3.0.1.56 running fine here.

I have been running Edge on medium self protection for ages but have now set it to maximum - are there any known issues / disadvantages with this? The only other AM I have is Windows Defender.

-{ Quote: "3.0.1.56 running fine here.

I have been running Edge on medium self protection for ages but have now set it to maximum - are there any known issues / disadvantages with this? The only other AM I have is Windows Defender." }-

No, that should be fine :) We've done a significant amount of work in the more recent versions which reduces the chance of incompatibilities with maximum self protection so you should be safe to use it on maximum :)

Thanks. What exactly does setting it to maximum do? Is there any chance of it causing slowdown on the system? Im assuming updates will still work without reboots?

PS - you may want to change the text on the self protection screen... "This option may result in incompatibilities of you are using multiple other security products" clearly, should be "This option may result in incompatibilities of you are using multiple security products" or "This option may result in incompatibilities of you are using other security products"

-{ Quote: "Thanks. What exactly does setting it to maximum do? Is there any chance of it causing slowdown on the system? Im assuming updates will still work without reboots?" }-

Maximum protects against every known termination technique/termination leaktest. The impact should only be marginal and updates will still work without reboot :)

-{ Quote: "To help you envisage why it looks "weird", here's a screenshot of the background alone without the "content area" covering it :)
http://img2.imageshack.us/img2/2971/p3gui.jpg

I originally wanted the main content area to be semi transparent so that you could see the background faintly through it, but Joe was scared of breaking the 1MB boundary. He's the bane of my graphical existence! ;)" }-

Looks good - keep up the good work! ;) It looks great anyway, don't worry. ;D Now it's clear to me. :)

I'm not sure, but just to note I think that Prevx didn't give its pop-up about status when automatically updating this time - will try to finally confirm sometime. :) Promising atleast. :D

@PrevxHelp

Congrats with the release of Prevx 3! ;D

I do have a question:

Previously I purchased "Annual Edge and Cleanup for 1 PC" (I did not activate this license yet). When I upgrade my license today (add another pc and extend my license by a further 12 months) and start using the license on pc 1 today, but on pc 2 in 2 months, will the expiry date for both computers be April 15, 2011, or will it be April 11, 2011 for pc 1 and June 11, 2011 for pc 2. In other words, in this case would it be better to buy a separate license for pc 2 instead of upgrading my existing license?

Best regards,

Alley

@PrevxHelp

Password dialog box (3.0.1.56) pops-under the Prevx window after right-clicking Configure Protection from the tray icon menu....:'(

galileo

-{ Quote: "@PrevxHelp

Password dialog box (3.0.1.56) pops-under the Prevx window after right-clicking Configure Protection from the tray icon menu....:'(

galileo" }-

I just tried that here and it worked fine... what OS are you using? :-\

.56 up and running really smooooooth here. ;D In fact as this seems to be the norm and has been for a while now...and it is getting boring!;)

Spewaking seriously, have tried the FPs that I have experienced in the past and so far not a twitter from Prevx...as I would expect as they are FPs.

Really cool! :thumb:

-{ Quote: "I do have a question:

Previously I purchased "Annual Edge and Cleanup for 1 PC" (I did not activate this license yet). When I upgrade my license today (add another pc and extend my license by a further 12 months) and start using the license on pc 1 today, but on pc 2 in 2 months, will the expiry date for both computers be April 15, 2011, or will it be April 11, 2011 for pc 1 and June 11, 2011 for pc 2. In other words, in this case would it be better to buy a separate license for pc 2 instead of upgrading my existing license?" }-

The expiry date is stamped to the license key, meaning the expiry for both computers will be the same. For different expiry dates you would need 2 separate licenses...

-{ Quote: "so far not a twitter from Prevx..." }-

Good to hear :) I guess our FPs don't follow new Web 2.0 technologies ;D

Hello!
I can't find it ... can I set scheduled scan to do Full Scan?

-{ Quote: "Hello!
I can't find it ... can I set scheduled scan to do Full Scan?" }-

The Full Scan really doesn't need to be used often so we have the scheduled scan run a default deep scan. The Full Scan will only detect additional files which are dormant on the system but not a threat so you will be safe by just running normal deep scans as the scheduled scan :) (which is why we don't have a configuration option to set the type of scan to run on the scheduled scan).

-{ Quote: "I just tried that here and it worked fine... what OS are you using? :-\" }-
XP Pro SP3 fully updated (4.15.2009). This pop-under behavior is erratic - about half the time it is on top and half the time it is under. There does not seem to be any particular pattern to the behavior....other than that it is not consistent.

galileo

Prevx Edge 3.0.1.56 up and running. :thumb:
I see you've been working on the Prevx website as well........very nice. ;D

In main Status Window of the beta, security status options do not correspond to configuration/details selection.

For example selecting details of the CSI malware cleanup just leads to the License Window and configuration of the Realtime Infection Monitoring just leads to the Tools Window.

-{ Quote: "In main Status Window of the beta, security status options do not correspond to configuration/details selection.

For example selecting details of the CSI malware cleanup just leads to the License Window and configuration of the Realtime Infection Monitoring just leads to the Tools Window." }-

Yes, currently the only details of the cleanup/protection is the license screen, showing you what the duration left on your license is, and then the configure button brings you to the Tools window which will let you Suspend Protection.

They will be expanded upon in the future but for now this gives users a way to get at the options a bit easier :)

I guess we are going to have to start a new thread now that Prevx 3.0 is the standard and includes Edge & CSI! ;)

TH

Installed another OA beta, got another malware popup for edge, selected trust forever so I could finish the install. Removed override, scanned again, sent you scan results again.

-{ Quote: "Installed another OA beta, got another malware popup for edge, selected trust forever so I could finish the install. Removed override, scanned again, sent you scan results again." }-

Thanks - this file was found because of your high heuristics settings but I've marked it good now :)

What do you recommend? Should I reduce the heuristics level, or just mark them FPs when they happen. Lots of betas in the world. :)

-{ Quote: "What do you recommend? Should I reduce the heuristics level, or just mark them FPs when they happen. Lots of betas in the world. :)" }-

The OA betas tend to get flagged because of how intrusive it is (without trying to sound condescending to it, but it is a security program ;D)

Its probably best to just click Trust Always on the files as they come in - the FPs should be automatically fixed once the beta is used by a wider audience or trusted by behavioral analysis.

Would certainly appreciate a competitive upgrade offer to get Edge for the 3 computers at my house.


Joe

I checked for updates, and it still said I had the latest version. Is this normal after an update? Anyway, I downloaded the new version from the website, and it's running fine.

-{ Quote: "I checked for updates, and it still said I had the latest version. Is this normal after an update? Anyway, I downloaded the new version from the website, and it's running fine." }-

mine too....i restarted my PC, still no success

-{ Quote: "I checked for updates, and it still said I had the latest version. Is this normal after an update? Anyway, I downloaded the new version from the website, and it's running fine." }-

This is normal :) The new version is available to new users or via direct download but won't be available for upgrade for a few days until other AV vendors fix any FPs and we ensure there aren't any outstanding issues.

-{ Quote: "This is normal :) The new version is available to new users or via direct download but won't be available for upgrade for a few days until other AV vendors fix any FPs and we ensure there aren't any outstanding issues." }-

do i need to uninstall my old PE after downloading the new version?

-{ Quote: "do i need to uninstall my old PE after downloading the new version?" }-

No, you can install it over your existing copy and it will automatically upgrade your installation.

My HIPS(SSM) let me know that the update was underway. The systray icon disappeared, but did not come back. Apparently, the update process stalled.

I went into > C:\Documents and Settings\<myname>\Local Settings\Temp > see screenshot:

Because, I run DefenseWall, I right-clicked pxinstall.exe > Run as trusted

After, doing this the Prevx icon reappeared in the systray.

Edit: screenshot altered :ouch:

-{ Quote: "No, you can install it over your existing copy and it will automatically upgrade your installation." }-


thanks!

3.0.1.56 works good.

-{ Quote: "Would certainly appreciate a competitive upgrade offer to get Edge for the 3 computers at my house." }-

We don't have a official competitive upgrade as our products can work alongside other security software rather than being mutually exclusive.

However, I've PM'd you a 10% coupon code for a 3 PC purchase :)

Prevx 3.0 locked and loaded and working great here. Congrats on the new release!!!

Hello.My Prevx edge detected this tonight (Threat c:\windows\system32ambrune.dll) as high risk fradudulent.I uploded it to virus total and prevx is the only one that detects anything.Is this a false positive?I use Vista Home premium 64 bit sp1.Thanks in advance

-{ Quote: "Hello.My Prevx edge detected this tonight (Threat c:\windows\system32ambrune.dll) as high risk fradudulent.I uploded it to virus total and prevx is the only one that detects anything.Is this a false positive?I use Vista Home premium 64 bit sp1.Thanks in advance" }-

I've sent you a PM - its hard to say if the file is legitimate or not but I'll check it out once you send a log :)

I started running Edge on maximum self protection yesterday. I noticed some of the dialogue boxes pop up with the windows 2000 design (I run Vista). It had the vista theme before. Is this because Im running on max self protection or a fault with 3.0.1.56?

-{ Quote: "I started running Edge on maximum self protection yesterday. I noticed some of the dialogue boxes pop up with the windows 2000 design (I run Vista). It had the vista theme before. Is this because Im running on max self protection or a fault with 3.0.1.56?" }-

I haven't seen this happen before but this looks more like an OS issue, which "could" be caused because of maximum self protection but it is unlikely. You may want to try going back to Medium and see if that corrects the issue, but it could also just be something internal to the OS which isn't rendering the skinned graphics properly.

I have to remake all my italian guide of Edge/3.0 but ...
good job Prevx
thanks joe and I see even the new guide for 3.0, great, great great.
You are simply the best

-{ Quote: "I have to remake all my italian guide of Edge/3.0 but ...
good job Prevx
thanks joe and I see even the new guide for 3.0, great, great great.
You are simply the best" }-

What a great guide!!!
I really like your style ;)

Keep it up:thumb:

Anway, PrevxResearch, maybe post a video with newest MBR rootkit under your Youtube's account ;)?
Would be awsome!

ok, if it is now 3.0 and not Edge, why cant it use the tray icon of 2.0 8)

-{ Quote: "ok, if it is now 3.0 and not Edge, why cant it use the tray icon of 2.0 8)" }-

How about this... the option to change some appearance settings? :D

I just want the green ball back.:-\

The latest beta (or is 56 a beta? ???) detected the following file on my partition for Windows 7, and I couldn't find any clear information on what it's when searching for information on it:

amcompat.tlb


All I know is that, what Prevx classifies it as, that's, High Risk Fraudulent Security Program, I definitely don't have on that installation. Seriously, how could I have that? :D

Anyway, should I send you a log, PrevxHelp?

