-{ Quote: "Have you tried support through Prevx website? I believe Our usual Prevx representative is at an exhibition in the US at the moment." }-

Yes, that's the support team I'm talking about, obviously. I've asked Joe personally, and he'll be able to help if nothing happens - like now - but not before as he can't deal with things like refunds personally.

Raven I can assure you they will get to it. Be patient my friend, they have a full week, but you know Joe will take care of it.

-{ Quote: "Raven I can assure you they will get to it. Be patient my friend, they have a full week, but you know Joe will take care of it." }-

Ofc I know that. :)

-{ Quote: "I am very sorry for the delay in my responses this week, but its hard when in the middle of giving presentations and talking to other vendors to try and cut away and respond here ;D I'm catching up on a few hundred emails and a few dozen PMs/messages now but I will answer everything ASAP." }-
Good grief, what part of this don't you guys understand?

-{ Quote: "Good grief, what part of this don't you guys understand?" }-

Totally agree crofttk. Never seen such applied support for a product thats IMHO is very very good.

Hello,
I have been using prevx 3.0 for a few days now.
found out I was given a license to prevx1 ages ago by a nice member of wilders and managed to convert it to a version 3 license which is fantastic imo.

seems like a nice application. no fp's so far and seems very light.

its nice to see a UK based company creating such a decent antimalware application.

-{ Quote: "Hi, my preferred security setup is Nod32 + Prevx3, I have this running on most customer computers.

I'm finding that Prevx3 is very low on system resources & with a reasonable spec computer, you don't even notice the startup scan. I see Prevx3 now as my main security application, whereas Nod32 is the backup old tech security.

There are some issues with Nod32 where it will sometimes FP new versions of Prevx forcing you to reinstall the Prevx software (keep your licence code in a handy text file). Nod32 v4 particularly is quite resource intensive, particularly on startup although it runs fine with Prevx3 - possibly because Prevx is so light? I have also sometimes seen Nod32 v4 hang on the splash screen, a drop to Nod32 v3 will sort this. You can also turn off the splash screen within Nod32 which in v4 I find displays far too long on low spec computers.

If you are seeing slowdowns with Nod32 v4 & Prevx, I would consider downgrading your Nod32 to version 3. If you are running on a network consider Nod32 v2.7.

In conclusion, over hundreds of customers I find that Nod32 & Prevx3 work well offering near rock solid security. Adding Firefox with NoScript & a hardware firewall gives I believe, the best quiet security possible." }-
Biscuit, thanks a lot for your response. I appreciate it, now my confidence in my decission went up a little.
With these two "guys" (NOD & Prevx Edge) protecting my computer, I see no slow downs and with 2 layers of good protection, I don't need any other real-time securities.

Thanks again,
Jedi_m

-{ Quote: "Hello,
I have been using prevx 3.0 for a few days now.
found out I was given a license to prevx1 ages ago by a nice member of wilders and managed to convert it to a version 3 license which is fantastic imo.

seems like a nice application. no fp's so far and seems very light.

its nice to see a UK based company creating such a decent antimalware application." }-
Hi Iodore

Welcome to the party. It will be good to have your input & experience.

I think that you will like it much! Personally I have rarely come across a better product with such superb support and interaction between users & developers.


;D

-{ Quote: "Hi Iodore

Welcome to the party. It will be good to have your input & experience.

I think that you will like it much! Personally I have rarely come across a better product with such superb support and interaction between users & developers.


;D" }-

I couldn't of said it better myself :thumb:

TH

-{ Quote: "Hi Iodore

Welcome to the party. It will be good to have your input & experience.

I think that you will like it much! Personally I have rarely come across a better product with such superb support and interaction between users & developers.


;D" }-

Welcome aboard, totally agree with Baldrick. And I think you will find that the best is yet to come ;) 8) Hopefully quite soon.

I have been using Prevx on its own for some time now. Previously, I used Avira. I installed Avira yesterday (alongside Prevx) but found Prevx kept stopping when I ran a scan.

Does anyone else here run Prevx with Avire Premium 9?

My OS is Vista, UAC on. Zemana, Sandboxie and Returnil.

it had worked for me

-{ Quote: "I have been using Prevx on its own for some time now. Previously, I used Avira. I installed Avira yesterday (alongside Prevx) but found Prevx kept stopping when I ran a scan.

Does anyone else here run Prevx with Avire Premium 9?

My OS is Vista, UAC on. Zemana, Sandboxie and Returnil." }-

I run Avira Prem 9 and Prevx 3.0 togeather with no problems. I am also running Sandboxie or Defensewall along with Returnil along with it. I have had no issues with this setup.

Hello all,
RSA is over and I'm back to my normal timezone/support schedule ;D Sorry for the delayed answering of the last week but we've been extremely busy, and the conference was fantastic. I'm catching up on a truckload of emails and posts but I will answer everything :)

Welcome back PH! Hope things went above and beyond expectations.

-{ Quote: "Hello all,
RSA is over and I'm back to my normal timezone/support schedule ;D Sorry for the delayed answering of the last week but we've been extremely busy, and the conference was fantastic. I'm catching up on a truckload of emails and posts but I will answer everything :)" }-

Agree - welcome back, and I hope that those being there noticed what an amazing company you're! ;D 8) :)

-{ Quote: "Agree - welcome back, and I hope that those being there noticed what an amazing company you're! ;D 8) :)" }-

Thanks :) For what its worth - I've expedited your refund inquiry, let me know if you need anything else :)

-{ Quote: "Thanks :) For what its worth - I've expedited your refund inquiry, let me know if you need anything else :)" }-

Yes, I've received a response today and have already replied to that with the needed details. I hope the process goes fast from here on. ;)

-{ Quote: "Welcome aboard, totally agree with Baldrick. And I think you will find that the best is yet to come ;) 8) Hopefully quite soon." }-
hmm some new tech?
any more infomation?

Yup, but Joe (PrevxHelp) won't say...yet. He just keeps us dangling with the odd ;) & ;) from time to time. ;D

But given what has gone before and we are now using I am willing to bet it will be good and worth the wait...which I can hardly! ;D

A bit of teasing here :)

-{ Quote: "The large set of new functionality is still a few weeks away :-\ The Prevx 3.0 release (of 3.0.1.55) is scheduled for tomorrow then we're going to continue developing through the new features :)

They're getting close, but we don't want to release anything unfinished :)" }-

Also see post #3553 on page 143. There have been a couple of hints dropped by Joe in some of his posts which no one has picked up on and a couple in the blogs on the Prevx web site :-X
They say patience is a virtue but its wearing rather thin here ;D

Gawd!!!! Prevx rocks big time now. Can't wait to see what is yet to come.

-{ Quote: "A...a couple of hints dropped by Joe in some of his posts which no one has picked up..." }-LOL. Yeah, your teasing has been noted.::)

Prevx edge still has a FP with Rollback Rx, detected it as a high risk worm last night.
Sense I was surfing a little while (no high risk sites though)
I figured maybe it was legit seeing as though the past FP's with rollback was about a mbr rootkit.
So I clicked to clean, bad move my me.
It was rollback rx that was deleated and sent be back to my baseline snapshot with out rollback,prevx or anything else that I have put on in the last two years.
Oh well back to building again.
Maybe with or without, but I believe without prevx though.

-{ Quote: "Prevx edge still has a FP with Rollback Rx, detected it as a high risk worm last night.
Sense I was surfing a little while (no high risk sites though)
I figured maybe it was legit seeing as though the past FP's with rollback was about a mbr rootkit.
So I clicked to clean, bad move my me.
It was rollback rx that was deleated and sent be back to my baseline snapshot with out rollback,prevx or anything else that I have put on in the last two years.
Oh well back to building again.
Maybe with or without, but I believe without prevx though." }-

??? Very sorry to hear this... but if Edge just blocked a single file, I'm not sure how it would have removed the whole program or "broken" the image :-\

-{ Quote: "Prevx edge still has a FP with Rollback Rx, detected it as a high risk worm last night.
Sense I was surfing a little while (no high risk sites though)
I figured maybe it was legit seeing as though the past FP's with rollback was about a mbr rootkit.
So I clicked to clean, bad move my me.
It was rollback rx that was deleated and sent be back to my baseline snapshot with out rollback,prevx or anything else that I have put on in the last two years.
Oh well back to building again.
Maybe with or without, but I believe without prevx though." }-

thats bad man!

i hope FP with rollback rx is already fix.

Confusion:

When I am on the status page, I see on the right side this:
Scanning and Detection - Configure
CSI Malware Removal - Details
Realtime Infection Monitoring - Configure
Edge Realtime Protection - Details

When I click on the Details links, it just shows the license information. This is confusing. I though (and I bet many other too) it would show me details about the subject (CSI Malware Removal / Edge Realtime Protection).

And as mentioned in one of my earlier posts, if PrevX found something after a scan, and I click "Remove Malware" (or whatever was the title), it ALWAYS scans AGAIN the whole disk. I NEVER managed to remove anything without a 2nd. scan here. That takes too much time... 4 minute scan, found something, click remove, again 4 minute scan, and finally the remove button does what it says...

-{ Quote: "Confusion:

When I am on the status page, I see on the right side this:
Scanning and Detection - Configure
CSI Malware Removal - Details
Realtime Infection Monitoring - Configure
Edge Realtime Protection - Details

When I click on the Details links, it just shows the license information. This is confusing. I though (and I bet many other too) it would show me details about the subject (CSI Malware Removal / Edge Realtime Protection).

And as mentioned in one of my earlier posts, if PrevX found something after a scan, and I click "Remove Malware" (or whatever was the title), it ALWAYS scans AGAIN the whole disk. I NEVER managed to remove anything without a 2nd. scan here. That takes too much time... 4 minute scan, found something, click remove, again 4 minute scan, and finally the remove button does what it says..." }-

I agree that this is illogical, and we will be adding extra options behind these buttons as soon as we have more configuration aspects for the features. However, right now they are to view details about your remaining license.

The additional scan happens if malware is detected and then the system is rebooted or something closes Prevx without running cleanup immediately after - this is used to ensure that all of the malware on the system is known at the time of cleanup, otherwise infections may not be fully cleaned.

Ok, I have re-installed Prevx after looking over other EULAs. For the type of software it is, the EULA isn't bad. I just want to know if you keep data from a machine stored indefinitely or if you just upload it when checking files.

-{ Quote: "The additional scan happens if malware is detected and then the system is rebooted or something closes Prevx without running cleanup immediately after - this is used to ensure that all of the malware on the system is known at the time of cleanup, otherwise infections may not be fully cleaned." }-

But I did not reboot the OS, or close PrevX. I immediately click the button after the scan is finish.

That is confusing too. You have 2 buttons after the scan, "Scan my PC" and "Remove Malware" (or something like that, RED button). And I just expect when I click the red button, it will try to remove the malware, not scan again. If I want to scan again, I would click the other, blue button.

-{ Quote: "thats bad man!

i hope FP with rollback rx is already fix." }-
Hi fce

Have just installed the latest build of RB Rx v9 and build .62 did not as much as blink as far as I am aware during the installation process.

