softtouch why don't you disable age and popularity heuristics?

{QUOTE-> We can trust your software by the signature - just send me a signed program once you have it and our researchers will add an exception for the Age/Spread detection for your signature :) <-QUOTE}

About that... would disabling this kinda make the software like ThreatFire in the future - not caring how old or new something is? That's what I like about it - all it cares about is "what are you trying to do right now. I don't care how old or new you're". ;)

Also, what was the other, that's, not Age/Spread detection, but... ::)


The Outer.Edge detections and slow processing of data have always been my issues keeping me away from using the software. :)

{QUOTE-> About that... would disabling this kinda make the software like ThreatFire in the future - not caring how old or new something is? That's what I like about it - all it cares about is "what are you trying to do right now. I don't care how old or new you're". ;) <-QUOTE}

Yes, but this is a good "first line of defense" to block malware - ThreatFire isn't perfect, neither is Prevx so we want to have as much protection as possible without generating more FPs :) Note that this is the only analysis which is "time" dependent - all of the other heuristics behave independent of the age of the program.

{QUOTE-> The Outer.Edge detections and slow processing of data have always been my issues keeping me away from using the software. :) <-QUOTE}

The Community.OuterEdge detections have been toned back quite a bit for the default age/spread detection settings were reduced a few weeks ago (as Conficker is out of the spotlight) which should reduce the complaints with those detections, and the new engine redesigning we're working on will significantly reduce processing overhead and over the next two months we are going to be putting in massive new servers which are 5x more powerful than our current root datacenter so not only will the processing overhead be less, it will have much more headroom to work with ;D

If you still have complaints with the current P3 release, you may want to wait until the next version which should clear up a majority of the complaints people have had :)

Thanks, Joe. :) I'm just thinking about the Age/Spread detections being the only ones I've had I think when installing new software. :( I dunno, but that seems to be it, which makes me hesitate less disabling it. I dunno what level it's at now, though, how many people that have to have run the same thing for it not to alert. Logically improving Prevx to not generate as much FPs won't affect this part except for the threshold. :what:

{QUOTE-> "first line of defense" <-QUOTE}

Getting a bit American there Joe!

{QUOTE-> The Community.OuterEdge detections have been toned back quite a bit... which should reduce the complaints with those detections

...If you still have complaints with the current P3 release, you may want to wait until the next version which should clear up a majority of the complaints people have had <-QUOTE}Hmmm... okay, BUT I hope this doesn't mean that you are sacrificing ANY aspect of Prevx's arsenal of protective algorithms in order to satisfy nit-pickers.

{QUOTE-> softtouch why don't you disable age and popularity heuristics? <-QUOTE}
Or add it to Detection Overrides?

{QUOTE-> Hmmm... okay, BUT I hope this doesn't mean that you are sacrificing ANY aspect of Prevx's arsenal of protective algorithms in order to satisfy nit-pickers. <-QUOTE}

Don't worry, Bellgamin - not according to Joe. Only improving both aspects; FPs and protection, and massively for that matter according to the source. ;D

{QUOTE-> Hmmm... okay, BUT I hope this doesn't mean that you are sacrificing ANY aspect of Prevx's arsenal of protective algorithms in order to satisfy nit-pickers. <-QUOTE}

Definitely not :) There were some issues with the first versions of this detection algorithm which caused more FPs than they should have so we've toned them back from that to reach where we are now but we aren't going to "dilute" it any more by default as we are seeing that the age/spread protection is massively effective, especially against threats like Conficker.

{QUOTE-> Getting a bit American there Joe! <-QUOTE}

I live in the US and fly back and forth to the UK every month or so (and am there now :)). Even though I'm submerged in the culture, my American English prevents me from inserting U's and changing S's ;D

{QUOTE-> I live in the US and fly back and forth to the UK every month or so (and am there now :)). Even though I'm submerged in the culture, my American English prevents me from inserting U's and changing S's ;D <-QUOTE}

you Americans*... ::) ;D

*before every american user starts blaming me, I've to explain I've nothing against americans, it's just a joke born this week here at Prevx HQ between me and PrevxHelp ;D

Edited: grammatical error ;D

{QUOTE-> you americans*... ::) ;D
... <-QUOTE}Heeeey, you'd better use a capital "A" there, mate.::)

{QUOTE-> Heeeey, you'd better use a capital "A" there, mate.::) <-QUOTE}

;D It's saturday night here ;D Tired ;D Edited :)

{QUOTE-> I live in the US and fly back and forth to the UK every month or so (and am there now :)). Even though I'm submerged in the culture, my American English prevents me from inserting U's and changing S's ;D <-QUOTE}

Ah, I see.