-{ Quote: "I just want the green ball back.:-\" }-

:) - then my suggestion might be a solution. Selection of things like GUI and tray-icon. ;)

-{ Quote: "The latest beta (or is 56 a beta? ???) detected the following file on my partition for Windows 7, and I couldn't find any clear information on what it's when searching for information on it:

amcompat.tlb


All I know is that, what Prevx classifies it as, that's, High Risk Fraudulent Security Program, I definitely don't have on that installation. Seriously, how could I have that? :D

Anyway, should I send you a log, PrevxHelp?" }-

Yes please :) It is most likely not a high risk fraudulent security program, rather, a FP because Windows 7 is still a beta :)

-{ Quote: "I just want the green ball back.:-\" }-

I thought you liked the new tray icon :'(

We do try and keep at least some level of consistency so GUI configuration for consumers probably won't be a feature :-\

-{ Quote: "I thought you liked the new tray icon :'(

We do try and keep at least some level of consistency so GUI configuration for consumers probably won't be a feature :-\" }-

Well looks might be one thing but I rather have the best security features instead! ;)

TH

-{ Quote: "I thought you liked the new tray icon :'(

We do try and keep at least some level of consistency so GUI configuration for consumers probably won't be a feature :-\" }-

Don't worry, Joe - we like you guys anyways. ;D

Now, I'm curious if "Threats found today" should say "-1" just because you've set an override for FP. ??? :D

I do like it, but one can always shoot for the stars.

-{ Quote: "Don't worry, Joe - we like you guys anyways. ;D

Now, I'm curious if "Threats found today" should say "-1" just because you've set an override for FP. ??? :D" }-

It should probably still just be 0 ;D

I'ved fixing the FP now. FWIW - it was caused just because your Windows 7 build is quite new and we have yet to go through and collect all of the data from it so FPs could occur on some of the more "non-standard" components.

Microsoft keeps releasing massive updates to Windows 7 behind the scenes (which is great for users... not so great for antivirus research ;D)

-{ Quote: "What a great guide!!!
I really like your style ;)

Keep it up:thumb:

Anway, PrevxResearch, maybe post a video with newest MBR rootkit under your Youtube's account ;)?
Would be awsome!" }-
Thanks :thumb:
Just a thing: youtube account isn't mine, I only link to the page, here Prevx Research (the owner, alias Joe or Eraser) put new movie about Prevx against malware http://www.youtube.com/user/PrevxResearch

OK, I'm trying to look up this Prevx thing, and every link I can find redirects me to a slightly different page.

If I google "prevx edge", it shows the link of www.prevx.com/prevxedge.asp

When I click on that, it goes to http://www.prevx.com/freescan.asp instead.

Did they change all their links? Is it no longer called "Edge"?

-{ Quote: "OK, I'm trying to look up this Prevx thing, and every link I can find redirects me to a slightly different page.

If I google "prevx edge", it shows the link of www.prevx.com/prevxedge.asp

When I click on that, it goes to http://www.prevx.com/freescan.asp instead.

Did they change all their links? Is it no longer called "Edge"?" }-

Yes, Prevx Edge is now superseded by Prevx 3.0, which is basically Edge combined with CSI in a more straightforward interface with a number of new technologies, many of which will be released in the coming weeks/months :)

-{ Quote: "Thanks :thumb:
Just a thing: youtube account isn't mine, I only link to the page, here Prevx Research (the owner, alias Joe or Eraser) put new movie about Prevx against malware http://www.youtube.com/user/PrevxResearch" }-

Yes I know that you are not the owner ;)

-{ Quote: "It should probably still just be 0 ;D

I'ved fixing the FP now. FWIW - it was caused just because your Windows 7 build is quite new and we have yet to go through and collect all of the data from it so FPs could occur on some of the more "non-standard" components.

Microsoft keeps releasing massive updates to Windows 7 behind the scenes (which is great for users... not so great for antivirus research ;D)" }-

Just so you know, this was the "famous" (what!? ;D) RC1, that's, build 7077 - and not even the latest available. :D

My main-window clearly says "Threats found today: -1", so really no need to make a screenshot of it. ;D

Using .56 when I R/click to scan a drive or folder the Windows 'open with' menu pops up instead of scanning the selected item, using WinXP SP3.

Right click scanning not working here either.

I will get this..............

207969

or this...............

207971

I had right click scanning stop working too and did an uninstall and reinstall to fix it. Wrote it off to too many betas over betas, and haven't had a recurrence.

Can you try uninstalling and reinstalling? We have had a couple reports of this from beta users here but haven't received any reports at all from users outside of beta testers.

-{ Quote: "I had right click scanning stop working too and did an uninstall and reinstall to fix it. Wrote it off to too many betas over betas, and haven't had a recurrence." }-

Thanks for the suggestion.

-{ Quote: "Can you try uninstalling and reinstalling? We have had a couple reports of this from beta users here but haven't received any reports at all from users outside of beta testers." }-

Was just about to try.

Uninstall and reinstall fixed it for me, however it still wants to scan all drives on my computer even if I only select a folder.

Uninstall and reinstall appears to have corrected the right click scan issue. :thumb:
Many thanks. ;D

Has anyone tried using Prevx3 as the sole protection? Now that Nod32 is getting more bloated & unstable with each version, I'm starting to think or hope that maybe Prevx3 has "come of age" & can handle security on it's own.

A few questions.....
Would Prevx3 protect against email virus attacks?
How would Prevx3 protect against phishing email?
Could Prevx3 be used in a server (SBS) environment?

-{ Quote: "
A few questions.....
Would Prevx3 protect against email virus attacks?
How would Prevx3 protect against phishing email?
Could Prevx3 be used in a server (SBS) environment?" }-

Prevx 3.0 has no integration into email scanning, however, it will block threats coming into the system from emails/other means. We don't have any phishing/spam protection, but there are numerous free services which provide that which you can use on top of Prevx 3.0.

We currently don't have complete server support because Prevx 3.0 requires a logged in user but we will soon be adding full server support.

It seems that the right-click scanning is broken for executable files (3.0.1.56). I tried reinstalling but the problem still persists. It works for non-executable files (ie. archives, documents, etc.).

Im getting a lot of RKitz

"U"might have this, but if "U" want i will be glad 2 send it 2 "U"

TCSP Rustock (e-mail-request SUBM)

-{ Quote: "Im getting a lot of RKitz

"U"might have this, but if "U" want i will be glad 2 send it 2 "U"

TCSP Rustock (e-mail-request SUBM)" }-

Send 'em over ;D Always interested in something new to play with :)

-{ Quote: "Send 'em over ;D Always interested in something new to play with :)" }-



e-mail plz?

-{ Quote: "e-mail plz?" }-

PM sent :)

Hello
Is there a change log available yet so we can see what's different with each new version?
Thanks

-{ Quote: "PM sent :)" }-
You have a PM....

I know you hate me harping about it Joe, but I swear I am still amazed at the FPs just from this group here. What about all the other users who may not know and delete it.

Are the ones caused by Windows 7 and IE8 detected by the vast number of AV products. You said last week Prevx was pouring over the ones from last month to determine the cause. Any finds? No offense but it seems that Wilders members are the ones trying to fix this.

Not busting your chops but it would help us all for some clarification on this continuing problem.

thank you

The interface is great overall, but maybe a little too tight at different places? See my attached image just for an example...

-{ Quote: "I know you hate me harping about it Joe, but I swear I am still amazed at the FPs just from this group here. What about all the other users who may not know and delete it.

Are the ones caused by Windows 7 and IE8 detected by the vast number of AV products. You said last week Prevx was pouring over the ones from last month to determine the cause. Any finds? No offense but it seems that Wilders members are the ones trying to fix this.

Not busting your chops but it would help us all for some clarification on this continuing problem.

thank you" }-

With all due respect, but I personally don't think that less than one FP per day is an amazing amount for a thread with > 110,000 views.

The FP was caused on Windows 7, an OS used by a very small portion of the population, and isn't found by a number of other AV products but our technology doesn't work like other AV products - the file in question was seen by a very small number of users and got caught by a rule which we use to do just that.

We found a number of areas which were causing more FPs than normal and they have since been fixed (just finishing up the last bits over the coming days).

Correct me if I'm wrong, but I just honestly don't see that big of a problem here... every AV has false positives, and we don't have the online forms that many of them do to submit FPs so the users here send them to me by posting on the forum directly, bringing a much heavier light to them than other companies show.

My (as good as I can make it) unbiased opinion of our FPs is that we are very good - I've only ever seen one FP from us after the Edge release and that was on Windows 7 on a new component which was released via Windows Update, minutes before.

We have literally millions of users who have never seen an infection on their PC - proving the fact that we have an extremely low FP rate, otherwise we would have an inbox full of FP complaints.

-{ Quote: "The interface is great overall, but maybe a little too tight at different places? See my attached image just for an example..." }-

Good catch :) We'll knock that over a few pixels so it fits properly :thumb:

And one last one I want to clarify. You say here (http://www.wilderssecurity.com/showpost.php?p=1349954&postcount=482) that Prevx collects no personal data. But in your Eula it states the following.


Personal Data You Provide

Prevx collects the personal data you provide to us when you use this Site. This information may include, for example, your name, the name of your company, your or your company's mailing address and your e-mail address. Prevx uses the personal data you provide when you use this Site to provide the information, services and products you request. For example, we may use your e-mail address to respond to your comments and questions. In some cases, the site may allow registration to promotional events; we will use your email or mailing address to provide brochures, maps and event information.

Prevx also uses the personal information collected through this Site to improve the content and functionality of this Site, to better understand our customers and markets, to improve our products and services and to market our products and services to our customers and potential customers, including those who are registered users of this Site. From time to time, we may contact you with information about our products and services. If you do not want us to contact you for such purposes, please notify us.

Click-Stream Data

Prevx uses technology to track your use of this Site, for example, which pages you view and which links you use. This information about your use of this Site is called "click-stream data." Click-stream data helps us determine what is important to you, and what is not. It helps us decide what content and features to add and what to discard. It also helps us determine whether our Site is easy to use or whether we need to redesign certain pages and links. Click-stream data does not identify you personally. If Prevx links any click-stream data to your personal name we will treat it as personal data.

Cookies

We may obtain information about you by installing our own marker on your computer. This marker is commonly called a "cookie" and it enables us to know you by a computer-generated, unique identifier. By providing you a unique identifier, we are able to create a database of your previous choices and preferences, and in situations where those choices or preferences need to be collected again, they can be supplied by us automatically, saving you time and effort. For example, after you purchase a product once, if you need to purchase it again your previous selection of options will be retained and can be re-entered more quickly. Your computer may be specially configured to reject cookies: please refer to your browser for more information.

Disclosure of Personal Data to Our Affiliates
Prevx shares personal data collected through this Site with its affiliates, who may use the information in the same ways as Prevx may use the information. If you do not want Prevx to share your personal information with its affiliates, please notify us.

-{ Quote: "Good catch :) We'll knock that over a few pixels so it fits properly :thumb:" }-

That's right, I see those small bugs and details. ;D :P :)

That privacy policy applies only to the website and is there primarily for legal reasons. We don't mine any data, basically all that says is: if you provide us with information, we can use it to help you.