So ??? from my perspective it is fixed. What build of Prevx are you using, if I may ask ;D.

-{ Quote: "Hi fce

Have just installed the latest build of RB Rx v9 and build .62 did not as much as blink as far as I am aware during the installation process.

So ??? from my perspective it is fixed. What build of Prevx are you using, if I may ask ;D." }-

I tried Rbrx ver9 but it didn't work.

Anyway i didnt experience the FP of prevx and Rollback Rx8.1. it was lonewolf post i quoted.

-{ Quote: "I tried Rbrx ver9 but it didn't work.

Anyway i didnt experience the FP of prevx and Rollback Rx8.1. it was lonewolf post i quoted." }-
Hi fce / Hi Lonewolf

Apologies for the confusion...unintended I assure you. :-[

Further to my previous recent problems with Prevx, now, it reguarly disables itself, particuarly when scanning.

Anyone else having issues?

EDIT______________

Prevx is now unuseable. It is unable to complete an on demand scan without crashing and disables itself when system is idle.

doesnt crash here.

Did you try an uninstall and reinstall? Looks like something got corrupted.

Question, @PrevX help



I have a question about the free version. I have played a little with PrevX,

Heuristics: only provide option to remove (greyed out, update or trust)

Age: just a way of restricting the focus of PrevX, thought behind it, the newer the program, the more chance it is malware

Population: when (at program install) a blacklisted program is found, I am able to stop it.

Is the above correct (I have set heuristics after age/population)?

Regards Kees

-{ Quote: "Question, @PrevX help



I have a question about the free version. I have played a little with PrevX,

Heuristics: only provide option to remove (greyed out, update or trust)

Age: just a way of restricting the focus of PrevX, thought behind it, the newer the program, the more chance it is malware

Population: when (at program install) a blacklisted program is found, I am able to stop it.

Is the above correct (I have set heuristics after age/population)?

Regards Kees" }-

From the Prevx 3.0 Help Page:
-{ Quote: "Advanced Heuristics

This slider bar allows you to configure exactly how Prevx 3.0 will behave when analyzing new programs. If a program is unknown on your system and performs suspicious actions, you can use this function to control how strict Prevx 3.0 will be when it identifies suspicious behavior. The levels of protection include:

Disabled - No heuristics. Prevx 3.0 will not protect your computer against advanced new threats, however, the community database will still apply heuristics to known threats and will continue to detect mutating malicious software.

Low - This setting will tell Prevx 3.0 to ignore more suspicious behavior and allow programs to run. A program will only be detected with these heuristics if it displays a high level of malicious activity.

Medium - This is the recommended setting and balances detection versus false alarms by using our tuned heuristics in the centralized community database.

High - This setting is recommended if you think that your system is infected or at a very high risk for infections. While it may generate marginally more false alarms, this setting will protect against a wide range of new threats.

Maximum - This is the highest security setting for the Prevx 3.0 Advanced Heuristics and will block a large amount of malicious software but may generate false alarms on unpopular or uncommon software.

Additional Advanced Heuristics Options

Advanced Heuristics allows you to configure the prescedence of the application of the heuristic rules. If you set Prevx 3.0 to "Apply before Age/Popularity detection", heuristics will warn against new programs as well as old programs which exhibit suspicious behavior. However, if you select "Apply after Age/Popularity detection", Prevx 3.0 will only warn about an Advanced Heuristic detection if it is also deemed suspicious based on your Age/Popularity settings (described below).

Program Age Heuristics

These settings allow you to configure how sensitive Prevx 3.0's heuristics are to the age of a program. Generally, a majority of programs exist in the community for a while before they are used by a large number of users. However, most infections tend to have a very short lifespan and try and spread as quickly as possible. Our Prevx 3.0 Program Age Heuristics analyze the age of the program and compare it against similar programs within the subset of the community to determine if it is statistically less trustworthy than should be allowed.

We offer granular control over the Program Age Heuristics which will allow you to best suit it to your needs and browsing habits.

Disabled - No Program Age Heuristics

Low - Only alert about programs which have been created or modified very recently (Recommended)

Medium - Alert about programs which are fairly new and not trusted, preventing zero-day and zero-hour attacks. This setting is recommended if you do not frequently install relatively unpopular programs and want an extra degree of security to prevent mutating threats.

High - Alert about programs which have been created or modified within a relatively short period of time and are not trusted. This setting is recommended only if rarely install new programs and if you feel that your system is relatively constant. It may generate a higher level of false alarms on more obscure or unpopular software.

Maximum - Alert about all untrusted programs which have been created or modified fairly recently. This setting should only be used if you computer is in a high risk situation or if you think that it is currently infected.

Program Popularity Heuristics

Prevx 3.0's Program Popularity Heuristics analyze the popularity of a program within the context of your subset of the Prevx Community and see if a program is statistically unpopular. Generally, infections tend to mutate very quickly and normal programs do not, therefore, Program Popularity Heuristics can identify programs which are frequently changing or are being installed as a unique copy on every user's PC.

In addition to detecting frequently changing or polymorphic threats, Program Popularity Heuristics also works alongside other detection methods to block targeted threats. When a suspicious program is found and about to be loaded into memory, Program Popularity Heuristics will prevent it if it determines that the program is extremely unpopular - an attribute which would be present in a targeted threat where a unique infection is sent to the victim with the direct intent of evading conventional antivirus technology which requires individual signatures to be created for each sample.

You can configure the intensity of Program Popularity Heuristics with the following options:

Disabled - Do not use Program Popularity Heuristics

Low - Only alert about programs which have only recently been seen for the first time. This is recommended for users which frequently install new programs, beta programs, or are software developers who frequently create new programs.

Medium - Alert about unpopular and mutating programs, preventing zero-day and zero-hour attacks. This is recommended for users who do not frequently install new programs and want an extra level of protection over the standard settings.

High - Only allow programs which have been seen by a significant percentage of the Prevx Community. This is recommended for users who do not install new programs and who are concerned about the current security of their system, suspecting that they might have an active infection.

Maximum - Only allow programs which have been seen by a very large percentage of the Prevx Community. This is recommended only for users who feel that they are at a very high risk for infection and are willing to accept the possibility for an increased level of false alarms due to the very strict heuristics in place." }-

http://info.prevx.com/edgehelp.asp

Not sure if that helps, but I'm sure Joe will be around later if you need a more detailed explanation :)

Thx,

Webdesigner, let me rephrase my question. The free version warns, but does it also stop installs. I noticed that the heuristics (first slider) does not offer the option to stop. With the second slider I can set the age of programs to monitor (that is clear). My question is, when I set Age to high (meaning only new programs are monitored, like installs first execution), and I set the population to meaning, PrevX will warn me when I install a known malware of the in the cloud data base, but the question is: does it provide an option to stop installation (no removal, just stop).

Thanks

-{ Quote: "Did you try an uninstall and reinstall? Looks like something got corrupted." }-

Yes, I have tried a fresh install. that works for a while, then it starts playing up again.

I have even done a complete system restore - but, again, it plays up.

All very strange!

PS, as Im typing this, Prevx is sitting in my system tray - disabled again!

-{ Quote: "Thx,

Webdesigner, let me rephrase my question. The free version warns, but does it also stop installs. I noticed that the heuristics (first slider) does not offer the option to stop. With the second slider I can set the age of programs to monitor (that is clear). My question is, when I set Age to high (meaning only new programs are monitored, like installs first execution), and I set the population to meaning, PrevX will warn me when I install a known malware of the in the cloud data base, but the question is: does it provide an option to stop installation (no removal, just stop).

Thanks" }-

Kees, from memory and reading this thread, the prevx edge free version will just provide a warning/alert.

Joe (prevxhelp) should be able to assist you with a trial for you to test out.

Thx, Saraceno

Looking at the Prevx.com home page I see that Prevx have another trade show this week so if Prevx Help is in attendance there he may be a bit thin on the ground again this week, hopefully normal service will be resumed next week ;D
A couple of links to the show for anyone interested:

http://www.infosec.co.uk/

http://www.infosec.co.uk/page.cfm/action=Exhib/ExhibID=00903

-{ Quote: "Thx,

Webdesigner, let me rephrase my question. The free version warns, but does it also stop installs. I noticed that the heuristics (first slider) does not offer the option to stop. With the second slider I can set the age of programs to monitor (that is clear). My question is, when I set Age to high (meaning only new programs are monitored, like installs first execution), and I set the population to meaning, PrevX will warn me when I install a known malware of the in the cloud data base, but the question is: does it provide an option to stop installation (no removal, just stop).

Thanks" }-

In the free version, threats are detected and a small "Active Threat" dialog is shown but they are not blocked - only the full version adds blocking on top of the realtime/on-demand detection. Setting the heuristics up higher will cause Prevx to warn as well if it is a heuristic detection but we don't block it in the trial version.

However, feel free to send me a PM if you'd like to try out the infection prevention components (and that goes for anyone else as well :))

-{ Quote: "Looking at the Prevx.com home page I see that Prevx have another trade show this week so if Prevx Help is in attendance there he may be a bit thin on the ground again this week, hopefully normal service will be resumed next week ;D" }-

I'm not going to this one (finally get to get some sleep! ;D) so I will be around :)

-{ Quote: "In the free version, threats are detected and a small "Active Threat" dialog is shown but they are not blocked - only the full version adds blocking on top of the realtime/on-demand detection. Setting the heuristics up higher will cause Prevx to warn as well if it is a heuristic detection but we don't block it in the trial version.

However, feel free to send me a PM if you'd like to try out the infection prevention components (and that goes for anyone else as well :))" }-

Ok thx,

No I like the sliding population control (from blacklist to whitelist) and the smart focus on newly installed programs, but I thought the free version was also blocking. I will just keep it as an post-infecton warning ;D

-{ Quote: "I'm not going to this one (finally get to get some sleep! ;D) so I will be around :)" }-

:thumb: 'Phase 2' :shifty:

My Prevx 3.0.1.62 beta version just updated to bld 63. Minor tweaking or preparation for something bigger?

-{ Quote: "My Prevx 3.0.1.62 beta version just updated to bld 63. Minor tweaking or preparation for something bigger?" }-

Still just minor tweaking I'm afraid ;D The "something bigger" is coming soon still ;D .63 improves cleanup of a new rootkit and has a couple minor bugfixes :)

That was a quick answer Joe, many thanks :)

I've yet to have a fixed refund... >:(

Hi, PrevxHelp - could you answer my question here:

"I just want to know if you keep data from a machine stored indefinitely, or if you just upload it when checking files?"

-{ Quote: "Hi, PrevxHelp - could you answer my question here:

"I just want to know if you keep data from a machine stored indefinitely, or if you just upload it when checking files?"" }-

Data is stored (anonymously) for future analytic purposes. This way, we're able to detect threats using logic which can cross-reference data from all known samples rather than just the data coming in at that time.