Im planning to fly out of the UK and not come back!

Just waiting for the £ to get back up to > 1.3 €, then my family and I will be gone like the wind.....

{QUOTE-> ;D It's saturday night here ;D Tired ;D Edited :) <-QUOTE}Hehe, just teasing. Thanks anyways.8)

{QUOTE-> softtouch why don't you disable age and popularity heuristics? <-QUOTE}

Does not make sense, because the people who use my software will not have it disabled and might get alerts.

I think the signature approach is a better solution, considered that future Windows versions might only run applications which are digitally signed... who knows...

just re installed cc cleaner and prev x came up with this infection on the attachment if ive done it right

{QUOTE-> just re installed cc cleaner and prev x came up with this infection on the attachment if ive done it right <-QUOTE}

I can't find a ccleaner220.exe install file which is bad in our database - I've sent you a PM if you could please send me a scan log so I can correct it :)

EDIT: Never mind - I think I found it. Are you using Online Armour as well as Prevx? When downloading programs, it seems like they sometimes do odd things which causes us a generate abnormal FPs (they seem to pause the download at 8kb and then load the file). Let me know if this is the case and if you can try running another scan if I've fixed it :)

How does PX react on USB trojans etc, which start via autorun.inf?

{QUOTE-> How does PX react on USB trojans etc, which start via autorun.inf? <-QUOTE}

It will block them - Prevx works on blocking executing code so it will catch them as soon as they try and load.

{QUOTE-> It will block them - Prevx works on blocking executing code so it will catch them as soon as they try and load. <-QUOTE}

Thanks for the quick answer. I have removed NOD32 (does not work with Vista SP2 properly), and will not extend its license next month anymore, and wanted just clarification that everything will be fine by just running PrevX.

Hi, I installed GData Internet Security 2010 and it removed, said it was necessary, my Prevx Pro.:o It was my understanding that Prevx played well with other software. Is there any way to remedy this so I can reinstall Prevx and they will coincide nicely? I am a BIG fan of Prevx and I want it back!!!

{QUOTE-> Hi, I installed GData Internet Security 2010 and it removed, said it was necessary, my Prevx Pro.:o It was my understanding that Prevx played well with other software. Is there any way to remedy this so I can reinstall Prevx and they will coincide nicely? I am a BIG fan of Prevx and I want it back!!! <-QUOTE}

There is no incompatibility between Prevx and GData but they probably just have a blanket rule saying to remove any existing AV. Can you try installing GData and then installing Prevx after? It should work properly without warnings, but let me know if it still complains :)

Thanks, I will try that now.

Hello again Joe

Added RemoveFocusRect.dll to System 32 and Prevx is very unhappy - I've trusted it for now, but would like to know what the Prevx rundown here (http://www.prevx.com/filenames/X448694495505940819-X1/REMOVEFOCUSRECT.DLL.html) actually means. I don't really know what to make of the info. on the page - is the .dll confirmed malware?

Thanks in advance

philby

{QUOTE-> Hello again Joe

Added RemoveFocusRect.dll to System 32 and Prevx is very unhappy - I've trusted it for now, but would like to know what the Prevx rundown here (http://www.prevx.com/filenames/X448694495505940819-X1/REMOVEFOCUSRECT.DLL.html) actually means. I don't really know what to make of the info. on the page - is the .dll confirmed malware?

Thanks in advance

philby <-QUOTE}

Yes, it is malware.

Thanks for replying - would you be able to expand a little on how you know it's malware and what nefarious acts the file is guilty of?

I'm just trying to understand how to interpret what this means, as I can't see what's so bad, given what the file is supposed to do - it was added to stop windows from leaving the last selected tree item with a dotted rectangle around it.

209344

Thanks

philby

File is clean on ~VirusTotal link removed per Policy.~ (http://www.wilderssecurity.com/showthread.php?t=180057) except for the Prevx detection (http://info.prevx.com/aboutprogramtext.asp?PX5=E9AC205C00DEC669109C01DDE983A700497EE7C6) of course.

Guess it's a False Positive from Prevx for this file.

Thanks for posting about this file, never knew it existed. I really appreciate this little program. I make a lot of screenshots for tutorials and don't want the dotted lines/triangle on my pictures.

{QUOTE-> Thanks for replying - would you be able to expand a little on how you know it's malware and what nefarious acts the file is guilty of?