-{ Quote: "That's right, I see those small bugs and details. ;D :P :)" }-
Me too - it drives me mad :D

A larger font was forced on us, even though Joe and I argued for a smaller one under the scan stats. I guess us sitting 3 inches away from the screen all day does that ;)

-{ Quote: "Me too - it drives me mad :D

A larger font was forced on us, even though Joe and I argued for a smaller one under the scan stats. I guess us sitting 3 inches away from the screen all day does that ;)" }-
You may want to change the text on the self protection screen... "This option may result in incompatibilities of you are using multiple other security products" clearly, should be "This option may result in incompatibilities of you are using multiple security products" or "This option may result in incompatibilities of you are using other security products"

I see nothing wrong with what it says in the product now. What is wrong is that you keep writing "of" all the time in that sentence.

-{ Quote: "You may want to change the text on the self protection screen... "This option may result in incompatibilities of you are using multiple other security products" clearly, should be "This option may result in incompatibilities of you are using multiple security products" or "This option may result in incompatibilities of you are using other security products"" }-

Thanks for the suggestion :) It will be in the next build.

-{ Quote: "You may want to change the text on the self protection screen... "This option may result in incompatibilities of you are using multiple other security products" clearly, should be "This option may result in incompatibilities of you are using multiple security products" or "This option may result in incompatibilities of you are using other security products"" }-

Oh, right, now I see your point, but you still write "of"! ;D Good catch.

-{ Quote: "It seems that the right-click scanning is broken for executable files (3.0.1.56). I tried reinstalling but the problem still persists. It works for non-executable files (ie. archives, documents, etc.)." }-
Can anyone from Prevx confirm this?

-{ Quote: "Can anyone from Prevx confirm this?" }-

Are you receiving an "Open" dialog or an "Open With" dialog? In some cases if you download an executable from the internet or another computer, Windows adds a flag which forces it to show that dialog - we use a method different from other AVs for the right click scanning which has no overhead (as opposed to 1+ MB of overhead) but it does have a few caveats.

We have received a number of complaints about this, however, so we are working on a way that would be best for all users (possibly an on-demand feature download of the more advanced right click scanning).

-{ Quote: "Are you receiving an "Open" dialog or an "Open With" dialog? In some cases if you download an executable from the internet or another computer, Windows adds a flag which forces it to show that dialog - we use a method different from other AVs for the right click scanning which has no overhead (as opposed to 1+ MB of overhead) but it does have a few caveats.

We have received a number of complaints about this, however, so we are working on a way that would be best for all users (possibly an on-demand feature download of the more advanced right click scanning)." }-
I am receiving the "Open File" dialog.

EDIT: I think you are right about Windows adding a flag (XP). Some executable files I have from when I was still using Vista, the right-click scanning works just fine.

-{ Quote: "I am receiving the "Open File" dialog.

EDIT: I think you are right about Windows adding a flag (XP). Some executable files I have from when I was still using Vista, the right-click scanning works just fine." }-

When I scan an exe, it either scanns it as you would expect, or I get an "Open File" security dialogue.

If I scan say the exe for Zemana "Antilogger.exe" it scans it in the expected way. If I scan an install file eg the setup exe for an app, it gives me the "Open File" dialogue

******************edit******************
This does not seem to be aa rule - just scanned the setup exe for another app and it scanned in the normal way - withouy the Open File dialogue.

-{ Quote: "Has anyone tried using Prevx3 as the sole protection?
" }-

fwiw : Prevx3 (& Prevx2 concurrently) since pre-release last Nov.... (long boring story + reasons - ask Joe!<vbg>)
Sitting on XP Pro SP3 Guest running in a VM on Mac Tiger 10.4.11 host.....:

Hi joe 2 things about some problem on "my" thread about Prevx (now 3.0;D )
a) we have the same problem about right click every file (pdf, exe, doc..), we can't scan with Prevx but clicking scan with Prevx 3.0 we receive the open file dialog. Conclusion right click scan doesn't work
b) on the Italian version of Prevx moving mouse over the prevx icon on the traybar we can see a message sayng : Previx3.0.1.56^%skinstring1(*STRING6*)%^^ansistring2...
I specify the Italian version 'cause i don't know if the english v. have the same problem.
Thanks

-{ Quote: "Hi joe 2 things about some problem on "my" thread about Prevx (now 3.0;D )
a) we have the same problem about right click every file (pdf, exe, doc..), we can't scan with Prevx but clicking scan with Prevx 3.0 we receive the open file dialog. Conclusion right click scan doesn't work
b) on the Italian version of Prevx moving mouse over the prevx icon on the traybar we can see a message sayng : Previx3.0.1.56^%skinstring1(*STRING6*)%^^ansistring2...
I specify the Italian version 'cause i don't know if the english v. have the same problem.
Thanks" }-

a) I believe this will be fixed in the next update (due out shortly)
b) looks like an Italian version problem - I'm investigating it now and we should have it sorted shortly as well :)

Thanks for the report! (or should I say Grazie ;D)

-{ Quote: "a) I believe this will be fixed in the next update (due out shortly)
b) looks like an Italian version problem - I'm investigating it now and we should have it sorted shortly as well :)

Thanks for the report! (or should I say Grazie ;D)" }-

Prego (you're welcome ;D )

Thanks Joe, you are realy speedy gonzales

Hi!

Just noticed an extremely nasty FP with Prevx v3.0.1.56..

Prevx detects CE-Infosys Free CompuSec whole disk encryption software MBR loader as malicious. If user allows Prevx to modify the MBR, the whole encrypted disk is in danger. Could you please check it asap?

Here's a link to CompuSec's download page:

http://www.ce-infosys.com/english/downloads/free_compusec/index.html

-{ Quote: "Hi!

Just noticed an extremely nasty FP with Prevx v3.0.1.56..

Prevx detects CE-Infosys Free CompuSec whole disk encryption software MBR loader as malicious. If user allows Prevx to modify the MBR, the whole encrypted disk is in danger. Could you please check it asap?

Here's a link to CompuSec's download page:

http://www.ce-infosys.com/english/downloads/free_compusec/index.html" }-

We're investigating this now - could you please send a scan log from the system which produced the FP to the email address I've sent you in a PM? We should be able to correct the FP centrally.

We'll be analyzing the MBR which they are using as well to prevent this from happening in the future.

Joe,
Have installed the newly released Online Armor 3.5.0.9 on a clean snapshot and downloaded Prevx 3.0 beta 60 and the initial scan gave these FP(?)
Screenshots of scan result and detection overrides after right clicking and reporting as FP's. Note - 4 on one and only 3 on the other ???
Check your PM,s in a little while for the scan results:
Edit - sent e-mail instead

-{ Quote: "Joe,
Have installed the newly released Online Armor 3.5.0.9 on a clean snapshot and downloaded Prevx 3.0 beta 60 and the initial scan gave these FP(?)
Screenshots of scan result and detection overrides after right clicking and reporting as FP's. Note - 4 on one and only 3 on the other ???
Check your PM,s in a little while for the scan results:
Edit - sent e-mail instead" }-

Thanks for the report - I'm going to work with our research team to try and come to solution that will prevent us from FPing on every OA build :what:

Looking at that again - there is actually only one file which is the FP - oaui.exe, the rest are entries pointing to that file. This may be a bug on our end with the FP reporting - we'll investigate this shortly as well :)

-{ Quote: "Hi!

Just noticed an extremely nasty FP with Prevx v3.0.1.56..

Prevx detects CE-Infosys Free CompuSec whole disk encryption software MBR loader as malicious. If user allows Prevx to modify the MBR, the whole encrypted disk is in danger. Could you please check it asap?

Here's a link to CompuSec's download page:

http://www.ce-infosys.com/english/downloads/free_compusec/index.html" }-

Thanks - managed to track down the data and fixed it :) You should be able to run another scan.

For what its worth - the MBR protection looks for any obfuscation to the MBR and reports it if it doesn't completely trust it. Therefore there may be a couple cases where this "could" generate FPs but they can be fixed easily.

With the new MBR rootkit out, its better to be safe than sorry, and the FPs are easy to fix so if you see anything which looks suspicious, send them to me and I'll investigate further :)

Got 3.0.1.62 running great here! :thumb:

TH

-{ Quote: "Got 3.0.1.62 running great here! :thumb:

TH" }-

Thats 2 beta program updates in 1 day?

-{ Quote: "Thats 2 beta program updates in 1 day?" }-

Beta... soon to be live release :) We've made a number of changes to how things behave in Prevx 3.0 to make it much more logical. Its hard to describe all of the changes by themselves but as a whole the product is now much tighter integrated and smoother to use.

Have some more FPs of Windows 7 I think... Check the attached image. Do you necessarily need a scan log anyway?

-{ Quote: "Have some more FPs of Windows 7 I think... Check the attached image. Do you necessarily need a scan log anyway?" }-

No, I can go off of the one you sent earlier :) There are just a few thousand files to work through :blink:

Well, then you've something to do tonight! ;D :D :P

Better bring some guys along and you can have a special "party". :blink: :wacko: ;D

-{ Quote: "Well, then you've something to do tonight! ;D :D :P

Better bring some guys along and you can have a special "party". :blink: :wacko: ;D" }-

Done - FPs fixed and your scan should also be much faster now as we don't have to read behavioral data from each file anymore :)

Question/Suggestion, Previous beta build cut of full screen app to notify the update, i havent seen that with other build before. Not a bad thing though id like it if the window would stay open and fade away till after i have hover on it.

-{ Quote: "Beta... soon to be live release :) We've made a number of changes to how things behave in Prevx 3.0 to make it much more logical. Its hard to describe all of the changes by themselves but as a whole the product is now much tighter integrated and smoother to use." }-
Thanks Joe
realtime security and also realtime solving problems
Now scanning with right click & the other minor issue in Italian version are ok
great job man !!!!

Hi Joe,

I just installed NOD32 and I had Prevx 3.0.1.62 running with Max Protection and on reboot NOD32 deleted C:\Program Files\Prevx\Prevx.exe before I put it in the NOD32 Exclusions list! Just wondering if this should of happened?

TH

-{ Quote: "Hi Joe,

I just installed NOD32 and I had Prevx 3.0.1.62 running with Max Protection and on reboot NOD32 deleted C:\Program Files\Prevx\Prevx.exe before I put it in the NOD32 Exclusions list! Just wondering if this should of happened?

TH" }-

Ideally no... it appears that NOD32 has a FP against us again.

v3.0.1.62 is now live but we'll hold off pushing it out as an update until they correct the FP.

-{ Quote: "Ideally no... it appears that NOD32 has a FP against us again.

v3.0.1.62 is now live but we'll hold off pushing it out as an update until they correct the FP." }-

I was tring to say that with protection set to max should NOD32 be able to remove Prevx 3.0?