-{ Quote: "Data is stored (anonymously) for future analytic purposes. This way, we're able to detect threats using logic which can cross-reference data from all known samples rather than just the data coming in at that time." }-

Thanks. I think as long as it is anonymous and you don't identify individual computers, I'm ok with it. Do all the .exe files scanned on a PC get collected?

-{ Quote: "Thanks. I think as long as it is anonymous and you don't identify individual computers, I'm ok with it. Do all the .exe files scanned on a PC get collected?" }-

No, we rarely actually upload the entire samples. We start with sending up a simple signature (to see if it is a known bad or known good) and then the database tells the agent what other information it still needs, which can include different signatures/characteristics within the program or behavior that the program makes (i.e. X program deletes Y file) to help determine if the file is malicious or not :)

Mvdu, the thread on Prevx and Privacy (http://www.wilderssecurity.com/showthread.php?t=240084) may be of interest.

I've now received a refund - thank you. Out of curiosity, was the price for Prevx v2.0 (which I bought when it was the newest software...) 24.95 and not 29$ which it's now? I wonder that since that's what I've got in refund. ???

-{ Quote: "I've now received a refund - thank you. Out of curiosity, was the price for Prevx v2.0 (which I bought when it was the newest software...) 24.95 and not 29$ which it's now? I wonder that since that's what I've got in refund. ???" }-

Yes, we've recently raised the price to have all products at $29.95.

-{ Quote: "Yes, we've recently raised the price to have all products at $29.95." }-

Okay, thx for the info. :)

I got v3.0.1.64 running very well,more bug fixes?

TH

-{ Quote: "I got v3.0.1.64 running very well,more bug fixes?

TH" }-

Yes :) Nothing too exciting - just some minor bug fixes ;D

-{ Quote: "I got v3.0.1.64 running very well,more bug fixes?

TH" }-
Ditto...everything way smooooooooth here too! :thumb:

I think we should start a new thread titled Prevx 3.0 since it's an all in one product now (Edge & CSI) ;D

I have 3.0.1.65 now running very good! :thumb:

TH

-{ Quote: "I think we should start a new thread titled Prevx 3.0 since it's an all in one product now (Edge & CSI) ;D" }-

;D Well, Edge is v3.0 and we still have "Edge Realtime Protection" so it can probably stay Edge :)

v3.0.1.65 is now going out live - minor fixes and some under-the-hood changes, nothing too exciting just yet :)

the only thing stop me for try it / buy it , its the reason trial is only for detection not cleaning , until i see PREVX in real clean mode (edge 3) like avira or nod32 gives FULL function free trial , i never gona consider it as a buy software:thumbd:

-{ Quote: "the only thing stop me for try it / buy it , its the reason trial is only for detection not cleaning , until i see PREVX in real clean mode (edge 3) like avira or nod32 gives FULL function free trial , i never gona consider it as a buy software:thumbd:" }-

Send a PM to PrevxHelp and he will give you a key that is good for a week!

TH

-{ Quote: "the only thing stop me for try it / buy it , its the reason trial is only for detection not cleaning , until i see PREVX in real clean mode (edge 3) like avira or nod32 gives FULL function free trial , i never gona consider it as a buy software:thumbd:" }-

Check your PMs, you have a fully functional 7-day Prevx 3.0 license waiting :)

I forgot to say that the Support is amazing just like the software!:argh:

TH

-{ Quote: "Check your PMs, you have a fully functional 7-day Prevx 3.0 license waiting :)" }-
lol u fast , now hope to see what is made off

10x

A Prevx scanning freeze fix.

I purchased Prevx yesterday and after a few on demand scans using different settings I was happy and shut the laptop off for the night. This morning after booting up I did another scan and it stalled at 16% when it ran into a .dll file. A red window flashed too quick to read and a window read: Prevx Security Investigator has encountered a problem and needs to close. After several more attempts I was ready to give up.

I also used a system restore point made just after installing Prevx but it still stalled at 16%. So I uninstalled Prevx.
I then happened to read a thread about Registry Cleaners started by raven211. Having never used one before I tried jv16 Power Tools 2009. I followed the jv16 video clip on the companys website and it found over 1250 odd registry bits, it repaired 52 of them and removed the remaining. I then reinstalled Prevx.

Next step I turned off Ad-Watch Live, (in Ad-Aware Anniv. Edition), did a defrag and a restart. Then I reinstalled Prevx and it's made 7 scans so far and works great. I'm amazed at the fast 2 min. deep scans.

My guess it was all the junk registry stuff causing the problem. Thanks raven211 for the timely Registry Thread!

Best regards,
Edw.

-{ Quote: "I forgot to say that the Support is amazing just like the software!:argh:

TH" }-


So very true! Great product AND great support-not the kind that may help your situation, depending.No! Prevx Support comes from a love of what they do, and pride in the product they offer. I admire a company with ethics.

Thank you

Can I please get a code for a week trial? I am debating on buying the software..

-{ Quote: "A Prevx scanning freeze fix.

I purchased Prevx yesterday and after a few on demand scans using different settings I was happy and shut the laptop off for the night. This morning after booting up I did another scan and it stalled at 16% when it ran into a .dll file. A red window flashed too quick to read and a window read: Prevx Security Investigator has encountered a problem and needs to close. After several more attempts I was ready to give up.

I also used a system restore point made just after installing Prevx but it still stalled at 16%. So I uninstalled Prevx.
I then happened to read a thread about Registry Cleaners started by raven211. Having never used one before I tried jv16 Power Tools 2009. I followed the jv16 video clip on the companys website and it found over 1250 odd registry bits, it repaired 52 of them and removed the remaining. I then reinstalled Prevx.

Next step I turned off Ad-Watch Live, (in Ad-Aware Anniv. Edition), did a defrag and a restart. Then I reinstalled Prevx and it's made 7 scans so far and works great. I'm amazed at the fast 2 min. deep scans.

My guess it was all the junk registry stuff causing the problem. Thanks raven211 for the timely Registry Thread!

Best regards,
Edw." }-

Very interesting! Good to know its working properly now :) Let me know if you have any questions or problems in the future :)

-{ Quote: "Can I please get a code for a week trial? I am debating on buying the software.." }-

PM sent :)

i don't know why the program make update when only make scan and not when system boot...

I don't scheduler scan...i make every day launch manual update :doubt:

thank you for more information

after insert serial to make it full function , i turn on real system protection on , and its start reading , none stop from my hd , make pc unusable, any idea what was append ?

demon, give it some time to do 'its thing', authenticate files etc.

List what else you are running if you can. DefenseWall, sandboxie?

-{ Quote: "i don't know why the program make update when only make scan and not when system boot...

I don't scheduler scan...i make every day launch manual update :doubt:

thank you for more information" }-

You don't have to update every day - the updates are only software updates as all of our signatures are centralized so we rarely have to actually put out updates, only when releasing new features/functionality/bugfixes.

-{ Quote: "after insert serial to make it full function , i turn on real system protection on , and its start reading , none stop from my hd , make pc unusable, any idea what was append ?" }-

I've sent you a PM - also FWIW, your post count is going to be 666 the next time you post, demoneye ;D

-{ Quote: "I've sent you a PM - also FWIW, your post count is going to be 666 the next time you post, demoneye ;D" }-
:o
Ooof! Please make it a good one, demoneye!

Vista32, Prevx3.0.1.62

I've got a problem with Prevx3 on one of my networked computers. Prevx will not connect to the Internet. I uninstalled, rebooted & reinstalled but Prevx still will not connect - to the extent that I can't install the licence key.

The network is connecting via ISA Firewall through an SBS2003 server, but the problem is unlikely to be ISA, because my computer here is connecting in the same way with the same config.

Has this issue been seen before?

Hello
I've been using Edge/Prevx 3.0 for some time and since it changed names I hadn't visited the Prevx website. Doing so today I noticed there was a Prevx 3.0 Overview available for download as a .pdf. There I saw that Prevx 3.0 has a secure browser feature. That's totally new to me. I thought I had Prevx 3.0 with Realtime Protection, but I haven't come across that feaure.
How does one use the secure browser?

Thanks

-{ Quote: "Hello
I've been using Edge/Prevx 3.0 for some time and since it changed names I hadn't visited the Prevx website. Doing so today I noticed there was a Prevx 3.0 Overview available for download as a .pdf. There I saw that Prevx 3.0 has a secure browser feature. That's totally new to me. I thought I had Prevx 3.0 with Realtime Protection, but I haven't come across that feaure.
How does one use the secure browser?

Thanks" }-

Can you provide a link for that .pdf - I've been all over the site and I cannot find it. The secure browsing feature was announced for Prevx Enterprise a week or so ago, I was not aware that they had revealed that it is to be included in the Prevx 3.0 Home user edition yet.

-{ Quote: "Can you provide a link for that .pdf - I've been all over the site and I cannot find it. The secure browsing feature was announced for Prevx Enterprise a week or so ago, I was not aware that they had revealed that it is to be included in the Prevx 3.0 Home user edition yet." }-
http://info.prevx.com/download.asp?grab=PREVX3OVERVIEW

The secure browser is currently only available for our eSAC e-Commerce Security platform and not for the home users just yet.... but it will be :)

-{ Quote: "The secure browser is currently only available for our eSAC e-Commerce Security platform and not for the home users just yet.... but it will be :)" }-
Secret is bared :argh: :thumb:
Really nice!

Can anyone tell me how to "execute" the secure browser feature? Does it exist or is this something down the road? Attached taken from the pdf file:
EDIT: OOPS, only 2 minutes between posts that explained this, should have waited. :)

how does this secure browser works?

-{ Quote: "Can anyone tell me how to "execute" the secure browser feature? Does it exist or is this something down the road? Attached taken from the pdf file:" }-

Its coming soon for users - still "under the hood" :)

Joe, you're just to dagummed FAST!

-{ Quote: "http://info.prevx.com/download.asp?grab=PREVX3OVERVIEW" }-

Thanks for that - must be getting senile or going blind;D

PS: have just seen PrevxHelp's post as well

-{ Quote: "Its coming soon for users - still "under the hood" :)" }-

How long Joe? A week - or more :)

-{ Quote: "How long Joe? A week - or more :)" }-

More still :( We're still adding new functionality so it will take a bit longer :)

Joe,
Now that the cat is out of the bag so to speak perhaps I could ask a few questions:

1) For beta testers will the *new version* arrive unannounced by automatic update or will there be a pre release notification.

2) As this is obviously going to be a somewhat different Prevx 3.0 will there be an in house *help file* for lack of a better description so that we don't make a real hash of things. After all, we don't want to break anything ;D

3) As it appears to be a sandbox based feature will those of us using SandboxIE need to uninstall it before updating Prevx 3.0 or will they exist side by side - or will it be up to us to find out ;D

-{ Quote: "Joe,
Now that the cat is out of the bag so to speak perhaps I could ask a few questions:

1) For beta testers will the *new version* arrive unannounced by automatic update or will there be a pre release notification.

