: spelling

I solved the problem with following Joe's advice as per here > http://www.wilderssecurity.com/showpost.php?p=1440244&postcount=3151-{ Quote: "

......., if you click Settings > Basic Configuration and untick the "Enable "Right Click" Scanning in Windows Explorer", click Save Changes, and then go back and re-enable it, it will clear down the menu and leave you with a single "Scan with Prevx 3.0" item :)" }-

Ooooerrr - Checkout >
http://www.wilderssecurity.com/showthread.php?t=233638

This TF update conceptually looks unerringly familiar? I trust they haven't inadvertently infringed any Prevx patents?

-{ Quote: "Ooooerrr - Checkout >
http://www.wilderssecurity.com/showthread.php?t=233638

This TF update conceptually looks unerringly familiar? I trust they haven't inadvertently infringed any Prevx patents?" }-

Patents are a joke in most cases. Don't tell me that in-the-cloud idea and technology is an invention of Prevx or PCTools. I don't know if you're talking about something more specific...

Patents are made for 2 reasons mainly:
1. Protect your ass
2. Make money when you have no more ideas and you have forgotten that a business has to produce and not shoot on others.

Most cases on patent infringements end out of courts because everyone has stepped over a patent of someone else. It's a tricky game.

Hi Joe

v3.0.1.47 just said hello with a post installation scan of my rig. Installatin so msooth I did not notice is...as usual. ;)

The Smart Scan check box under Advanced Scan seems to have retained its setting between updates. :thumb:

However, with .47 I got an Alert re. a Rootkit affecting \\.\physicaldrive0\mbr with a designation of Rootkit.mbr...with only the option buttons of 'Scan My PC Again' and 'Cleanup Now'.

As I have RollBack Rx installed & protecting C: (drive 0) I had to right click & flag as a false positive/ignore.

I recall have seen this before and previously had 'Trust Always' or 'Block' options available and I think that there was talk about this changing...cannot recall completely. Is this the right way to handle this going forward? Interestingly enough the scan following the update to .44 & .46 DID NOT reveal this so I was a wondering...???

Thought I would raise it in case there is anyone coming across this.

-{ Quote: "Hi Joe

v3.0.1.47 just said hello with a post installation scan of my rig. Installatin so msooth I did not notice is...as usual. ;)

" }-

One thing I actually think about is that the "Status"-popup comes up when a program update takes place. Ofc this is nothing major, but still something I wanted to mention while we're talking about how "smooth" the installation is. Doesn't get much better than this though... :)

We're investigating the MBR detection. We recently added scanning for a new MBR rootkit but apparently there are issues - we should have a fix shortly :)

This is on the db-side, meaning that it applies to both the beta and final version, right? Thought the MBR detection was through heuristics. Is it both? (e.g. the new identifiable MBR can be detected through a signature?)

-{ Quote: "This is on the db-side, meaning that it applies to both the beta and final version, right? Thought the MBR detection was through heuristics. Is it both? (e.g. the new identifiable MBR can be detected through a signature?)" }-

It is both, but this false positive was caused through heuristics locally. We have v3.0.1.48 coming out now (to beta ;D) which corrects this issue :)

-{ Quote: "One thing I actually think about is that the "Status"-popup comes up when a program update takes place. Ofc this is nothing major, but still something I wanted to mention while we're talking about how "smooth" the installation is. Doesn't get much better than this though... :)" }-

Are you updating manually or by clicking "Check for updates"? Also, are you using a limited user account? Updating "should" take place silently, but there are a few cases where it wouldn't.

Our goal is to make everything as seamless as possible :)

-{ Quote: "Are you updating manually or by clicking "Check for updates"? Also, are you using a limited user account? Updating "should" take place silently, but there are a few cases where it wouldn't.

Our goal is to make everything as seamless as possible :)" }-
.46 upgrade to .48 went fine here ;)

Joe,
I am currently running 46, have not had an automatic update and if I click 'check for updates' it tells me I have the latest version. And yes, I do have 'Automatically download and apply updates' ticked.
When I ran CSI before Edge was released it always updated automatically, but Edge has never updated automatically or responded to the 'Check for updates' request - it always says I am up to date no matter if I am running a released version or a beta, I have always had to download and install manually.
Another personal bug particular to my machine?

-{ Quote: "Joe,
I am currently running 46, have not had an automatic update and if I click 'check for updates' it tells me I have the latest version. And yes, I do have 'Automatically download and apply updates' ticked.
When I ran CSI before Edge was released it always updated automatically, but Edge has never updated automatically or responded to the 'Check for updates' request - it always says I am up to date no matter if I am running a released version or a beta, I have always had to download and install manually.
Another personal bug particular to my machine?" }-

Very interesting... could you send me your license key by PM? I'll take a look to see if there is anything clearly breaking it.

-{ Quote: "Very interesting... could you send me your license key by PM? I'll take a look to see if there is anything clearly breaking it." }-

Sent :thumb:

-{ Quote: "It is both, but this false positive was caused through heuristics locally. We have v3.0.1.48 coming out now (to beta ;D) which corrects this issue :)" }-
Got it and installed it. Removed the Ignore I set against the MBR detection and will scan to see if it is detected again. Will advise as to result shortly.

Cheers


Balders;D

OK!

Run with .48 and Ignore of MBR change detection removed...worked! No detection of the legitemate change by RollBack Rx.

Nice one the Prevx Team! :thumb: :thumb:

-{ Quote: "OK!

Run with .48 and Ignore of MBR change detection removed...worked! No detection of the legitemate change by RollBack Rx.

Nice one the Prevx Team! :thumb: :thumb:" }-

Good to hear :) Note that we HAVE corrected the detection issue and will be releasing the new version (to beta :)) by tomorrow :)

Beta 3.0.1.48 - If one has a password protecting access to the settings, then when one right-clicks the tray icon and selects "Configure Protection" the password dialog box is hidden underneath the main configuration dialog window. Thus, if one clicks "Settings" or "Configure" nothing appears to happen. If one looks at the Task Bar the "Password Required" button is there but, it does trick you for a minute....ya might want to have the password dialog box pop-up on top of the main dialog window....;)

galileo