-{ Quote: "Question/Suggestion, Previous beta build cut of full screen app to notify the update, i havent seen that with other build before. Not a bad thing though id like it if the window would stay open and fade away till after i have hover on it." }-

Joe, u think this will make it into the next build? That is if you think its ok

-{ Quote: "I was tring to say that with protection set to max should NOD32 be able to remove Prevx 3.0?" }-

U mean selfprotect mechanisme

-{ Quote: "U mean selfprotect mechanisme" }-

Yes sir!

-{ Quote: "I was tring to say that with protection set to max should NOD32 be able to remove Prevx 3.0?" }-

NOD32 is loaded at the kernel level so it is able to remove us regardless of how strong our self protection is. (And vice versa ;D We can remove NOD32 if we really wanted to, but I'd imagine it would result in some anti-competitive lawsuits :))

Self protection is effective for programs in usermode - once something can get into kernel mode all bets are off, and, at that point, it shouldn't even bother trying to disable the AV because it basically has free reign, which is why some of our protection like the new MBR rootkit scanning can sometimes be a bit overly suspicious - if something malicious does infect the MBR, it can control literally anything going on in the system and there is very little anyone can do about it if they are directly targeted by the attack.

-{ Quote: "NOD32 is loaded at the kernel level so it is able to remove us regardless of how strong our self protection is. (And vice versa ;D We can remove NOD32 if we really wanted to, but I'd imagine it would result in some anti-competitive lawsuits :))

Self protection is effective for programs in usermode - once something can get into kernel mode all bets are off, and, at that point, it shouldn't even bother trying to disable the AV because it basically has free reign, which is why some of our protection like the new MBR rootkit scanning can sometimes be a bit overly suspicious - if something malicious does infect the MBR, it can control literally anything going on in the system and there is very little anyone can do about it if they are directly targeted by the attack." }-

Thanks for the info! ;)

Talk about fast changes, go to bed, wake up, go on line and I read the prevx thread and note that we have had these changes > 3.0.1.60 > 3.0.1.62. The update went as smooth as silk, compared to the previous one, as referred to here > http://www.wilderssecurity.com/showpost.php?p=1447199&postcount=3530

No problems with, i.e. right click, as reported by others quite recently, and by me even earlier. ;D

-{ Quote: "Joe, u think this will make it into the next build? That is if you think its ok" }-

We've moved to a completely silent automatic upgrade process to save some user confusion on upgrades so for now we won't have a feature to show the GUI after the upgrade but we can definitely add it as an option in the future :)

-{ Quote: "Done - FPs fixed and your scan should also be much faster now as we don't have to read behavioral data from each file anymore :)" }-

Seriously, Joe... you fixed a few thousand files on a little more than one hour, or did you get a little help? :wacko: :blink: ;D

Seems like I didn't need to remove the overrides - they weren't there when I manually upgraded, seeing that there's a new version out (and I don't run NOD ;D). :blink: Is it supposed to be like that?

-{ Quote: "We've moved to a completely silent automatic upgrade process to save some user confusion on upgrades so for now we won't have a feature to show the GUI after the upgrade but we can definitely add it as an option in the future :)" }-

Does that mean I shouldn't be seeing the Status-popup during an automatic prog. update? ;D

I see PrevX Enterprise has now been released with a LAN management server option.

I asked a little while back but will ask again - if I have clients which are servers that spend their lives buzzing away serving files/services/applications but sat at the ctrl-alt-del screen, what protection would PrevX provide?

It seems a neat bit of software but if it still only monitors/deals with problems when someone is physically logged on a machine it's a huge gap for me on the server side of things.

-{ Quote: "We've moved to a completely silent automatic upgrade process to save some user confusion on upgrades so for now we won't have a feature to show the GUI after the upgrade but we can definitely add it as an option in the future :)" }-

Yes please do, personally i dont feel 100% silence operation is the way to go, a user needs to know that their security is functioning - update and detection,etc. popups are a must

-{ Quote: "Seriously, Joe... you fixed a few thousand files on a little more than one hour, or did you get a little help? :wacko: :blink: ;D

Seems like I didn't need to remove the overrides - they weren't there when I manually upgraded, seeing that there's a new version out (and I don't run NOD ;D). :blink: Is it supposed to be like that?" }-

I did have help ;D The overrides are now automatically removed when the FPs are corrected (if the override fixes a bad > good) :)

-{ Quote: "I see PrevX Enterprise has now been released with a LAN management server option.

I asked a little while back but will ask again - if I have clients which are servers that spend their lives buzzing away serving files/services/applications but sat at the ctrl-alt-del screen, what protection would PrevX provide?

It seems a neat bit of software but if it still only monitors/deals with problems when someone is physically logged on a machine it's a huge gap for me on the server side of things." }-

We still don't have this support in yet - it will take some time but we are working on it as this is definitely a deciding factor for a number of enterprise users looking for protection on a server.

-{ Quote: "Does that mean I shouldn't be seeing the Status-popup during an automatic prog. update? ;D" }-

:-\ You "shouldn't" but that sentence makes it sound like you are ??? ;D

-{ Quote: "I did have help ;D The overrides are now automatically removed when the FPs are corrected (if the override fixes a bad > good) :)" }-

Ah, that's really cool - and great. ;D :D

About the status thing, I'm not sure, but like you've seen from my posts, I've experienced it many times though I shouldn't. 8) Same thing as that I was the only one not getting automatic updates before when we tested. ;D

Hi and hope this is not posted in the wrong place. I just received the auto upgrade to Prevx 3.0.1.62.;D So that is great. Right before that I downloaded a firewall test from pcflank.com. When I tried to open it PrevxEdge RED, says medium malware risk, so I blocked it. Is this firewall test unsafe? Thanks, and I LOVE Prevx.;D

-{ Quote: "Hi and hope this is not posted in the wrong place. I just received the auto upgrade to Prevx 3.0.1.62.;D So that is great. Right before that I downloaded a firewall test from pcflank.com. When I tried to open it PrevxEdge RED, says medium malware risk, so I blocked it. Is this firewall test unsafe? Thanks, and I LOVE Prevx.;D" }-
No the PCFlank test isn't malicious,but it does exhibit similar traits to malware in it's function (it's trying to break into your system).;)

;D ;) I see Andyman35; makes sense to me.;D Kind of like the relationship with my dog and the meter reader.;D Thanks

I did a scan tonight and got a pop up message 'Proactive Defense'....
Suspicious action....'Suspicious driver installation.

Running process (PID: 2616)
C:\WINDOWS\Temp\pxinstall812.exe

I have had the Edge installed and operating fine for a month now with the icon in the task bar and now this???

Icon has disappeared? is this the driver for the Edge and if it is I can't understand why I have been successfully scanning all the way up until now and then get this error.
I hope a member can assist, thank you.
As I don't know whether to 'allow', deny or add to trusted zone as the description after the Pop Up 'Proactive Defense" says:
' Process is trying to install driver and gain full access to operating system. Security control will not be available anymore. ????????
I do not understand what is occurring nor what I should do.

I am no tech whiz !

Running Kaspersky A/V vers. 7.00.125, xp sp2 and no other spyware apps just the new PrevX Edge.

I did a Kaspersky scan vers. 7 and the above problem in my prior thread disappeared??
Any ideas?
Thank you

-{ Quote: "I did a Kaspersky scan vers. 7 and the above problem in my prior thread disappeared??
Any ideas?
Thank you" }-

Hello,
This looks like a Kaspersky FP - there really isn't anything which we can do to stop it unfortunately, but you may want to try submitting it to them or disable their protection and download the newest version of Prevx 3.0 from our website and install it fresh from there.

-{ Quote: "Hello,
This looks like a Kaspersky FP - there really isn't anything which we can do to stop it unfortunately, but you may want to try submitting it to them or disable their protection and download the newest version of Prevx 3.0 from our website and install it fresh from there." }-


Not technically a FP, and they will not correct this detection because it is a straight behavioural detection via the proactive defense module... when an app attempts to install a driver (such as security software, cpu-z does too) Kaspersky will alert to that driver installation in certain circumstances... as you well know rkits also install drivers to disable security software and mask their presence on a system...bagle and clb are two examples that spring to mind pretty much straight away. Simple thing to do in this case if you trust the app is to allow the driver installation.

If I am not mistaken upgrading to the lastest version (Kaspersky V8.0/2009) will prevent such occurences because digitally signed files should not trigger such alerts.

-{ Quote: "Not technically a FP, and they will not correct this detection because it is a straight behavioural detection via the proactive defense module... when an app attempts to install a driver (such as security software, cpu-z does too) Kaspersky will alert to that driver installation in certain circumstances... as you well know rkits also install drivers to disable security software and mask their presence on a system...bagle and clb are two examples that spring to mind pretty much straight away. Simple thing to do in this case if you trust the app is to allow the driver installation.

If I am not mistaken upgrading to the lastest version (Kaspersky V8.0/2009) will prevent such occurences because digitally signed files should not trigger such alerts." }-

I'm no expert, so this is only a question and nothing else - is it safe to exclude all the stuff that's a digital signature? I know that's not the only thing Kaspersky goes on, but also "danger rating", but Microsoft had this approach with OneCare and got deeply criticized. Is it because Kaspersky is not only checking that which makes it safe for them to do?

-{ Quote: "I did a Kaspersky scan vers. 7 and the above problem in my prior thread disappeared??
Any ideas?
Thank you" }-
This happens on my rig periodically. I always accept (as I trust Prevx) and this allows me to register an override under 'Threats and Exclusions'. The other thing that I have doen is to make sure that all Prevx components are registered under the 'Trusted' tab (as I do trust Prevx).

Seems to work for me. ;D

-{ Quote: "I'm no expert, so this is only a question and nothing else - is it safe to exclude all the stuff that's a digital signature? I know that's not the only thing Kaspersky goes on, but also "danger rating", but Microsoft had this approach with OneCare and got deeply criticized. Is it because Kaspersky is not only checking that which makes it safe for them to do?" }-


The digital sig thing doesn't exclude a file from all the checks- there is too much detail to go into here (and too much that I don't know about myself) to describe it properly, but apart from having a regularly updated blacklist of "bad" signatures which not to trust other factors such as the danger rating you mention and the execution chain (e.g. what started the signed file) play a part. You can also disable this option in the PD settings, and it does not affect the working of HIPS which is entirely seperate from the proactive defense part of KAV/KIS

-{ Quote: "The digital sig thing doesn't exclude a file from all the checks- there is too much detail to go into here (and too much that I don't know about myself) to describe it properly, but apart from having a regularly updated blacklist of "bad" signatures which not to trust other factors such as the danger rating you mention and the execution chain (e.g. what started the signed file) play a part. You can also disable this option in the PD settings, and it does not affect the working of HIPS which is entirely seperate from the proactive defense part of KAV/KIS" }-

I would suppose the Automatic Mode is still a part of KIS/KAV. Does it have more optimal settings compared to before, e.g. detection of the adware category and is the operation more seemless and secure?