2) As this is obviously going to be a somewhat different Prevx 3.0 will there be an in house *help file* for lack of a better description so that we don't make a real hash of things. After all, we don't want to break anything ;D

3) As it appears to be a sandbox based feature will those of us using SandboxIE need to uninstall it before updating Prevx 3.0 or will they exist side by side - or will it be up to us to find out ;D" }-

1) The new version will be unannounced as an update but I'll announce it here once it comes to beta :) You will be able to switch it on in the configuration options.

2) All of the secure browser functionality is built on top of Prevx 3.0 so the actual outside changes are minimal and everything is used on-demand so you probably won't break too much ;D

3) Currently it is the inverse of a sandbox - preventing anything from touching the browser, but we're in the process of completing SandboxIE-like features which will be compatible with SandboxIE :)

Hi. I usualy use Sandboxie - but it wont work on Windows 7100. Would the new functionality of Prevx duplicate that of sandboxie rinning IE?

-{ Quote: "Hi. I usualy use Sandboxie - but it wont work on Windows 7100. Would the new functionality of Prevx duplicate that of sandboxie rinning IE?" }-

It isn't a complete duplication of Sandboxie but provides some of the same functionality. The core functionality of the secure browser is to prevent keyloggers, screengrabbers, etc. from accessing the browser. We are also adding in drive-by protection and exploit prevention around the browser but it doesn't emulate the system quite like Sandboxie does.

Thanks for the reply Joe. Just have to sit patiently and wait :)

-{ Quote: "It isn't a complete duplication of Sandboxie but provides some of the same functionality. The core functionality of the secure browser is to prevent keyloggers, screengrabbers, etc. from accessing the browser. We are also adding in drive-by protection and exploit prevention around the browser but it doesn't emulate the system quite like Sandboxie does." }-

That sounds kinda like AVG LinkScanner - in other words, really cool. ;D

So, this will operate so that the user can still install new software, but is much more secure? Is it browser-independent like AVG LinkScanner with its core for instance?

Version 3.0.1.65 (64-bit) is working perfectly on the Windows 7 beta.
Great work Prevx!

I have a 5-user due for renewal, but only 4 computers now. Can I downgrade the number of computers at renewal, or do I need to buy a new licence?

Dont know if this issue has been covered....

With Windows 7, the action centre reports that Prevx is on, but reporting in a way no longer supported.

Is this something that can be resolved?

I understand Prevx does not need to update as protection is continually updater in realtime - but would be nice if this reporting issue was sorted out.

-{ Quote: "Dont know if this issue has been covered....

With Windows 7, the action centre reports that Prevx is on, but reporting in a way no longer supported.

Is this something that can be resolved?

I understand Prevx does not need to update as protection is continually updater in realtime - but would be nice if this reporting issue was sorted out." }-

Could you let me know what build of Windows 7 you're using? They must have just changed something as it works fine here ???

-{ Quote: "Could you let me know what build of Windows 7 you're using? They must have just changed something as it works fine here ???" }-
7100 RC (Ultimate)

-{ Quote: "Vista32, Prevx3.0.1.62

I've got a problem with Prevx3 on one of my networked computers. Prevx will not connect to the Internet. I uninstalled, rebooted & reinstalled but Prevx still will not connect - to the extent that I can't install the licence key.

The network is connecting via ISA Firewall through an SBS2003 server, but the problem is unlikely to be ISA, because my computer here is connecting in the same way with the same config.

Has this issue been seen before?" }-

I have now fixed this issue with a little help from Joe.

If anyone else is using Prevx3 through a Microsoft ISA Firewall & can't get it to connect, send me a PM for the ISA firewall rule format.

-{ Quote: "I'll give it a try next time it happens.
Any advice on getting Windows security centre to recognise prevx3? It was fine with edge.
Thanks" }-

So, I had the issue with Prevx not showing up in the sys tray again, and stopping and restarting explorer.exe from the task manager fixed it - very annoying but I guess more of a Vista issue than a Prevx one.

It wouldn't matter to me if the Vista security centre recognised Prevx though - any news on when this will work? It was fine with Prevx Edge.

-{ Quote: "So, I had the issue with Prevx not showing up in the sys tray again, and stopping and restarting explorer.exe from the task manager fixed it - very annoying but I guess more of a Vista issue than a Prevx one.

It wouldn't matter to me if the Vista security centre recognised Prevx though - any news on when this will work? It was fine with Prevx Edge." }-

We've made a change in build .65 of Prevx 3.0 which intentionally makes it not register into the security center. As Prevx 3.0 in the unregistered version is not protecting your computer, it would be inaccurate to have it registered as your AV so we've disabled this when unregistered.

However, if you are registered, I suspect it is Vista being difficult :)

Prevx has started scanning very slowly today. It is now failing to complete scans - gets stuck at 98%!

Anyone else heving problems?

It didn`t get stuck, but 30 minutes for a Deep Scan without SmartScan checked ???

-{ Quote: "It didn`t get stuck, but 30 minutes for a Deep Scan without SmartScan checked ???" }-

30 minutes for a deep scan or a full scan? A deep scan should take around 2 minutes... if its taking that long then something is indeed going a bit wrong ;D

-{ Quote: "Prevx has started scanning very slowly today. It is now failing to complete scans - gets stuck at 98%!

Anyone else heving problems?" }-

I'm not seeing anything wrong, but could you try sending me a scan log via email? I'll see what is causing the slower scan :)

-{ Quote: "30 minutes for a deep scan or a full scan? A deep scan should take around 2 minutes... if its taking that long then something is indeed going a bit wrong ;D" }-

It`s a Deep Scan.

Another strange thing is that in now seems to scsn nearly 60K files on the standard scan - when before, it was about 30K???

i have some problems with the right click it scans 0 files

webster & Retdapuss: I'm optimizing the entries around your scan logs (which indeed are the cause of the slowdowns). Could you both try running another scan now and then send me another scan log?

Regarding the large scan jobs: this is because you're on Windows 7 build 7100 and the OS has a lot of new programs in it which aren't trusted yet. They should all be much improved now so if you try running another scan, you should see your scans start to decrease in size (if not, try uninstalling/reinstalling and that will definitely flip you back to a more normal scan).

-{ Quote: "i have some problems with the right click it scans 0 files" }-

What kind of file are you trying to scan with the right click scanner?

:argh: Trojans exe files

-{ Quote: ":argh: Trojans exe files" }-

Hmm.... hard to say :-\ Could it be possible that Avira (checking your signature ;D) is blocking access to the files when we're trying to scan? If you want, you can send them to me and I'll see if I can reproduce it over here :)

Avira is Off i just send a zip file with 11 trojans

Hi, PrevxHelp,

I sent you a scan log with the Kaspersky false positive.

Hi PrevxHelp,

A Vista SP2 x64 false positive: c:\windows\system32\wscui.cpl (log attached).

To alley and mvdu - both are fixed now :) Thanks!

Thanks Joe, all working perfectly here now.

-{ Quote: "webster & Retdapuss: I'm optimizing the entries around your scan logs (which indeed are the cause of the slowdowns). Could you both try running another scan now and then send me another scan log?

Regarding the large scan jobs: this is because you're on Windows 7 build 7100 and the OS has a lot of new programs in it which aren't trusted yet. They should all be much improved now so if you try running another scan, you should see your scans start to decrease in size (if not, try uninstalling/reinstalling and that will definitely flip you back to a more normal scan)." }-

New log sent. Better this time. Only 6.44 min.

Joe, I have an issue which I cannot resolve.
Every time I compile a new exe with Delphi 2007, and run it, PrevX popup and complains about it. But the 2nd. time I run it, it comes out clear. That happen all the time.
I copy the exe to the desktop, and run it. PrevX popup. I let it remove the file (what not work all the time btw, I click the button remove, but nothing happen, like the button is disabled).
I then copy the same exe again to the desktop, and it runs fine.

-{ Quote: "Joe, I have an issue which I cannot resolve.
Every time I compile a new exe with Delphi 2007, and run it, PrevX popup and complains about it. But the 2nd. time I run it, it comes out clear. That happen all the time.
I copy the exe to the desktop, and run it. PrevX popup. I let it remove the file (what not work all the time btw, I click the button remove, but nothing happen, like the button is disabled).
I then copy the same exe again to the desktop, and it runs fine." }-

You may want to disable heuristics or add an ignore override to the folder. I suspect that the files look suspicious on the first sighting but are trusted after they're analyzed after the first execution.

-{ Quote: "You may want to disable heuristics or add an ignore override to the folder. I suspect that the files look suspicious on the first sighting but are trusted after they're analyzed after the first execution." }-

If I disable heuristics, I lost all the power of prevx. So that is out of question.
And excluding the folder make no sense too, because all my client will have the same issue.

When prevx flag it at the first start, and at the second start not anymore ("but are trusted after they're analyzed after the first execution"), why does it happen again, when I compile the same exe, which is binary identical and start it again? The only thing what changed is the compilation time. When comparing with a hex editor, they are both identical, same CRC.
I don't know why all the delphi executables are always flagged...

-{ Quote: "If I disable heuristics, I lost all the power of prevx. So that is out of question.
And excluding the folder make no sense too, because all my client will have the same issue.

When prevx flag it at the first start, and at the second start not anymore ("but are trusted after they're analyzed after the first execution"), why does it happen again, when I compile the same exe, which is binary identical and start it again? The only thing what changed is the compilation time. When comparing with a hex editor, they are both identical, same CRC.
I don't know why all the delphi executables are always flagged..." }-

From what you've sent me before, your exes are packed with PECompact2. Could you send me some of the test exes so I can see what's flagging them now?

I tried to install Prevx 3.0 and it froze my Windows.
After installing it attempts to perform a learning scan but there is no HDD activity. I can't even shut down or reboot the computer. I can only unplug it.
I have tried it in two other rollback snapshots and the results are the same.

It is working fine for me. Joe should be here soon.

-{ Quote: "I tried to install Prevx 3.0 and it froze my Windows.
After installing it attempts to perform a learning scan but there is no HDD activity. I can't even shut down or reboot the computer. I can only unplug it.
I have tried it in two other rollback snapshots and the results are the same." }-

I'm not sure what would cause this :-\ Do you have any HIPS products installed which could be interfering/showing a warning about direct disk access?

Just to fill an idle moment, an associate and I just tested Prevx, Avira and A2 against some new malware (39 samples) all less than 24 hours old.

I have run loads of tests like this and A2 has usually comes out top, with Avira a very close second. More recently, Prevx has sometimes beaten A2, but today, Prevx has excelled itself and got 36 out of 39! A2 got nearly half of them. a stonking result for Prevx!

I know this is only a small sample, but I run tests quite frequently and it looks like Prevx is getting better and better.

I will do a test of a few thousand zero day naties at some point in the next week or so, which should give a more meaningful result.

To date, I have run these on demand tests under Returnil. In future, I will run them under VMware - but Im assuming this could be problematic with the way the Prevx license works?

Hey Joe,
how can I send you some fp's for you to fix?

its the launcher.exe for the game perfectworld (http://perfectworlduk.co.uk/information.php?info_id=131)

located at Z:\Program Files (x86)\Perfect World UK\launcher\lancher.exe
OS vista home premium 64bit.
Kaspersky had an fp on the same file a few weeks ago and fixed it.

once the fp has been fixed do i simply run a new scan so it doesnt get detected again?