I'm asking this as I feel I might still wanna test the new 2010. :)

X Joe
as I can read on your web page :
"Prevx 3.0 also has improved malware detection and malware removal abilities which benefits ALL Prevx customers - including free malware removal of the latest "MBR Rootkit" infections which other leading security programs cannot even detect."
In case the latest MBR Rootkit was detected on the pc of a free user He can block & erase the infection, alias on the advise the "block" button of the alert is working?
We have see an user with the "Possible MBR rootkit infection" but with button block grey
Unfortunatelly he don't ask something on "my" italian thread so I can't see if is a FP or
his infection is not depending for the latest MBR rootkit >:(

-{ Quote: "X Joe
as I can read on your web page :
"Prevx 3.0 also has improved malware detection and malware removal abilities which benefits ALL Prevx customers - including free malware removal of the latest "MBR Rootkit" infections which other leading security programs cannot even detect."
In case the latest MBR Rootkit was detected on the pc of a free user He can block & erase the infection, alias on the advise the "block" button of the alert is working?
We have see an user with the "Possible MBR rootkit infection" but with button block grey
Unfortunatelly he don't ask something on "my" italian thread so I can't see if is a FP or
his infection is not depending for the latest MBR rootkit >:(" }-

That's a realtime detection which "could" be caused from a legitimate modification (which is why it reads Possible rather than Rootkit.MBR). If you have him run a scan, it should see if the rootkit is really a hidden rootkit or if it was just a normal modification.

-{ Quote: "That's a realtime detection which "could" be caused from a legitimate modification (which is why it reads Possible rather than Rootkit.MBR). If you have him run a scan, it should see if the rootkit is really a hidden rootkit or if it was just a normal modification." }-

yes I know but he isn't online so I can't help him >:(

But for other free user, Prevx 3.0 free ,block and remove the last MBR rootkit via "Block" button?

-{ Quote: "yes I know but he isn't online so I can't help him >:(

But for other free user, Prevx 3.0 free ,block and remove the last MBR rootkit via "Block" button?" }-

There are two separate kinds of MBR detection - the realtime detection will not have an active block button but the user can run a scan which will detect and clean any change made.

The realtime detection is more of a "notification" than a real detection of an infection so we differentiate between the two - for instance, if you are changing disk partitions, you may receive an MBR warning because the partition table would have changed - it doesn't necessarily mean that there is an infection, while the scan reporting a MBR rootkit does indeed mean there is an infection :)

Hope that helps! ;D

-{ Quote: "There are two separate kinds of MBR detection - the realtime detection will not have an active block button but the user can run a scan which will detect and clean any change made.

The realtime detection is more of a "notification" than a real detection of an infection so we differentiate between the two - for instance, if you are changing disk partitions, you may receive an MBR warning because the partition table would have changed - it doesn't necessarily mean that there is an infection, while the scan reporting a MBR rootkit does indeed mean there is an infection :)

Hope that helps! ;D" }-
yes I know, I receive the same alert performing an Acronis Image, the same happens with Macrium Reflect or Ghost, obviously they acces MBR for their job.
I hope that he come back to the site before formatting but I think is too late ;D

P.S. I want personally say a big THANKS to Prevx 'cause this IT World people only think on $$$ but you are different, I hope users understand this
Microsoft aka M$ want $$ even for Office language kit brazilian, even if you have the portuguese release cause brazilian (some difference) is not in the same pack !!!

The answer may already be in this thread but I want the following questions in isolation and have a clear answer.

I will be swapping my old laptop hard drive for a new one in a few days.

1) If I simply image the old drive, physically swap the drives and restore the image to the new drive, will my Prevx license on that machine be intact?

2) If answer to 1) is no, will disabling the license for that machine in MyPrevx prior to the imaging and then re-enabling the license after restoring the image on the new drive be the right course?

-{ Quote: "The answer may already be in this thread but I want the following questions in isolation and have a clear answer.

I will be swapping my old laptop hard drive for a new one in a few days.

1) If I simply image the old drive, physically swap the drives and restore the image to the new drive, will my Prevx license on that machine be intact?

2) If answer to 1) is no, will disabling the license for that machine in MyPrevx prior to the imaging and then re-enabling the license after restoring the image on the new drive be the right course?" }-

1) I believe yes
2) Definitely yes :) If 1 fails, you can use MyPrevx at any time to disable/re-enable the license and move it to the new computer.

Let me know if you run into any problems with this and I'll fix them for you :)

-{ Quote: "1) I believe yes
2) Definitely yes :) If 1 fails, you can use MyPrevx at any time to disable/re-enable the license and move it to the new computer.

Let me know if you run into any problems with this and I'll fix them for you :)" }-:thumb: Sounds good. Thank you very much, Joe.

klif.sys from Kaspersky's new KIS 2010 beta was detected as "medium risk malware."

I went back to my previous image because I had problems with the beta, but I can send a log.

Is 3.0.1.62 the latest Edge version?
That is what I have installed.
I don't use beta versions as I am not tech oriented.
Thank you.

-{ Quote: "Is 3.0.1.62 the latest Edge version?
That is what I have installed.
I don't use beta versions as I am not tech oriented.
Thank you." }-

Yes, 3.0.1.62 is the newest official Edge version (and beta version :))

Thx for the reply. Is this the most stable version...........one and only version. I am not techie equipped to do beta without getting computer headaches !:o
Cheers.

Will there be one day a version of PrevX which will not just show "Medium Risk Malware", but shows the real name of the malware, so we can easier research? I know, it might be in the logs, but...

It would be nice, if it is user adjustable where notifications appears. Now it stay under sidebar and other program windows. At least it should be adjustable which corner is used to notifications.
http://neko.1g.fi/temp/prevx01.png

-{ Quote: "Will there one day a version of PrevX which will not just show "Medium Risk Malware", but shows the real name of the malware, so we can easier research?" }-


I sure hope not, that has to be the biggest waste of time and resources in the industry today and then on top of that, no one entity can agree on a common naming system.

-{ Quote: "I sure hope not, that has to be the biggest waste of time and resources in the industry today and then on top of that, no one entity can agree on a common naming system." }-

Just something like "Keylogger", "Trojan" etc.

I like more the approach of "Your front breaks are not working" instead of "Something is wrong with your car" - BRING TO SHOP or NEVERMIND.
Maybe its a FP and we just need some gas... hope you know what I mean with this stupid example...

lol@checkengine light....point made and taken ;)

This particular decision was made before I got there but I totally support the reasoning used.

Usually if Prevx detects it and its on something like virustotal, there is a link to the website which provides me with alot more information than a name does.

For me its personal, I need only know its malware, if its a FP, names dont make a bit of difference, then its only a FP with a bad name. :)

-{ Quote: "Yes, 3.0.1.62 is the newest official Edge version (and beta version :))" }-The right click context menu does not work in version 3.0.1.62. When I use it, it get the standard window box "Choose the program you want to open this file."

Is this a bug or is something wrong with my setup?

Many thanks

-{ Quote: "The right click context menu does not work in version 3.0.1.62. When I use it, it get the standard window box "Choose the program you want to open this file."

Is this a bug or is something wrong with my setup?

Many thanks" }-

An uninstall and reinstall of Prevx fixed that issue for me (as well as others here)
Was not just with 3.0.1.62 but with other versions also.

If I scan my HDD, and it find something, I then can a) Scan the PC again or b) Cleanup. When I click Cleanup, the PC is scanned again, and the same result appear, but then the cleanup works. Why twice scanning?

-{ Quote: "If I scan my HDD, and it find something, I then can a) Scan the PC again or b) Cleanup. When I click Cleanup, the PC is scanned again, and the same result appear, but then the cleanup works. Why twice scanning?" }-

Depending on the time between the original scan and cleanup and the other programs running on the system, the scanner may identify that it is necessary to run another scan to ensure it is seeing everything the first time around if new threats have entered the system.

-{ Quote: "An uninstall and reinstall of Prevx fixed that issue for me (as well as others here)
Was not just with 3.0.1.62 but with other versions also." }-
Unfortunately, a simple reinstall is not enough to fix the problem (at least for me). It works on some files, but it doesn't on others.

Ambient_88,

Try the following;
In Settings > Basic configuration uncheck the option "Enable Right Click scanning in Windows Explorer".

Save Changes!

Now check the same option again and save changes again.

-{ Quote: "klif.sys from Kaspersky's new KIS 2010 beta was detected as "medium risk malware."

I went back to my previous image because I had problems with the beta, but I can send a log." }-
Strange??? I am beta testing KIS 2010 and have yet to see this at all. Have .62 installed and it has not even peeped at the new version of KIS. ???

-{ Quote: "Ambient_88,

Try the following;
In Settings > Basic configuration uncheck the option "Enable Right Click scanning in Windows Explorer".

Save Changes!

Now check the same option again and save changes again." }-
That's the first thing I tried before reinstalling it; both doesn't resolve the problem. It still works on some but not on other files.

-{ Quote: "Ambient_88,

Try the following;
In Settings > Basic configuration uncheck the option "Enable Right Click scanning in Windows Explorer".

Save Changes!

Now check the same option again and save changes again." }-

Thanks, that fixed it for me.

well after running 8 apps in FD-ISR, it is apparent that Prevx 3.0 has the edge on all of them. Still totally sold on it.:thumb:

-{ Quote: "well after running 8 apps in FD-ISR, it is apparent that Prevx 3.0 has the edge on all of them. Still totally sold on it.:thumb:" }-

Untill the next toy comes around LOL ;D

-{ Quote: "Strange??? I am beta testing KIS 2010 and have yet to see this at all. Have .62 installed and it has not even peeped at the new version of KIS. ???" }-

Happened to me when installing version 9.0.0.313.

Joe,

Getting a false positive with sbiedrv.sys - the driver from a new sandboxie version release. Zip of scan log sent yesterday.

Also, whenever I launch my browser sandboxed, why would I see Prevx consistently scan 2 of the files related to SBIE? Shouldn't I expect to only see that once in the notifications popup?

Thanks,
Mark.

Couple of issues with prevx 3.0.1.62:

1. It doesn't always appear in my system tray so I don't know if it is running. Even after clicking on it from the start menu it still doesn't go into the sys tray. This used to happen with Edge 3.0 as well but I could see it was running by looking in windows security centre. But...
2. Since upgrading from Edge 3.0 my Windows security centre no longer recognises that I have any security running (worked with Edge) so I had to switch of the annoying security warnings - but this also means I can't tell if Prevx is running when issue 1. happens.

Windows Vista 32 bit laptop.

I am really tired of the FP issue, period. We were told that Prevx had created a whole new way to combat this issue and things got worse. I dont know about you folks but I really feel like we are the test bed. Prevx you can have all the great customer service in the world, but there is a problem that has not been fixed and until you do it is a shame to claim it is.:thumbd:

-{ Quote: "I am really tired of the FP issue, period. We were told that Prevx had created a whole new way to combat this issue and things got worse. I dont know about you folks but I really feel like we are the test bed. Prevx you can have all the great customer service in the world, but there is a problem that has not been fixed and until you do it is a shame to claim it is.:thumbd:" }-

I'm still hesitating because of the FPs and the delay when starting things that are new to their db. That can be a lot in my case - slower than the slowest AV I'm pretty sure. Then it'll also start a scheduled scan in the most inappropriate situations.