-{ Quote: "Just to fill an idle moment, an associate and I just tested Prevx, Avira and A2 against some new malware (39 samples) all less than 24 hours old.

I have run loads of tests like this and A2 has usually comes out top, with Avira a very close second. More recently, Prevx has sometimes beaten A2, but today, Prevx has excelled itself and got 36 out of 39! A2 got nearly half of them. a stonking result for Prevx!

I know this is only a small sample, but I run tests quite frequently and it looks like Prevx is getting better and better.

I will do a test of a few thousand zero day naties at some point in the next week or so, which should give a more meaningful result.

To date, I have run these on demand tests under Returnil. In future, I will run them under VMware - but Im assuming this could be problematic with the way the Prevx license works?" }-

Outstanding!!!

Doesnt surprise me, but thank you for your testing and candid feedback.

Got a question about license. I know you don't allow one to be shared on multiple PC's and I understand that. But I have just installed win7 in a dual boot and I can't run it on both of them? I only have win7 RC and just testing it out mainly, but it's the same PC. Is there any way I can run it on both since in reality I won't be running either at the same time therefor getting more out of the app then I should be.

PS.. I did look and didn't find an answer, but I do overlook things at times. My apologies if that's the case here.

-{ Quote: "Got a question about license. I know you don't allow one to be shared on multiple PC's and I understand that. But I have just installed win7 in a dual boot and I can't run it on both of them? I only have win7 RC and just testing it out mainly, but it's the same PC. Is there any way I can run it on both since in reality I won't be running either at the same time therefor getting more out of the app then I should be.

PS.. I did look and didn't find an answer, but I do overlook things at times. My apologies if that's the case here." }-

It's per OS hopefully there will be changes in the future! But you can try it and under My Prevx https://my.prevx.com you can make changes to your License by removing and adding but you can only do it so many times and you can contact support and they will be happy to help you out as I did many times! :thumb:

TH

-{ Quote: "Got a question about license. I know you don't allow one to be shared on multiple PC's and I understand that. But I have just installed win7 in a dual boot and I can't run it on both of them? I only have win7 RC and just testing it out mainly, but it's the same PC. Is there any way I can run it on both since in reality I won't be running either at the same time therefor getting more out of the app then I should be.

PS.. I did look and didn't find an answer, but I do overlook things at times. My apologies if that's the case here." }-

In the meantime until we change the system, we are willing to make exceptions - feel free to PM me your license key and I should be able to get it working on both partitions :)

Would be great if prevx would run on a per-pc basis, not per-os basis.
I too have that issue. My main OS is Vista, but run XP and 2000 under VirtualPC to test my software products, and have there of course no Prevx, because it wont install, even its the same PC.

-{ Quote: "Would be great if prevx would run on a per-pc basis, not per-os basis.
I too have that issue. My main OS is Vista, but run XP and 2000 under VirtualPC to test my software products, and have there of course no Prevx, because it wont install, even its the same PC." }-

You can still install and run it unlicensed - it functions precisely the same in the evaluation version as it does in the registered version, it just won't block an infection which it finds.

We're working on identifying computers by hardware but there are many caveats to this approach as well so either way is a tradeoff (and there are relatively very few users who actually use multi-OS installations).

-{ Quote: "In the meantime until we change the system, we are willing to make exceptions - feel free to PM me your license key and I should be able to get it working on both partitions :)" }-

PM Sent and thank you very much for your help. I do understand that most user will not have an issue with this. I was just caught off guard by this small problem. You really do go out of your way to help your users..that I won't forget.

-{ Quote: "You can still install and run it unlicensed - it functions precisely the same in the evaluation version as it does in the registered version, it just won't block an infection which it finds.

We're working on identifying computers by hardware but there are many caveats to this approach as well so either way is a tradeoff (and there are relatively very few users who actually use multi-OS installations)." }-

...as you wrote, "it just won't block an infection", so it make no sense to me to install the unregistered version.
I hope there will be a solution before I ditch nod32 this coming June. I will run by then just prevx and defensewall, and an unprotected OS in the virtual pc means a lot of reinstalling the OS because of infections, I guess.
It really looks like I have to purchase for each OS (on the same PC) a new license...

I use Comodo with Defence+. I allowed/remembered on the first try.
Round 2 Disabled Defence+ completely. Same result. Frozen when it tries to scan. No HDD activity period. Windows locked up tighter than a ducks...
I also use Rollback software.

Hi,
I believe an FP...have no reason to believe it's real infection:
[B] (ACTIVE) c:\program files\common files\tortoiseoverlays\tortoiseoverlays.dll [PX5: 64A785CF0003541A3A620100C08A490035A4B5A2] Malware Group: High Risk Worm

tortoiseoverlays.dll must be part of the tortoisesvn ( http://tortoisesvn.tigris.org/ )

-{ Quote: "Hi,
I believe an FP...have no reason to believe it's real infection:
[B] (ACTIVE) c:\program files\common files\tortoiseoverlays\tortoiseoverlays.dll [PX5: 64A785CF0003541A3A620100C08A490035A4B5A2] Malware Group: High Risk Worm

tortoiseoverlays.dll must be part of the tortoisesvn ( http://tortoisesvn.tigris.org/ )" }-

Indeed it is. I've fixed it now... bit surprised this was caught as this should have been trapped and ignored automatically, I suspect we have a bug somewhere and I'll bring this up with the head of the research team shortly.

Thanks for the report :) Let me know if you see anything else similar to this!

were you able to reproduce my problem :)

I added another year to my License and it took 15 minutes to show up on my License!

Very easy transaction! Just wanted to share my experience.

TH :thumb:

Trying to do a scan right now but I am unable to connect to the database. Anyone else noticing this problem???...::) :o :blink:

-{ Quote: "Trying to do a scan right now but I am unable to connect to the database. Anyone else noticing this problem???...::) :o :blink:" }-
I just did a scan and had no problems. You might try again. :doubt:

-{ Quote: "Trying to do a scan right now but I am unable to connect to the database. Anyone else noticing this problem???...::) :o :blink:" }-

Everything seems fine from what I can see (and my scans work fine here). Did you by any chance have a recent firewall/AV update? Kaspersky produced a FP against us yesterday which should be fixed now (not sure if you're using Kaspersky but its worth a guess if they're blocking us silently :))

-{ Quote: "were you able to reproduce my problem :)" }-

I'm trying now ;D Sorry for the delay - its been an extremely busy week at Prevx this week ;D

Joe: haven't cleaned these up yet but do you think this is FP or threats? One of 'em is Microsoft, please advise.

After receiving an email saying I had been infected from Prevx, went ahead and cleaned 'em up. System is secure. :isay:

That does indeed look malicious - if you have a doubt, feel free to send me an email :)

Is it normal for the r/click menu to NOT scan an .exe file? Will scan others, but not any exe, just wants to run it.

-{ Quote: "Is it normal for the r/click menu to NOT scan an .exe file? Will scan others, but not any exe, just wants to run it." }-

When the .exe/installer opens if you then click on run Prevx will then scan it and the .exe you clicked will close. Took me a little while to find that out but thats how it works on my machine.

Thank you for the tip!

When I scan my PC, and prevx find something (FP or not, does not matter), and I click to remove it, it will delete file files, and then it force me to reboot. WHY? Why is there no button to Cancel and not to reboot? The only button is OK, and when clicked, it just reboot Windows...
If the files are removed, and I decide that this was enough action to do, WHY can't I stop it from rebooting the PC?

Next is, when I scan the PC, which take about 2 minutes, it then hangs at 98% "Analyzing Scan Result" for about 5 minutes... why does that take so long?
My internet connection is 12mbps, so thats not an issue...

A log is also lacking, something where all the detected malware is listed, something like NOD32 has. I have no way to figure out anymore what it found a while ago...

-{ Quote: "When I scan my PC, and prevx find something (FP or not, does not matter), and I click to remove it, it will delete file files, and then it force me to reboot. WHY? Why is there no button to Cancel and not to reboot? The only button is OK, and when clicked, it just reboot Windows...
If the files are removed, and I decide that this was enough action to do, WHY can't I stop it from rebooting the PC?

Next is, when I scan the PC, which take about 2 minutes, it then hangs at 98% "Analyzing Scan Result" for about 5 minutes... why does that take so long?
My internet connection is 12mbps, so thats not an issue..." }-

In many cases, cleanup runs a reboot to ensure that all infection traces are removed from memory. Trying to remove malware when active without rebooting introduces risks to system stability so rather than introduce the potential for the system to crash when the user is doing something important, we force the reboot directly after cleanup.

Also, regarding the Analyzing Scan Results - can you email me a scan log? I'll see what could be going wrong with the last few percent :)

-{ Quote: "In many cases, cleanup runs a reboot to ensure that all infection traces are removed from memory. Trying to remove malware when active without rebooting introduces risks to system stability so rather than introduce the potential for the system to crash when the user is doing something important, we force the reboot directly after cleanup.

Also, regarding the Analyzing Scan Results - can you email me a scan log? I'll see what could be going wrong with the last few percent :)" }-

But it scanned a file (.bpl) which can not and was not running in memory. It was a file just on a data disk. There was no need to reboot.
Anyway, you should let the user decide on that dialog box, to reboot or not.

And, it still find the .aal file as High Risk Fraudulent Security Program...

About the "Analyzing Scan Result", its communicating with your server, so it looks, and that takes just too long.
It took far longer than on the screen shot. All in all about 14 minutes. this time about almost 4 for scanning, and the other 8 for "Analyzing...".
Monitoring the connections, I see that it is communicating with the server for a long time.

If you could send me a scan log, I can see why it is detecting the file and why the scan is taking too long :)

The user is prompted to save their work and the file wouldn't have been scanned unless it was referenced somewhere or loaded so I suspect it was indeed in memory at some point.

-{ Quote: "If you could send me a scan log, I can see why it is detecting the file and why the scan is taking too long :)

The user is prompted to save their work and the file wouldn't have been scanned unless it was referenced somewhere or loaded so I suspect it was indeed in memory at some point." }-

I am doing new scans and will email/pm the log later on.

Why does it scan 33000 files, then a moment ago just 19000 files, now I scan again, and it scanned already 50000 files at 27%... does it not always the same files? Its a little confusing...

With my usual penchant for trying to break things I disabled my internet connection and invoked PX3's "Check for updates" which returned the typical modal dialogue as displayed in attached.
By comparison an observant reader will also see that invoking the equivalent in Prevx 2 returns an (expected) error.......

Clearly in this scenario Prevx 2 is attempting to immediately "phone home" and understandably failing, whereas Prevx3 is presumably checking with a local database flag (which also presumably is "less" regularly checked/updated updated along with normal server polling/connectivity when Prevx is running and does have an actual Internet connection?).

Now debatably this apparent methodology is somewhat misleading or at least amibiguous? After all the actual popup does imply that PX3 is "constantly kept uptodate" although the pedants amongst us may argue that the dialog explicitly refers to "detection" and not necessarily the client "agent" software per se?

I can understand the paradigm to both avoid frequent connectivity "traffic" between client and server and to minimise the "noise" of informatory dialogs. Agreed that the latter may confuse some users or promote additional support calls but if you manually invoke a "check for updates" then IMHO it should do just that by "explicitly" (and immediately) attempting to contact the server and reporting (unlike the PX2 example shown) a more user friendly warning that the "Internet Connection is absent"?

It's entirely possible I may have missed a similar previous conversation on this very subject so naturally please consider my apologies already proffered....
208779

Hello horseman,
When you click Check for Updates, Prevx 3.0 does connect to the database but if there is not internet connection, it doesn't receive any update so it says none are available (as it doesn't know any better at that point). We've decided to not warn the user if they are offline and just checking for updates because updates come out infrequently so the chance of them checking when they are offline when there is actually an update is rare, and we very rarely (so far - never) have updates which are mandatory at the time they are released.

-{ Quote: "I am doing new scans and will email/pm the log later on.

Why does it scan 33000 files, then a moment ago just 19000 files, now I scan again, and it scanned already 50000 files at 27%... does it not always the same files? Its a little confusing..." }-

The scan job is dynamic and fluid - it changes with the programs you have loaded/files loaded and it depends on if you have untrusted programs on your computer. We try and scan as much as possible without scanning too much and while still keeping the scan as fast as possible.

I think there is an issue with Comodo Internet Security. With a backup in place, I tested a piece of malware with Prevx and CIS installed. It seems CIS won't let Prevx do its job sometimes. Prevx will popup an alert, but so will Defense+, and Defense+ seems to have control and the malware will execute anyway if you click allow in Defense+.

-{ Quote: "I think there is an issue with Comodo Internet Security. With a backup in place, I tested a piece of malware with Prevx and CIS installed. It seems CIS won't let Prevx do its job sometimes. Prevx will popup an alert, but so will Defense+, and Defense+ seems to have control and the malware will execute anyway if you click allow in Defense+." }-

I suspect that CIS is actually re-executing the malware rather than letting other programs decide on it.

However, at that point I suspect the user would really want to use the program so it isn't an actual problem but we'll look into it to see if there is anything we can do to avoid it :)

-{ Quote: "I suspect that CIS is actually re-executing the malware rather than letting other programs decide on it.

However, at that point I suspect the user would really want to use the program so it isn't an actual problem but we'll look into it to see if there is anything we can do to avoid it :)" }-

Thanks! Because I think it could be a potential security hole for a novice user.

-{ Quote: "Hello horseman,
...... We've decided to not warn the user if they are offline ...." }-

Thanks for the prompt clarification, and whether that's a "Broken As Designed" decision or not is (as you infer) fairly insignificant in the given context.

This may be a bit of overkill but does anyone think Mamutu, Prevx Edge and Online Armor (paid) would be a good combo? I'm mainly wondering about OA's HIPS vs. Mamutu and it's behavior blocking...:o ;D

-{ Quote: "This may be a bit of overkill but does anyone think Mamutu, Prevx Edge and Online Armor (paid) would be a good combo? I'm mainly wondering about OA's HIPS vs. Mamutu and it's behavior blocking...:o ;D" }-

Running OA full, Prevx 3.0 and a-squared Anti-Malware (=Mamutu + more) without problems here.

Prevx Scan Log - Version v3.0.1.65
Log Generated: 11/5/2009 12:26, Type: 1,8192
Windows XP Home Service Pack 3 (Build 2600) 32bit|1043
Some non-malicious files are not included in this log.
Heuristics Settings: Age: 1, Pop: 1, Heu: 2 (Dir: 1)
Last Scan: Mon 2009-05-11 10:07:59 Romance (zomertijd). Number of Scans: 76. Last Scan Duration: 1 minute 51 seconds.
[BN] c:\program files\winrar\default.sfx [PX5: B69AA93B001722E5607501EE5F1FB2007D5933B9] Malware Group: High Risk Cloaked Malware
can you fix it, thanks.

Done :) Thanks!

This is strange ???. If i uninstall and reinstall, scan time improves to under two minutes. Over time it increases to about 8 minutes. Memory leak or something?

I use Avira Premium and Online Armor paid.

-{ Quote: "This is strange ???. If i uninstall and reinstall, scan time improves to under two minutes. Over time it increases to about 8 minutes. Memory leak or something?

I use Avira Premium and Online Armor paid." }-

The scan job is very dynamic and over time it chooses additional files to scan. If the scan has ever returned "infected" it will increase the number of files it scans as well, so that could be why the scan would be taking longer (as now it wouldn't have known you were "infected" before).

Uninstalling/reinstalling doesn't degrade protection at all, however, so if that helps your scan time, its worth a try :)

Thanks Joe 8) :thumb:

Just to make clear: is medium the recommended heuristics setting?

-{ Quote: "Just to make clear: is medium the recommended heuristics setting?" }-

Yes, that is the default value - you can set it higher but it increases the risk for false positives. Medium is our best balance between security/unnecessary prompting :)

I can't even get to that screen. Ducks but and all.

-{ Quote: "I can't even get to that screen. Ducks but and all." }-

We've had no other users at all come in with complaints like this ??? I'm guessing there is something different with your system which is causing it, but could you try uninstalling any other security software to see if that fixes it?

Great PCMag review:

http://www.pcmag.com/article2/0,2817,2346861,00.asp

-{ Quote: "Great PCMag review:

http://www.pcmag.com/article2/0,2817,2346861,00.asp" }-
Curious remarks regarding the "Cons" in that article: The comment about leaving behind file and registry traces after cleanup. Is that an issue that ongoing development will be addressing....or is it even a fair comment at all...?...???

-{ Quote: "Curious remarks regarding the "Cons" in that article: The comment about leaving behind file and registry traces after cleanup. Is that an issue that ongoing development will be addressing....or is it even a fair comment at all...?...???" }-

We are working on this, however, the problem they are referring to is leaving behind traces like a link to a website on the desktop or a malware configuration file in a program folder or an empty/inactive registry entry.

The entries/files which we leave behind aren't threats but if we want to make the system 100% like it was before the infection, we need to include some extra information for removal - we will be adding this soon :) (However, after cleanup, you will definitely be clean from the real threats)

Hi,
could you please check this? Only Prevx detects it as malware. Thank you.

[BMP] (ACTIVE) c:\windows\installer\{4761eb82-e8bd-45a4-b19b-586fa9d1d7e6}\iconef5c48883.exe [PX5: 394D0F21006069103A18193B3C2E070088FA63E6] Malware Group: Medium Risk Malware

Fixed :)

-{ Quote: "Great PCMag review:

http://www.pcmag.com/article2/0,2817,2346861,00.asp" }-


This is great. I really think that between this and the review at Malware.com, it shows that Prevx is not only a contender, but may prove to be one of the best out there.

Really good Joe.:thumb:

I purchased a license for Prevx 3.0 because of this thread. I really do like it. It is light, easy to use and from what I can tell pretty effective. Found only one thing on two computers. Here is the problem. I use Vipre as my AV, which I also really like, but Prevx and Vipre do not play well together. I sent logs for both my laptop and desktop to support for analyzing because Vipre was getting stuck during quick scans at the rootkit portion. It was taking 30+ minutes for something that should take maybe 2-3 minutes. I needed to turn off the rootkit scans in Vipre to get the times down again. The first response told me that Prevx was tweaked and scan times should be better on my desktop. The second response I was told that Prevx had contacted Sunbelt and that the programs will not play well together and the fix is not simple. I have since uninstalled on both machines. Is Sunbelt and Prevx working to resolve this? Is it overkill to want Vipre to run rootkit scans along with Prevx doing its job also? Maybe I am expecting too much. I really do like both products. Any thoughts, Joe?

The PCMag.com review is great.

Joe, you should ask the Web Designer to link this PCMag article to your front page. It's current, well written, and would interest many potential users. :thumb:

-{ Quote: "The PCMag.com review is great.

Joe, you should ask the Web Designer to link this PCMag article to your front page. It's current, well written, and would interest many potential users. :thumb:" }-
Unfortunately we can't yet - awaiting approval from PCMag (they have lots of terms and conditions) ;)

All cool. I'm assuming they would want say their logo on your page.

Considering how popular they are, hope your CEO approves it on his end.

Great screen-shots, full description of how it works, comparisons to other products, and receiving the editor's choice for antispyware, what more could you want for a first review (of the new version). :thumb:

-{ Quote: "I purchased a license for Prevx 3.0 because of this thread. I really do like it. It is light, easy to use and from what I can tell pretty effective. Found only one thing on two computers. Here is the problem. I use Vipre as my AV, which I also really like, but Prevx and Vipre do not play well together. I sent logs for both my laptop and desktop to support for analyzing because Vipre was getting stuck during quick scans at the rootkit portion. It was taking 30+ minutes for something that should take maybe 2-3 minutes. I needed to turn off the rootkit scans in Vipre to get the times down again. The first response told me that Prevx was tweaked and scan times should be better on my desktop. The second response I was told that Prevx had contacted Sunbelt and that the programs will not play well together and the fix is not simple. I have since uninstalled on both machines. Is Sunbelt and Prevx working to resolve this? Is it overkill to want Vipre to run rootkit scans along with Prevx doing its job also? Maybe I am expecting too much. I really do like both products. Any thoughts, Joe?" }-

We have talked to Sunbelt about this issue but they have said that Vipre is incompatible with any other AV because of how they work. We are working on a new behavioral monitoring engine which will hopefully get around the difficulties with Vipre, but this is still a few weeks away. In the meantime you may want to disable the Vipre rootkit scanning as Prevx 3.0 will protect you from rootkits (and detect them on demand).

Let me know if you have any other questions :)

Joe, I really appreciate the quick response. It goes a long way in the faith of the customer and your product.

Joe, do you know why that Norton crack (which contained malware...) that I tested against Prevx went undetected already from start? I'm thinking of re-evaluate Prevx, but I need to know why that happened as TF would detect every single step, Prevx not doing a thing. ???

EDIT: Oh right... I forgot the time it takes when it sends data of a new file or the like. :P:gack:

-{ Quote: "Joe, do you know why that Norton crack (which contained malware...) that I tested against Prevx went undetected already from start? I'm thinking of re-evaluate Prevx, but I need to know why that happened as TF would detect every single step, Prevx not doing a thing. ???" }-

Its hard to say but you were the first user to ever see that file (it had never infected anyone else) so chances are we just required more data about it.

We aren't 100%, neither is TF nor anyone else, so things can get through. However, for proof that we actually do detect things, you can read the recent PC Magazine review :) http://www.pcmag.com/article2/0,2817,2346861,00.asp

-{ Quote: "Its hard to say but you were the first user to ever see that file (it had never infected anyone else) so chances are we just required more data about it.