Well sorry for venting and it has come a ways, but to me, there is no way in hell it can make the claims it does. Maybe one day, but right now, it makes Avira FP rate look good.

Vipre is nice.

-{ Quote: "Well sorry for venting and it has come a ways, but to me, there is no way in hell it can make the claims it does. Maybe one day, but right now, it makes Avira FP rate look good.

Vipre is nice." }-

I still have a license, but I'm thinking about uninstalling the software as it's too slow and intrusive in my everyday-operation. I don't really care if the license keeps ticking - I won't use something I don't like.

I've not completely made up my mind, but if I want to, PrevxHelp, is it okay that I get a refund? I might use Prevx again when I find it suits me enough.

come up guys cheer up:) maybe lower the heuristic protection and get less fp;)dont ditch it yet,be patient;D maybe there is a solution coming soon

Use that refund to get Vipre, you wont regret it.;)

-{ Quote: "Use that refund to get Vipre, you wont regret it.;)" }-

Yes, I'm considering to test it instead of N360 that I'm running currently on that front - gonna see if it suits me. :) You know by now that F-Secure still doesn't for me. ;D 8)

-{ Quote: "Use that refund to get Vipre, you wont regret it.;)" }-
i dont think that vipre is better than prevx when it comes to rootkits attacks;)

Bet it is, for that matter, I think Eset is.

How fast and hard 'we' fall out of love! :'( ;D So, when all is humming along as expected (as we know it will), will there be love sonnets here? I await the bard(s)!

-{ Quote: "How fast and hard 'we' fall out of love! :'( ;D So, when all is humming along as expected (as we know it will), will there be love sonnets here? I await the bard(s)!" }-
Awesome!

Originally Posted by brihy1
running a backup with macrium reflect free prevx edge gets disabled?
running prevx edge,windows firewall
vista basic
-{ Quote: "I'm not sure why it would and I'm unfamiliar with macrium reflect free, but I'll forward it onto our QA team to see if they can find anything :)" }-


any news on this or is anyone here using macrium reflect free have this issue?

-{ Quote: "How fast and hard 'we' fall out of love! :'( ;D So, when all is humming along as expected (as we know it will), will there be love sonnets here? I await the bard(s)!" }-

I'm with you :argh: I like the addition of Prevx, works very well with NOD32! ;)

just remember, girlfriends are a dime a dozen.:dry:

just run a free scan with prevx 3 and it found these

rtg3.17.exe local/temp
x.246.exe system32

any ideas if they are false positives

-{ Quote: "well after running 8 apps in FD-ISR, it is apparent that Prevx 3.0 has the edge on all of them. Still totally sold on it.:thumb:" }-
18 Hours later:
-{ Quote: "I am really tired of the FP issue, period. We were told that Prevx had created a whole new way to combat this issue and things got worse. I dont know about you folks but I really feel like we are the test bed. Prevx you can have all the great customer service in the world, but there is a problem that has not been fixed and until you do it is a shame to claim it is.:thumbd:" }-
trjam, are you sure that wasn't salt you put on your cornflakes this morning instead of sugar?
:lurking:

-{ Quote: "just remember, girlfriends are a dime a dozen.:dry:" }-

You must have more security programs than that :wacko:dime a dozen LOL

-{ Quote: "18 Hours later:

trjam, are you sure that wasn't salt you put on your cornflakes this morning instead of sugar?
:lurking:" }-

another one bite the dust ;D

the guy have no credibility....ignore him.

-{ Quote: "..the guy have no credibility....ignore him." }-well, I didn't mean it as criticism. I guess I could have made it more plain but I would be interested in trjam's comments - whas this just a FP straw that broke the camel's back or why the 180 overnight?

~snipped quote of removed post - Snap~

Trjam has been around a long time, and over that period of time I've read enough of his posts to know he's credible. He, like a lot of folks here, likes to try out a lot of security applications, and I've benefited from reading his reports.

-{ Quote: "I've not completely made up my mind, but if I want to, PrevxHelp, is it okay that I get a refund? I might use Prevx again when I find it suits me enough." }-

Yes, just let me know if you have any trouble getting a refund and I'll get it sorted :)

I disagree with the posts questioning trjam's credibility - he is a great beta tester and a user which raises valid concerns.

However, the only false positives which we have had in the last week were caused by other security software - an area which is an issue for literally any vendor. Security software historically generates more FPs on other security software because security software performs many actions very similar to rootkits and malware.

The most recent FPs reported here are from users using maximum heuristics - hardly a fair comparison when looking over an entire population.

As I've said before, FPs are relative - we have a large following on this thread and users at Wilders use a LOT of security software. Because of this, we are bound to have some FPs on their security software which embeds itself deep into the operating system. Frankly, if we DIDN'T FP on new versions of security software periodically, I'd be worried - security software is very intrusive. Vendors like ESET, eSafe, Panda, and Kaspersky have their share of FPs against us as well - its a well known problem that security software generates FPs against security software.

I just checked through the last week of posts: the FPs reported were:

mhallerman on Sandboxie (on maximum heuristics), raven211 on Windows 7 (an unreleased operating system with thousands of new programs which we now have completely whitelisted), Dark Star 72 on a brand new version of OA, the previous one was by affe on Apr 17th with the new MBR rootkit scanning because a product was used which literally "rootkitted" the MBR, so not technically a FP, and one legitimate FP before that on Apr 13th.

So in a week, we had one real FP - the rest were either security products or beta software or caused by high heuristics. I honestly don't see the problem - across our entire userbase we only see maybe 5-10 FPs reported per day, and that is on 5 million+ users... I don't really see much of a problem really :-\

I have a copy of Prevx 3 on my desktop, and one on my wife's laptop. I install new programs almost daily. I haven't had a FP in months. But I don't have the hueristics cranked up!!!!;D
Allen

i had few FP before but since few weeks ago havent got any FP , as we know we like to try many programs and make test so we cannot consider ourself as a normal user, for example i installed Prevx in my sister Laptop my dad's PC and my gf PC and so far 0 FP

Prevx :thumb:

I've had to remove several off topic posts and I don't want a repeat of those types of posts again (and you know who you are.) Talk about the software, not about each other. If you feel the need to have 'words' with someone on a personal basis, take it somewhere else.

-{ Quote: "just run a free scan with prevx 3 and it found these

rtg3.17.exe local/temp
x.246.exe system32

any ideas if they are false positives" }-


also on my daughters computer it has found 86 infections all within the reflexive arcade games it says that she is infected with r-inch.exe please help .

-{ Quote: "also on my daughters computer it has found 86 infections all within the reflexive arcade games it says that she is infected with r-inch.exe please help ." }-

If you could send me a scan log to the address I sent via email, I'll check them out - it could be a targeted file infector but I'll know with the log :)

-{ Quote: "also on my daughters computer it has found 86 infections all within the reflexive arcade games it says that she is infected with r-inch.exe please help ." }-

Hello,
I checked out the file(s) (they're all identical copies) and indeed they are malicious - it is a backdoor trojan which looks like it is dropped by a crack. Its detected by about 1/3rd of vendors on VT and I would highly recommend removing them.

Let me know if you need anything else!

-{ Quote: "Originally Posted by brihy1
running a backup with macrium reflect free prevx edge gets disabled?
running prevx edge,windows firewall
vista basic



any news on this or is anyone here using macrium reflect free have this issue?" }-

Hi brihy1, I use Macrium paid version and have never had any problems either backing up or restoring images. I only do full back ups on demand when I have made changes to the system etc and the only problem you need to look out for is if you have something like FD-ISR or Rollback Rx, then you need to uninstall them temporarily to be safe. Never had a problem with Prevx 3.0 on board or any other software.

-{ Quote: "Yes, just let me know if you have any trouble getting a refund and I'll get it sorted :)" }-

Thank you, PrevxHelp. Would you be able to handle my refund if I e-mail any details you need or so? I'm simply not sure how to do it otherwise, if it's through support, or whatever. ;D :) Just direct me or help me personally - I would choose the latter cause I really respect you, don't forget that. ;) 8)

-{ Quote: "Hi brihy1, I use Macrium paid version and have never had any problems either backing up or restoring images. I only do full back ups on demand when I have made changes to the system etc and the only problem you need to look out for is if you have something like FD-ISR or Rollback Rx, then you need to uninstall them temporarily to be safe. Never had a problem with Prevx 3.0 on board or any other software." }-

i can bakup and restore with no problems
i also only do on demand full backups but i dont know what it is but prevx gets disabled every time im running a backup,i dont know?i guess no biggie

Hi, I am a little confused reading the posts. I have what I thought was PrevX Edge and was offerred a license exchange.
I installed the new PrevX Edge which is on my task bar as a 'green icon' 3.0.162.
Then I read this thread and see its title as "The New PrevX Edge". I have Kaspersky version 7 ending in .325 and intend to keep this version b/c of colleagues who switched up to the latest version and had issues.
I am confused as to what is the latest in PrevX as I find this 'Edge' that I changed my license to works well with Kasp vers 7 mentioned above.
I now have the old PrevX on my 2 other notebooks and am wondering about what the license exchange was on this notebook and what it would be on the others?
For me this app is working fine and no false positives and I have been using Kasp and PrevX for about 2 and a half years now.
If someone could clarify, it would be greatly appreciated.
Thank you for your time.
Cheers.

-{ Quote: "Hi, I am a little confused reading the posts. I have what I thought was PrevX Edge and was offerred a license exchange.
I installed the new PrevX Edge which is on my task bar as a 'green icon' 3.0.162.
Then I read this thread and see its title as "The New PrevX Edge". I have Kaspersky version 7 ending in .325 and intend to keep this version b/c of colleagues who switched up to the latest version and had issues.
I am confused as to what is the latest in PrevX as I find this 'Edge' that I changed my license to works well with Kasp vers 7 mentioned above.
I now have the old PrevX on my 2 other notebooks and am wondering about what the license exchange was on this notebook and what it would be on the others?
For me this app is working fine and no false positives and I have been using Kasp and PrevX for about 2 and a half years now.
If someone could clarify, it would be greatly appreciated.
Thank you for your time.
Cheers." }-

Hi Wills,

Prevx CSI and EDGE were our most recent products, that have very recently been merged to form "Prevx 3.0". Any existing customers with CSI or EDGE installed should be automatically upgraded to Prevx 3.0.

The only "license swap" we currently have on offer is for customers who have our much older product "Prevx 2.0". They can currently enter their valid license key into the web page below, and be given a Prevx 3.0 replacement.
http://info.prevx.com/licenseswap.asp

I hope this clarifies things, but please don't hesitate to ask if you have any other queries.