We aren't 100%, neither is TF nor anyone else, so things can get through. However, for proof that we actually do detect things, you can read the recent PC Magazine review :) http://www.pcmag.com/article2/0,2817,2346861,00.asp" }-

Okay, thanks - and also the edit from my last post: "I forgot the time it takes when it sends data of a new file or the like." ;) :)

If I can quantify my affliction then we would be able to determine whether I am alone.

So far I have seen improvement in the the aloneness.

Using RKU with report scan gets a trojware.win32.agent alert from Comodo AV.

Would you be interested in the RKU report?

I'm sure you are interested in what may be blocking Prevx 3.0.

-{ Quote: "If I can quantify my affliction then we would be able to determine whether I am alone.

So far I have seen improvement in the the aloneness.

Using RKU with report scan gets a trojware.win32.agent alert from Comodo AV.

Would you be interested in the RKU report?

I'm sure you are interested in what may be blocking Prevx 3.0." }-

Definitely :) Send me the report by PM or email :)

-{ Quote: "Its hard to say but you were the first user to ever see that file (it had never infected anyone else) so chances are we just required more data about it.

We aren't 100%, neither is TF nor anyone else, so things can get through. However, for proof that we actually do detect things, you can read the recent PC Magazine review :) http://www.pcmag.com/article2/0,2817,2346861,00.asp" }-

So, if you required more data about it, it means it would still get through?

Also, what about the long time that it takes when things are sent to the db, that's, several EXTRA seconds, for example when just starting a program, and not just the time it takes to start that particular program? If there are several new files, or just missing data, it obviously takes even longer.

-{ Quote: "So, if you required more data about it, it means it would still get through?

Also, what about the long time that it takes when things are sent to the db, that's, several EXTRA seconds, for example when just starting a program, and not just the time it takes to start that particular program? If there are several new files, or just missing data, it obviously takes even longer." }-

Sending data to the database only takes a fraction of a second on top of the execution of the program (of course it is dependent on your internet connection as well, but the round-trip is quite fast).

It is possible that if we don't know enough about a program that we would let it through, but we catch thousands of infections on the first-sighting every day.

Hi:-)

Are there any downsides to running Prevx alongside KIS 2009. I am curious as to how Prevx runs along with the behavioral analysis component of KIS 2009.

-{ Quote: "Hi:-)

Are there any downsides to running Prevx alongside KIS 2009. I am curious as to how Prevx runs along with the behavioral analysis component of KIS 2009." }-
Hi Hawki

I have been running Prevx 3.0 from the early beta days alongside KIS 2009 and as I say in my signature line...they go together/complement each other perfectly...if Prevx don't get it then KIS will and vice versa.

A rock solid and resource light security setup IMHO opinion that does the business for me. Give it a try! ;D

-{ Quote: "Hi Hawki

I have been running Prevx 3.0 from the early beta days alongside KIS 2009 and as I say in my signature line...they go together/complement each other perfectly...if Prevx don't get it then KIS will and vice versa.

A rock solid and resource light security setup IMHO opinion that does the business for me. Give it a try! ;D" }-

kk

Thanks for the info :-)

I dont know if this applies to all versions of Windows, but, with Vista and 7, when you first come to tranfer a file via Windows Live Messenger, you are propmted to select an AV to scan the file. I selected the Prevx exe, but I get the message that the file was not scanned from Windows at the end of transfer.

Do I need to set command line switches or something?

-{ Quote: "I dont know if this applies to all versions of Windows, but, with Vista and 7, when you first come to tranfer a file via Windows Live Messenger, you are propmted to select an AV to scan the file. I selected the Prevx exe, but I get the message that the file was not scanned from Windows at the end of transfer.

Do I need to set command line switches or something?" }-

We currently don't support the method which MSN uses but we're going to add this support soon :)

I still have issues with my delphi/moleboxed programs.
Whenever I compile and molebox a new exe, it gets triggered once. So I cannot test it. But when starting it for the 2nd. time, it runs without issue. This is driving me nuts.

-{ Quote: "I still have issues with my delphi/moleboxed programs.
Whenever I compile and molebox a new exe, it gets triggered once. So I cannot test it. But when starting it for the 2nd. time, it runs without issue. This is driving me nuts." }-

If you're just looking to test the exes, just ignore the folder (Settings > Detection Overrides). I doubt there is anything we can do about the heuristics on molebox'd/PECompact2'd exes unless you sign the exe or not use the packers.

I am now a paying customer to Prevx with my first family license. Taking the whole family out to Burger King to celebrate.:dry:

-{ Quote: "I am now a paying customer to Prevx with my first family license. Taking the whole family out to Burger King to celebrate.:dry:" }-

Welcome to "The Borg Collective" - think about it - thats how it works!

-{ Quote: "I am now a paying customer to Prevx with my first family license. Taking the whole family out to Burger King to celebrate.:dry:" }-
Its a Whopper, and getting bigger with every build! ;)

OK, I'll say it, a la Hugh, giving the 3rd variation, in the 1992 STNG epsiode "I, Borg":

"...You will be assimilated. Resistance is futile.":P

-{ Quote: "OK, I'll say it, a la Hugh, giving the 3rd variation, in the 1992 STNG epsiode "I, Borg":

"...You will be assimilated. Resistance is futile.":P" }-

its the fact they are all linked. If one Borg is attacked in a particular way, it is communicated to them all and they adapt and thereafter, all Borg are immune to that attack.

(so long as they have an internet connection.....):D

Ahem.... on a more serious note, I would like to know, how many Prevx users are there worldwide (rough number) - just interested to know how big the network is so to speak.

Cheers,

Puss

-{ Quote: "Ahem.... on a more serious note, I would like to know, how many Prevx users are there worldwide (rough number) - just interested to know how big the network is so to speak." }-

Last I heard (which was from a few months ago) we had around 5 million users and we're growing faster now than ever :)

-{ Quote: "If you're just looking to test the exes, just ignore the folder (Settings > Detection Overrides). I doubt there is anything we can do about the heuristics on molebox'd/PECompact2'd exes unless you sign the exe or not use the packers." }-

I am currently in contact with comodo for a code signing certificate, but its not easy to get one with all their requirements...

But beside that, I just don't understand why prevx flag it only at the first start, and after not anymore? Its like it think its bad, flag it, and after that check it only...

-{ Quote: "Ahem.... on a more serious note, I would like to know, how many Prevx users are there worldwide (rough number) - just interested to know how big the network is so to speak.

Cheers,

Puss" }-

Ok, I'll start...1 ;D

-{ Quote: "I am currently in contact with comodo for a code signing certificate, but its not easy to get one with all their requirements...

But beside that, I just don't understand why prevx flag it only at the first start, and after not anymore? Its like it think its bad, flag it, and after that check it only..." }-

The first warning comes before any data is seen about the program (all the information that we have is only related to the physical file) so it appears suspicious because of the obfuscation you are using. After having been run, more data would have been collected which can help classify it further.

-{ Quote: "The first warning comes before any data is seen about the program (all the information that we have is only related to the physical file) so it appears suspicious because of the obfuscation you are using. After having been run, more data would have been collected which can help classify it further." }-

Ok, that sound plausible, but what can I do about it? The same will happen on my clients pc's, and they will punish me because of that...

I HAVE to use molebox to bundle a dll and other files which should not be on the harddisk, so the user has no access to it.

Pecompact2 is used to reduce the size of the executable.

Both molebox and pecompact2 (beside UPX) are legitimate software, and nothing is wrong with them. Even NOD32 did not flag it, but prevx all the time.

VT shows me 5/40:
CAT-QuickHeal V10 - (Suspicious) - DNAScan
eSafe V7.0.17.0 - SuspiciousR-Mytob3
McAfee-GW-Edition V6.7.6 - Win32.Malware.gen (suspicious)
Sunbelt V3.2.1858.2 - BehavesLike.Win32.Malware (v)
TheHacker V6.3.4.1.325 - W32/Behav-Heuristic-065

But prevx 3.0 at VT does not flag it! How is this possible?
None of the "big" AV flag it here too, JUST prevx 3.0.

And before I forget it, its flagging AGAIN empty Delphi 2007 projects! Did we not had that before? Hm...

I suspect the warning will only be shown on the first sighting of the file by the first user (you) so just running your software should let it get past the warning for other users. If not, you will need to sign your software - that is the only way for AV vendors to trust the identity of the code and is the standard way for vendors to get around FPs.

-{ Quote: "Sending data to the database only takes a fraction of a second on top of the execution of the program (of course it is dependent on your internet connection as well, but the round-trip is quite fast).

It is possible that if we don't know enough about a program that we would let it through, but we catch thousands of infections on the first-sighting every day." }-

I hear ya, but gotta be more the process than my connection atleast. It's paid for and running effective at 8Mbit. ;)

Any improvement on the processing in any of the newer builds/versions?

I hope I'll see a positive result if testing a crack for a massive company's product again. :)

Out of curiousity... why is the name of the download "PREVXCSIFREE" when the only software now is Prevx 3.0? Mistype or just forgotten? :)

I'm getting multiple Prevx crashes lately. At first I thought it was Outpost, but it does it with Comodo, too. Just says CSI service has stopped working. Is there anything I can do to fix this? Seems to happen most before the computer goes to screen saver. Everything was fine before yesterday.

Have you tried an uninstall/reinstall? I have found that installations of later versions of other security software occasionally cause Prevx problems, although Prevx hasn't updated lately. Prevx seems to adapt well to other software, but maybe not as well to stuff it has never seen? But Comodo just had a big recent update that you probably installed about yesterday?

-{ Quote: "Have you tried an uninstall/reinstall? I have found that installations of later versions of other security software occasionally cause Prevx problems, although Prevx hasn't updated lately. Prevx seems to adapt well to other software, but maybe not as well to stuff it has never seen? But Comodo just had a big recent update that you probably installed about yesterday?" }-

I have taken Comodo off for good until further notice, due to a thread in this forum. I'll try re-installing Prevx - could work.

Taking Comodo off successfully is yet another story. :) Did you try http://forums.comodo.com/empty-t36499.0.html ?

-{ Quote: "Taking Comodo off successfully is yet another story. :) Did you try http://forums.comodo.com/empty-t36499.0.html ?" }-

I knew about that and used it. Thanks anyway!

I suspect uninstalling/reinstalling will fix it, but if the problems persist, let me know :) Also, its worth mentioning that McAfee's May 12th update has caused some major problems with Prevx + McAfee compatibility. We're working on resolving it but this update causes many systems to drag to a halt :-\

Back to giving Prevx 3 another shot.
Damn good protection.
Hope all runs smooth as it did before my one bad experiance.

Thinking of you Joe :P

http://www.flickr.com/photos/38520089@N07/3542413068/sizes/o/

Image is entirely too large to attach. ::)

Hi Joe,

I really do think that Prevx should be adding more of the ROGUE security software to there database it is out of control I have sent a couple to you and they never seem to get added.

TH

Can you send me the links again of whatever we're missing? I forwarded them onto the research team before but the infections may have changed :-\

-{ Quote: "Hi Joe,

I really do think that Prevx should be adding more of the ROGUE security software to there database it is out of control I have sent a couple to you and they never seem to get added.