-{ Quote: "Thank you, PrevxHelp. Would you be able to handle my refund if I e-mail any details you need or so? I'm simply not sure how to do it otherwise, if it's through support, or whatever. ;D :) Just direct me or help me personally - I would choose the latter cause I really respect you, don't forget that. ;) 8)" }-

It is through support, and I don't directly handle the refunds, but I should be able to get it expedited if support doesn't answer you swiftly :)

-{ Quote: "i can bakup and restore with no problems
i also only do on demand full backups but i dont know what it is but prevx gets disabled every time im running a backup,i dont know?i guess no biggie" }-

A guess is that the backup program may suspend other programs from writing to the harddisk to ensure the integrity of the backup, which could affect the Prevx protection (can't be sure, however ;D)

I have tried 2 send prevx.corp some malicious scriptz....
Have "U" recived it or not?


DarK Indusriez

-{ Quote: "Couple of issues with prevx 3.0.1.62:

1. It doesn't always appear in my system tray so I don't know if it is running. Even after clicking on it from the start menu it still doesn't go into the sys tray. This used to happen with Edge 3.0 as well but I could see it was running by looking in windows security centre. But...
2. Since upgrading from Edge 3.0 my Windows security centre no longer recognises that I have any security running (worked with Edge) so I had to switch of the annoying security warnings - but this also means I can't tell if Prevx is running when issue 1. happens.

Windows Vista 32 bit laptop." }-

This got buried - any advice?

http://netsecurity.about.com/od/readproductreviews/gr/prevxedge.htm?nl=1


Here is a review i found on prevx 3 and it is good reading.

-{ Quote: "This got buried - any advice?" }-
I had this for a short while as well.

In my case is was due to Vista and not Prevx.

This (http://www.colincochrane.com/post/2007/10/Windows-Vista-Disappearing-System-Tray-Icons-Fix.aspx) fix worked for me.

-{ Quote: "I've had to remove several off topic posts and I don't want a repeat of those types of posts again (and you know who you are.) Talk about the software, not about each other. If you feel the need to have 'words' with someone on a personal basis, take it somewhere else." }-
Well said! Fully agree! :thumb: :thumb:

-{ Quote: "http://netsecurity.about.com/od/readproductreviews/gr/prevxedge.htm?nl=1


Here is a review i found on prevx 3 and it is good reading." }-

Its worth noting that this review is about one of the first releases of Edge and since then we have made significant amounts of changes, correcting the GUI issues they mention and the self protection complaints :)

-{ Quote: "I had this for a short while as well.

In my case is was due to Vista and not Prevx.

This (http://www.colincochrane.com/post/2007/10/Windows-Vista-Disappearing-System-Tray-Icons-Fix.aspx) fix worked for me." }-

This fix does tend to work, but if it doesn't, could you let me know what other security programs you're using? There may be some negative interaction going on preventing all of the components of Prevx 3.0 from loading.

-{ Quote: "correcting the GUI issues they mention" }-
How about my proposal:
-{ Quote: "It would be nice, if it is user adjustable where notifications appears. Now it stay under sidebar and other program windows. At least it should be adjustable which corner is used to notifications.
http://neko.1g.fi/temp/prevx01.png" }-

There is not much point of these notifications now for me at least.

-{ Quote: "How about my proposal:


There is not much point of these notifications now for me at least." }-

Yes, this is true - I'll ensure that we add a feature to remember the last position of the scan dialog so that the user can change where it goes :)

Thanks for the suggestion!

I guess PrevX use the screen resolution to determine to bottom/right instead of using the desktop rectangle for that (desktop client rect)... but anyway, its fine for me where it is now.

btw: greetings from San Francisco ;D http://www.prevx.com/blog/127/RSA-Conference-.html

-{ Quote: "btw: greetings from San Francisco ;D http://www.prevx.com/blog/127/RSA-Conference-.html" }-
So, you like making any money out there.;D

i am running kaspersky internet security 2009 and have a licence for prevx 3 without realtime, which i think should be enough protection.

If i bought real time upgrade will they run toegther ok

i dont really want to give up on kaspersky as i am not convinced about windows firewall, unless anyone can reccomend a firewall to run with prevx 3 with realtime

Marco, looks good.

I know how much planning is usually involved with getting all the promo material, equipment, and presentations ready. Good luck with the rest of the conference. :thumb:

-{ Quote: "This fix does tend to work, but if it doesn't, could you let me know what other security programs you're using? There may be some negative interaction going on preventing all of the components of Prevx 3.0 from loading." }-
I'll give it a try next time it happens.
Any advice on getting Windows security centre to recognise prevx3? It was fine with edge.
Thanks

I sent to support yesterday - yet to receive an answer to my query. Joe, could you please take a look at how it goes? I don't want this process to take a long time... :-\

Personally I don't understand the previous comments about high number of f/p's presented earlier in this thread. I have seen no such thing, even though I run with increased heuristics here.

I quess I'm more of a regular user then :) in my case, I've had quite pleasant user experience. In fact even the whole upgrade from from Edge to 3.0 went by w/o me even noticing it. That is good :) I am running Kaspersky IS here.

Probable FP see screenshot:

Prevx Scan Log - Version v3.0.1.62
Log Generated: 24/4/2009 02:23, Type: 1,8192
Windows XP Professional Service Pack 2 (Build 2600) 32bit|1033
Some non-malicious files are not included in this log.
Heuristics Settings: Age: 2, Pop: 2, Heu: 2 (Dir: 1)
Last Scan: Fri 2009-04-24 01:47:39 E. Australia Standard Time. Number of Scans: 211. Last Scan Duration: 21 minutes 42 seconds.
[BP] h:\downloads copy\downloads\siw2009-03-17.exe [PX5: 33B82D1200534C22F6D81756284E25001E600AE0] Malware Group: High Risk Worm
[U] (ACTIVE) c:\program files\opera 10.0 alpha\opera.exe [PX5: 4EFAD42D007EF469B829017B73836900EE370BD3]
[U] (ACTIVE) c:\windows\system32\drivers\dwall.sys [PX5: 7812006400885EC1E2430ACD8FCA0C009E0AEA12]
[UP] (ACTIVE) c:\program files\opera 10.0 alpha\opera.dll [PX5: E3467D9D00CF925F4E3B3BC7B5C3F9001AE5677B]
[U] (ACTIVE) c:\program files\grisoft\avg7\avgabout.dll [PX5: 34BDCFA400D8E358241B1002A638FB01A5642E6B]
[U] (ACTIVE) c:\program files\sunbelt software\vipre\vipre.dll [PX5: E6350F1D28487D4345330480B5718C00A20CE2D7]..................................

-{ Quote: "Personally I don't understand the previous comments about high number of f/p's presented earlier in this thread. I have seen no such thing, even though I run with increased heuristics here.

I quess I'm more of a regular user then :) in my case, I've had quite pleasant user experience. In fact even the whole upgrade from from Edge to 3.0 went by w/o me even noticing it. That is good :) I am running Kaspersky IS here." }-

Personally I've experienced it's not heuristics like Joe says - it's how new something is most of the time, like new software versions, or even new software.

Instead of looking at what the thing actually does, even before looking in its databases over what's good and bad, it'll check how new something is. I don't think that's the best approach to find yet unknown malware - I think BB is.

-{ Quote: "Personally I've experienced it's not heuristics like Joe says - it's how new something is most of the time, like new software versions, or even new software.

Instead of looking at what the thing actually does, even before looking in its databases over what's good and bad, it'll check how new something is. I don't think that's the best approach to find yet unknown malware - I think BB is." }-
Each approach has its own advantages and disadvantages. This includes living in the bleedin' edge even (ie. using very new software) :)

From the POV of regular user, I'd imagine PrevX 3.0 works perfectly (according to my own experiences). In the end it's the regular users that count, not power users who deal with who knows what on a daily basis. We always learn, and adapt. That is something one can not expect from normal user.

Okay I am going to backup with Acnrons Enterprise first. Then install software with know malware do the test along with the other items listed but this will be only PC Tools INS 2009 with TF set to the max, PC Doctor 6, PrevX 3.0. And see which software can block the cloak malware that know to be embeded in this software app I am going to install.

Start time: 1.19PM I'll post images if I can with the results..

-{ Quote: "Is there an advanced settings tutorial for Edge, akin to Blackspear's famous NOD32 tutorial (http://www.wilderssecurity.com/showthread.php?t=197509) that I've used with joy on both versions 2.7 and 3.0?

I just installed the full version of Prevx Edge five minutes ago. I did not adjust a single setting. This was emotionally traumatizing for me and I expect some sympathy. I decided to just "set it and go" to see how it performs. All I know is that real-time protection is enabled as my little green light is on in the center of Prevx' system tray icon. I have used Prevx and Prevx2 for almost three years, but this seems like a very different animal.

I would love some focused education. Could anyone point me to white papers, blogs or intelligent reviews that analyze the similarities and differences between Edge and Prevx2 and, as I asked in sentence one, set-up options for a more articulated performance. I'm reading this thread front to back, but it's like a novel and a rather incoherent one.

Take care. Oh, FWIW, my 24/7 real-time security setup is:
1. Prevx Edge
2. ESET NOD32 Antivirus v3
3. Malwarebytes' Anti-Malware
4. Javacool SpywareBlaster
5. Netgear Router (hard) Firewall + Windows (soft) Firewall

Comments would be appreciated." }-

Hello MarkW,

I was looking for answers for compatibility between NOD32 V4 & Prevx Edge and I saw that you have some experience already with this two applications. Right now I am using NOD32 v4.0.424 (default settings) & Prevx Edge (trial version).
I'm not convinced that trial version can do much for me along with NOD32, but I'm thinking a real time protection for Prevx Edge will be different.
Some questions that I have:
1. Prevx Edge with real time protection it's much heavy on resources than trial version?
2. I would like to keep NOD32 as my primary security program. Are these two programs complementary, or it's an overlap and isn't really necessary to have them both. (I'm not that paranoid to have multiple security programs, fighting each other on my PC).
3. Is Prevx Edge (full version) 100% compatible with NOD32?
4. What is your experience of using these 2 programs after 3-4 months?

Other users opinion will be much appreciated.

Thanks,
Jedi_m

I have reported this FP several times, but it is still there:

[NF] (ACTIVE) c:\programmer\bang & olufsen\beoplayer\mmhook.dll [PX5: 9708D1D400A1052FBC9304914286E5002D1CAB66]

PrevxHelp pleeease ;D

Prevx has been nobbled!

I have been testing Prevx against a selection of malware (500 samples - all a few months old) in a simple on demand scan (scanning the folder containing the malware)

Prevx got almost half of them on the first scan. Strangly, Prevx insisted on rebooting to remove them (they were not running - so why reboot? - A2, Avira and F-Secure got 100% of them without rebooting)

On reboot, Prevx performed another scan and found about 250 of the malwares in another location - and so went on and on through the process of rebooting and scanning.

Eventually, Prevx got about 450 of the 500 (why didnt it detect them all on the first scan?) I checked the remaining files with Prevx and it did not detect any of them with a on demand scan.

I ran each of the remaining malware samples inside sandboxie - and Prevx missed them all.

I deleted the remaining malware, refreshed the system image and tried again - with exactly the same results. at the end of the test, I did not install a new image, but deleted the remaining malware and rebooted. I then copied the folder of 500 malware samples to the desktop again and ran a new scan. This time, Prevx ran VERY slowly - about 25 mins to do under 30K files (should take 40-60 seconds) Eventually, Prevx crashed. I rebooted and tried again. Again Prevx crashed. I restarted Prevx without rebooting. Prevx realtime protection was disabled and would not enable. I set self protection to maximum and rebooted. Prevx seemed okay - until I ran a scan, when it froze and closed. It does this all the time now abour 8K files in to a scan. When I restart Prevx, realtime protection is disabled and cant be enabled again.

Clearly, one of the malwares has done something to Prevx. This is all old malware and has beeen scanned by Prevx several months ago - so should be known. Cant see how old malware can cripple Prevx when set to max self protection. Also cant see why Prevx misses 50% on fist scan when all the other AVs I have tested get 100%.

Hi PrevxHelp, think i find a FP today about the new version of utorrent released in April 22, 2009. Downloaded the exe from utorrent site and is flagged High Risk Worm. Can you take a look at this? THX

Joe,

Whenever I launch my browser sandboxed, I am seeing Prevx consistently scan 2 of the files related to SBIE - sandboxierpcss.exe and sandboxiedcomlaunch.exe

Also, when shutting down my sandboxed browser it always visibly scans start.exe, which is another sbie related file.


Shouldn't I expect to only see this happen once?

Thanks,
Mark.

Hehe... he sure will need a long time tackling all these posts directed to him personally - he's really wanted around here. ;D :P

I have just run the tests again with the same results.

On scan 1, Prevx finds 255 files and after several trys, removes them.

There seem to be some of the files stuck in a temp directory - possibly from Winrar unpacking them -that Prevx is unable to remove - can try as many times as it likes!

I removed the temp files with a disk cleaner, then ran a Prevx scan. This time, Prevx found loads more malware in the test directory - which it missed first time round. On removing this, it gets disabled / blocked.

I will upload the malware sample and PM Prevx help with the URL.

I believe Joe once mentioned that Prevx 3 only processes 255 infections at a time.....I seem to recall something like this.

-{ Quote: "I have just run the tests again with the same results.

On scan 1, Prevx finds 255 files and after several trys, removes them.

There seem to be some of the files stuck in a temp directory - possibly from Winrar unpacking them -that Prevx is unable to remove - can try as many times as it likes!

I removed the temp files with a disk cleaner, then ran a Prevx scan. This time, Prevx found loads more malware in the test directory - which it missed first time round. On removing this, it gets disabled / blocked.

I will upload the malware sample and PM Prevx help with the URL." }-

Hi,
today Prevx 3.0 trial flagged my imgburn as High Risk Worm. Imgburn is version 2.4.4.0, I think it's the latest. Prevx version is the latest available to the public.

And he is at a trade show in SF. He will get to this stuff, so cut him some slack.

I still think that Prevx and Vipre are the best 2 products so far this year.;)

My results are that PrevX found 2 cloak rookit threats in the Sandboxie folder.
I ran PC Tools INS 2009 in the same folder and found nothing. Ran PC Tools Malware Detective nothing found. Ran A-Squared Free found a bunch of bad cookies on C and in that folder it found one cloak rookit it quarantine it then I removed it. I need to run TF set to 4-5 and see if it can detect the two files like PrevX 3.0 did.

Running the PrevX today it has crashed a couple of times with bunch of errors like it's missing objects for it.

-{ Quote: "And he is at a trade show in SF. He will get to this stuff, so cut him some slack.

I still think that Prevx and Vipre are the best 2 products so far this year.;)" }-

I am very sorry for the delay in my responses this week, but its hard when in the middle of giving presentations and talking to other vendors to try and cut away and respond here ;D I'm catching up on a few hundred emails and a few dozen PMs/messages now but I will answer everything ASAP.

Hi all,
Regarding the false positives reported today - it looks like a signature went wild because of a new worm and it caught a number of extraneous files. I've corrected it now and am working on everything else as well.

Joe, all is back to normal. :)

-{ Quote: "I'll give it a try next time it happens.
Any advice on getting Windows security centre to recognise prevx3? It was fine with edge.
Thanks" }-

Could you try uninstalling, rebooting, and then reinstalling Prevx 3.0? Nothing has changed in the security center code at all since Edge so if it was working with Edge it should work with 3.0 :-\

-{ Quote: "i am running kaspersky internet security 2009 and have a licence for prevx 3 without realtime, which i think should be enough protection.

If i bought real time upgrade will they run toegther ok

i dont really want to give up on kaspersky as i am not convinced about windows firewall, unless anyone can reccomend a firewall to run with prevx 3 with realtime" }-

Hello,
Yes, Prevx 3.0 and Kaspersky work alongside each other well - you may want to use a third party firewall, or one from Kaspersky if you already have it installed :)

For me, Security Center has never recognized Prevx-probably because I already have Avast! and Windows Defender. Many uninstalls/reinstalls later I just remember to look for the icon occasionally. :)

-{ Quote: "Hi,
today Prevx 3.0 trial flagged my imgburn as High Risk Worm. Imgburn is version 2.4.4.0, I think it's the latest. Prevx version is the latest available to the public." }-

Fixed - this was related to the other FPs and was fixed :) (It was caused by a human researcher, not our automated systems ;D) The file, like the other ones reported here, has some suspicious characteristics which is why it was flagged but it is indeed legitimate.

Thanks for the report!

-{ Quote: "Hello MarkW,

I was looking for answers for compatibility between NOD32 V4 & Prevx Edge and I saw that you have some experience already with this two applications. Right now I am using NOD32 v4.0.424 (default settings) & Prevx Edge (trial version).
I'm not convinced that trial version can do much for me along with NOD32, but I'm thinking a real time protection for Prevx Edge will be different.
Some questions that I have:
1. Prevx Edge with real time protection it's much heavy on resources than trial version?
2. I would like to keep NOD32 as my primary security program. Are these two programs complementary, or it's an overlap and isn't really necessary to have them both. (I'm not that paranoid to have multiple security programs, fighting each other on my PC).
3. Is Prevx Edge (full version) 100% compatible with NOD32?
4. What is your experience of using these 2 programs after 3-4 months?

Other users opinion will be much appreciated.

Thanks,
Jedi_m" }-

Hello,
1) The full version has no additional resources from the trial version - the exact same software is installed in the full version.

2/3) NOD32 and Prevx 3.0 are fully compatible and while you don't HAVE to have both, we always recommend a layered approach.

4) I'll leave this one up to everyone else but we have a large number of happy NOD32 users :)

-{ Quote: "I have reported this FP several times, but it is still there:

[NF] (ACTIVE) c:\programmer\bang & olufsen\beoplayer\mmhook.dll [PX5: 9708D1D400A1052FBC9304914286E5002D1CAB66]

PrevxHelp pleeease ;D" }-

Fixed ;D Another side effect of the other FPs reported today actually - it will be prevented in the future :)

-{ Quote: "Joe,

Whenever I launch my browser sandboxed, I am seeing Prevx consistently scan 2 of the files related to SBIE - sandboxierpcss.exe and sandboxiedcomlaunch.exe

Also, when shutting down my sandboxed browser it always visibly scans start.exe, which is another sbie related file.


Shouldn't I expect to only see this happen once?

Thanks,
Mark." }-

It is possible that SBIE is generating behaviors requiring a re-scan by Prevx. However, if you would like, send me an email of your newest scan log and I'll see if I can optimize the entries around these files.

-{ Quote: "I have just run the tests again with the same results.

On scan 1, Prevx finds 255 files and after several trys, removes them.

There seem to be some of the files stuck in a temp directory - possibly from Winrar unpacking them -that Prevx is unable to remove - can try as many times as it likes!

I removed the temp files with a disk cleaner, then ran a Prevx scan. This time, Prevx found loads more malware in the test directory - which it missed first time round. On removing this, it gets disabled / blocked.

I will upload the malware sample and PM Prevx help with the URL." }-

Prevx has been intentionally designed to detect 255 infections at once and deal with them in packets - this reduces memory overhead and works well for normal users.

However, the issues you are experiencing sound like software issues rather than a detection issue. I haven't seen a link to the malware, but if you could look through the Windows Event Viewer by clicking Start > Run > eventvwr.exe and then looking through the Applications folder for any entry referencing prevx.exe, I'll be able to diagnose what went wrong there.

Thanks Joe - sending now...

-{ Quote: "It is possible that SBIE is generating behaviors requiring a re-scan by Prevx. However, if you would like, send me an email of your newest scan log and I'll see if I can optimize the entries around these files." }-

http://malwareresearchgroup.com/?page_id=2

would be interseting to see how prevx 3 got on in this test

-{ Quote: "Hello MarkW,

I was looking for answers for compatibility between NOD32 V4 & Prevx Edge and I saw that you have some experience already with this two applications. Right now I am using NOD32 v4.0.424 (default settings) & Prevx Edge (trial version).
I'm not convinced that trial version can do much for me along with NOD32, but I'm thinking a real time protection for Prevx Edge will be different.
Some questions that I have:
1. Prevx Edge with real time protection it's much heavy on resources than trial version?
2. I would like to keep NOD32 as my primary security program. Are these two programs complementary, or it's an overlap and isn't really necessary to have them both. (I'm not that paranoid to have multiple security programs, fighting each other on my PC).
3. Is Prevx Edge (full version) 100% compatible with NOD32?
4. What is your experience of using these 2 programs after 3-4 months?

Other users opinion will be much appreciated.

Thanks,
Jedi_m" }-

Hi, my preferred security setup is Nod32 + Prevx3, I have this running on most customer computers.

I'm finding that Prevx3 is very low on system resources & with a reasonable spec computer, you don't even notice the startup scan. I see Prevx3 now as my main security application, whereas Nod32 is the backup old tech security.

There are some issues with Nod32 where it will sometimes FP new versions of Prevx forcing you to reinstall the Prevx software (keep your licence code in a handy text file). Nod32 v4 particularly is quite resource intensive, particularly on startup although it runs fine with Prevx3 - possibly because Prevx is so light? I have also sometimes seen Nod32 v4 hang on the splash screen, a drop to Nod32 v3 will sort this. You can also turn off the splash screen within Nod32 which in v4 I find displays far too long on low spec computers.

If you are seeing slowdowns with Nod32 v4 & Prevx, I would consider downgrading your Nod32 to version 3. If you are running on a network consider Nod32 v2.7.

In conclusion, over hundreds of customers I find that Nod32 & Prevx3 work well offering near rock solid security. Adding Firefox with NoScript & a hardware firewall gives I believe, the best quiet security possible.

I don't like this... there's still no answer from support! >:(

-{ Quote: "I don't like this... there's still no answer from support! >:(" }-
Have you tried support through Prevx website? I believe Our usual Prevx representative is at an exhibition in the US at the moment.

-{ Quote: "I don't like this... there's still no answer from support! >:(" }-


the support on here from prev x is excellent he usually come in everyday