TH" }-

The latest rogues are easy to find - there are websites listing the domains of malware / rogues - reguarly updated.

Hey Joe,
is it possible to add Sophos to the list under Threats missed by other security vendors?

seems strange to miss out a well known anti virus company in the same country.

-{ Quote: "Hey Joe,
is it possible to add Sophos to the list under Threats missed by other security vendors?

seems strange to miss out a well known anti virus company in the same country." }-

The chart is dynamic in the AVs which it shows. We hold the data for other AV companies as well, but we only show the data from the most popular ones and I suspect there just aren't enough Sophos users using Prevx products to meet the threshold of being shown on the page :-\ If we included the less popular products, the results would become too statistically insignificant and could end up obscuring the meaning behind the charts.

PrevxHelp,

You should also report the number of users, of each AV, that where infected...

Just looking for the graphics like it is now doesn't say anything until we know that number...

-{ Quote: "PrevxHelp,

You should also report the number of users, of each AV, that where infected...

Just looking for the graphics like it is now doesn't say anything until we know that number..." }-

We give the raw number of infections found by each AV and don't interpret any of the data further to prevent misinterpretation of the results. The graphs are not meant to say that X av is better than Y av, rather, the purpose is to show that every AV has flaws, even if they claim that their products provide "complete security" or "total protection".

-{ Quote: "We give the raw number of infections found by each AV and don't interpret any of the data further to prevent misinterpretation of the results. The graphs are not meant to say that X av is better than Y av, rather, the purpose is to show that every AV has flaws, even if they claim that their products provide "complete security" or "total protection"." }-
I don't say you have intentions about that, but I've no doubt that the major number of users will think that it's AV is better or horse than another after looking at these graphics...

If you add that number you will help these users and avoid that kind of comparatives...

And everyone will be well informed... ;)

-{ Quote: "I don't say you have intentions about that, but I've no doubt that the major number of users will think that it's AV is better or horse than another after looking at these graphics...

If you add that number you will help these users and avoid that kind of comparatives...

And everyone will be well informed... ;)" }-

I agree, include the total number of clients or what percentage of those clients had the "infection". Also, does this include false positives (since this is the only detections I've been getting since installing Prevx (paid version). It identifies many of the Nirsoft software as malware).

-{ Quote: "I agree, include the total number of clients or what percentage of those clients had the "infection". Also, does this include false positives (since this is the only detections I've been getting since installing Prevx (paid version). It identifies many of the Nirsoft software as malware)." }-

We detect the Nirsoft software as malicious because they are used primarily by malware, but if you have a specific program from them which we're finding that you think we shouldn't be, send a log to the address I've PM'd you and I'll see if we can get the detection removed.

Overall, FPs (and "possibly unwanted software" like ServU or the NirSoft utilities which are frequently used by malware) account for far less than 1% of the detections so feel free to add a margin of error when interpreting the data :)

-{ Quote: "We detect the Nirsoft software as malicious because they are used primarily by malware, but if you have a specific program from them which we're finding that you think we shouldn't be, send a log to the address I've PM'd you and I'll see if we can get the detection removed.

Overall, FPs (and "possibly unwanted software" like ServU or the NirSoft utilities which are frequently used by malware) account for far less than 1% of the detections so feel free to add a margin of error when interpreting the data :)" }-

I'm impressed at the speed of the response. I sent you the log file and I understand that some of the nirsoft programs can be used for nefarious purposes (of course, so can javascript, active-x, sniffers, etc.).

what information do you collect from client machines?
such as windows version, antivirus program etc
does it include the antivirus version number for example kaspersky 2009?
if so surely you could find out how many of the missed infections from KL where from users using kav6?
where as maybe kav2009 would of detected it?

-{ Quote: "I'm impressed at the speed of the response. I sent you the log file and I understand that some of the nirsoft programs can be used for nefarious purposes (of course, so can javascript, active-x, sniffers, etc.)." }-

Yes, very true. We've reassessed the Nirsoft programs and are going to be reclassifying them as Good. In the end, anything in an operating system can be used maliciously and Nirsoft's aren't all THAT bad, comparatively speaking :)

-{ Quote: "what information do you collect from client machines?
such as windows version, antivirus program etc
does it include the antivirus version number for example kaspersky 2009?
if so surely you could find out how many of the missed infections from KL where from users using kav6?
where as maybe kav2009 would of detected it?" }-

We do collect the exact antivirus version number but I don't have a view of those results. Regardless, however, if a user is using an antivirus product, they think they are being protected by it. A vast majority of users don't go around on a daily basis through forums looking for new versions of AV software :)

-{ Quote: "I've no doubt that the major number of users will think that it's AV is better or worse than another after looking at these graphics" }-
Rdsu, I agree. This theme has been explored in some depth in this thread (http://www.wilderssecurity.com/showthread.php?t=239580&highlight=applaud). Unfortunately, Prevx appears not to be interested in clarifying these statistics to minimize the possibility of misinterpretation.

-{ Quote: "what information do you collect from client machines?
such as windows version, antivirus program etc
does it include the antivirus version number for example kaspersky 2009?
if so surely you could find out how many of the missed infections from KL where from users using kav6?
where as maybe kav2009 would of detected it?" }-
It would be valuable, additionally, if Prevx subdivided the "missed threats" statistics for a security vendor by the product. For example, I suspect that number of threats missed is less for security suites (e.g., Kaspersky Internet Security) than for a component solution (e.g., Kaspersky Anti-Virus). Lumping all products from a single vendor together isn’t necessarily helpful to the consumer, since the consumer doesn’t have a “vendor” installed on a PC – she or he has a vendor’s product installed.

-{ Quote: "Rdsu, I agree. This theme has been explored in some depth in this thread (http://www.wilderssecurity.com/showthread.php?t=239580&highlight=applaud). Unfortunately, Prevx appears not to be interested in clarifying these statistics to minimize the possibility of misinterpretation." }-
This is also unfair for other AV Companies, and I don't know if they can display this...

-{ Quote: "This is also unfair for other AV Companies, and I don't know if they can display this..." }-

"The Security Vendor chart displayed above shows, in simple terms, a total count of malicious programs found yesterday by Prevx products on PCs protected by security products supplied by each of the vendors shown.

You should expect to see a higher number against the more popular security vendors because we see more of these users and consequently a higher number of malware infections.

More Information

If you click on any one of the bars in the chart, you can see exactly what infections have been found on PCs protected by security products supplied by that vendor."

http://www.prevx.com/
...........................
The chart below shows a summary of malware detected by Prevx 3.0 yesterday on PCs protected by security products from Avira
Unclassified Malware
1388 threats missed
Cloaked Malware
869 threats missed
Worm
854 threats missed
Malicious Software
772 threats missed
Fraudulent Security Program
327 threats missed
Adware
461 threats missed
System Back Door
97 threats missed
Malware Dropper
85 threats missed
Malware Downloader
97 threats missed
Rootkit
50 threats missed
Information Stealer
32 threats missed
Spyware
14 threats missed
Password Stealer
35 threats missed
Banking Info Stealer
7 threats missed
Targeted Information Stealer
2 threats missed
Internet Chat Worm
4 threats missed
Internet Chat Cloaked Malware
2 threats missed
Test Virus
- 0 threats missed
Email Cloaked Malware
2 threats missed
Virus
1 threats missed
P2P Share Worm
- 0 threats missed
Bot
1 threats missed
Email Worm
5 threats missed "

http://www.prevx.com/avgraph/19/Avira.html

hawki,

I already read that, but what from that fits my suggestion or my last post?

-{ Quote: " This is also unfair for other AV Companies, and I don't know if they can display this..." }-
Rdsu, I suspect that some anti-virus companies could potentially gather and report similar “threats missed” statistics (e.g., through the free Norton Security Scan (http://security.symantec.com/sscv6/WelcomePage.asp)), but they choose not to. I believe that decision reflects well on their professionalism.

Others may disagree, but I react negatively to “disparage-the-competition” marketing tactics. The sad fact is that Prevx does indeed appear to have a quality product, and they really don’t need to engage in potentially misleading marketing practices. Why they do so remains a mystery.

-{ Quote: "Rdsu, I suspect that some anti-virus companies could potentially gather and report similar “threats missed” statistics (e.g., through the free Norton Security Scan (http://security.symantec.com/sscv6/WelcomePage.asp)), but they choose not to. I believe that decision reflects well on their professionalism.

Others may disagree, but I react negatively to “disparage-the-competition” marketing tactics. The sad fact is that Prevx does indeed appear to have a quality product, and they really don’t need to engage in potentially misleading marketing practices. Why they do so remains a mystery." }-

I am sorry you feel this way but the charts will remain as long as vendors continue to use terminology like "total protection" in their product names and misrepresent their own detection to mislead users into thinking that they can use their product and be completely protected from all threats. We are taking a stance on this and are not going to change the graphs until the other vendors change their marketing or change the way that their products work - users should be encouraged to use more than one security product but the major vendors prevent this from happening conceptually when they CAN engineer their products to work nicely alongside other security products (we have!).

No protection is 100%, not us, not anyone and until we hear other vendors going around admitting that, we will have to continue to show the raw data about the threats to prove it is true.

And regarding Prevx's own detection rates - sure it is possible that other vendors are deciding not to post the results for their own reasons, but what if they don't want the world to see the truth behind results :doubt:

-{ Quote: "I am sorry you feel this way but the charts will remain as long as vendors continue to use terminology like "total protection" in their product names and misrepresent their own detection to mislead users into thinking that they can use their product and be completely protected from all threats. We are taking a stance on this and are not going to change the graphs until the other vendors change their marketing or change the way that their products work - users should be encouraged to use more than one security product but the major vendors prevent this from happening conceptually when they CAN engineer their products to work nicely alongside other security products (we have!).

No protection is 100%, not us, not anyone and until we hear other vendors going around admitting that, we will have to continue to show the raw data about the threats to prove it is true.

And regarding Prevx's own detection rates - sure it is possible that other vendors are deciding not to post the results for their own reasons, but what if they don't want the world to see the truth behind results :doubt:" }-
While you may well have a good product, this kind of attitude is not going to help your cause. You talk about 'truth', but what you talk of here is an irrelevance - how many of your competitors actually claim they provide 100% protection against threats? No, what you are engaging here is a marketing approach that will surely end up biting you in the backside. Your statistics are in fact meaningless, and can only mislead the uninformed. Just because your product detected an infection does not mean other security software installed on customers' machines missed it. Putting aside for now the truth(?) that your product is reporting back to you what other software users have installed (in which case be very careful you are complying with laws in respective countries, and honouring your users' privacy), there's no way that your product can really know whether other security products 'missed' threats, completetly undermining your claimed reasons for publishing these statistics you compile.

I would respectfully suggest you cease this attempted manipulation, and try instead to promote your product on the basis of its own merits. You just might end up avoiding the 'unprofessional' label that has already been used in this thread (and, no doubt, elsewhere).

yada-yada-yada
"yawn"