I'm just trying to understand how to interpret what this means, as I can't see what's so bad, given what the file is supposed to do - it was added to stop windows from leaving the last selected tree item with a dotted rectangle around it.

209344

Thanks

philby <-QUOTE}

First I looked at this:
{QUOTE->
Associated Malware Groups

The filename is associated with the malware group:

* Malicious Software
<-QUOTE}
So that in itself tells me Prevx has classified it as malware.

Also; the behavior it is conducting is similar to that of a malicious file. Of course I do not know the file itself, but judging from it's behavior it is malicious. This does not mean that it is malicious as many programs can be seen this way due to their behavior even when they aren't.

So really the only way to determine it's safety is to send it in for analysis :)

I got a false positive for "combofix.exe". Let me know if you need a screenshot.

This is a FP. I have had these files since last week and they have scanned clean, previously. This is software by a Wilders member softtouch who has made posts in this thread recently concerning his software. Edit - spelling


Prevx Scan Log - Version v3.0.1.65
Log Generated: 1/6/2009 11:34, Type: 1,8192
Windows XP Professional Service Pack 2 (Build 2600) 32bit|1033
Some non-malicious files are not included in this log.
Heuristics Settings: Age: 2, Pop: 2, Heu: 2 (Dir: 1)
Last Scan: Mon 2009-06-01 11:28:56 E. Australia Standard Time. Number of Scans: 325. Last Scan Duration: 24 minutes 32 seconds.
[BP] (ACTIVE) h:\downloads copy\downloads\ads1.0.0.2.exe [PX5: 8C9CB87A00190972AE3106F96C5B500078164639] Malware Group: Medium Risk Malware Dropper
[BP] (ACTIVE) c:\documents and settings\<myname>\desktop\ads1.0.0.2.exe [PX5: 8C9CB87A00190972AE3106F96C5B500078164639] Malware Group: Medium Risk Malware Dropper

{QUOTE-> Also; the behavior it is conducting is similar to that of a malicious file. Of course I do not know the file itself, but judging from it's behavior it is malicious. This does not mean that it is malicious as many programs can be seen this way due to their behavior even when they aren't <-QUOTE}

Indeed this file was found because it does some quite suspicious behavior - it injects itself into every process, modifies system process memory, accesses remote process windows, and it adds itself to registry bootup areas.

However, it does appear that it is a false positive - one which I can't blame our system for blocking ;D

I've now marked it safe :)

{QUOTE-> This is a FP. I have had these files since last week and they have scanned clean, previously. This is software by a Wilders member softtouch who has made posts in this thread recently concerning his software. <-QUOTE}

Fixed - a new heuristic from over the weekend went a bit too heuristic and caught a few other security tools as well :)

FP
Prevx Scan Log - Version v3.0.1.65
Log Generated: 1/6/2009 10:10, Type: 1,8192
Windows XP Home Service Pack 3 (Build 2600) 32bit|1043
Some non-malicious files are not included in this log.
Heuristics Settings: Age: 1, Pop: 1, Heu: 2 (Dir: 1)
Last Scan: Mon 2009-06-01 09:52:47 Romance (zomertijd). Number of Scans: 5. Last Scan Duration: 1 minute 51 seconds.
[B] c:\program files\slysoft\anydvd\anydvd-uninst.exe [PX5: F9F56C5249E7337A715400A65BB7EE002CC78D17] Malware Group: Medium Risk Malware Dropper
Thanks

{QUOTE-> Malware Group: Medium Risk Malware Dropper <-QUOTE}

This is caused by the same false positive as the others - will be sorted momentarily :)

{QUOTE-> I can't find a ccleaner220.exe install file which is bad in our database - I've sent you a PM if you could please send me a scan log so I can correct it :)

EDIT: Never mind - I think I found it. Are you using Online Armour as well as Prevx? When downloading programs, it seems like they sometimes do odd things which causes us a generate abnormal FPs (they seem to pause the download at 8kb and then load the file). Let me know if this is the case and if you can try running another scan if I've fixed it :) <-QUOTE}


no i am using kaspersky internet security

The 2 FPs that reported earlier are fixed. Thanks.:)

Have another one:

Prevx Scan Log - Version v3.0.1.65
Log Generated: 1/6/2009 19:03, Type: 1,8192
Windows XP Professional Service Pack 2 (Build 2600) 32bit|1033
Some non-malicious files are not included in this log.
Heuristics Settings: Age: 2, Pop: 2, Heu: 2 (Dir: 1)
Last Scan: Mon 2009-06-01 18:54:26 E. Australia Standard Time. Number of Scans: 327. Last Scan Duration: 22 minutes 1 second.
[B] (ACTIVE) c:\program files\opera 10.0 alpha\opera.exe [PX5: BC1AA82A00E9E697BEF401DC1AD8A600ABC01DAE] Malware Group: Medium Risk Malware Dropper

{QUOTE-> The 2 FPs that reported earlier are fixed. Thanks.:)

Have another one:

Prevx Scan Log - Version v3.0.1.65
Log Generated: 1/6/2009 19:03, Type: 1,8192
Windows XP Professional Service Pack 2 (Build 2600) 32bit|1033
Some non-malicious files are not included in this log.
Heuristics Settings: Age: 2, Pop: 2, Heu: 2 (Dir: 1)
Last Scan: Mon 2009-06-01 18:54:26 E. Australia Standard Time. Number of Scans: 327. Last Scan Duration: 22 minutes 1 second.
[B] (ACTIVE) c:\program files\opera 10.0 alpha\opera.exe [PX5: BC1AA82A00E9E697BEF401DC1AD8A600ABC01DAE] Malware Group: Medium Risk Malware Dropper <-QUOTE}

Thanks :-\ This is still the same signature causing issues - will be fixed shortly ;D

Regarding the recent string of FPs - we believe we've found the source of them (an issue which started on Sunday) and we've now retroactively corrected the other falsely detected files.

Please let me know via PM, email, or post here if you do see any other FPs :) Thanks for the help!

Just noticed a change, quoted below, from the log in MJ Registry Watcher:

Joe, is this valid?

I am currently in the middle of a scan.




** Monday 1/06/2009 7:54:12 PM **
Important Executables and Driver Files
File Details Changed from
c:\windows\system32\drivers\pxscan.sys - Size=22,024 Date=Wed Apr 29 11:18:57 2009 Attributes=---A-
to
c:\windows\system32\drivers\pxscan.sys - Size=22,024 Date=Mon Jun 01 19:47:37 2009 Attributes=---A-
File Details Changed from
c:\windows\system32\drivers\pxsec.sys - Size=27,656 Date=Wed Apr 29 11:18:57 2009 Attributes=---A-
to
c:\windows\system32\drivers\pxsec.sys - Size=27,656 Date=Mon Jun 01 19:47:37 2009 Attributes=---A-
=======================================================
** Monday 1/06/2009 7:54:13 PM **
Change Auto-Accepted

{QUOTE-> Just noticed a change, quoted below, from the log in MJ Registry Watcher:

Joe, is this valid?

I am currently in the middle of a scan.

** Monday 1/06/2009 7:54:12 PM **
Important Executables and Driver Files
File Details Changed from
c:\windows\system32\drivers\pxscan.sys - Size=22,024 Date=Wed Apr 29 11:18:57 2009 Attributes=---A-
to
c:\windows\system32\drivers\pxscan.sys - Size=22,024 Date=Mon Jun 01 19:47:37 2009 Attributes=---A-
File Details Changed from
c:\windows\system32\drivers\pxsec.sys - Size=27,656 Date=Wed Apr 29 11:18:57 2009 Attributes=---A-
to
c:\windows\system32\drivers\pxsec.sys - Size=27,656 Date=Mon Jun 01 19:47:37 2009 Attributes=---A-
=======================================================
** Monday 1/06/2009 7:54:13 PM **
Change Auto-Accepted <-QUOTE}


Those are indeed the correct drivers and the correct sizes - I'm not sure why they would have changed now tho :-\ If you'd like, feel free to send me the files and I can double check that they are exactly the same as the ones we released :)

{QUOTE-> Those are indeed the correct drivers and the correct sizes - I'm not sure why they would have changed now tho :-\ If you'd like, feel free to send me the files and I can double check that they are exactly the same as the ones we released :) <-QUOTE}

No, I am sure the files are Ok.

I think maybe it had something to do with my HIPs (SSM) throwing up popups which I kept ignoring.

And a scan aborted. So I killed Prevx. Then it restarted automatically.

BTW, Opera FP is now gone.:)

Re. RemoveFocusRect.dll:

To Ctrlaltdelete

{QUOTE-> Thanks for posting about this file, never knew it existed. I really appreciate this little program. I make a lot of screenshots for tutorials and don't want the dotted lines/triangle on my pictures. <-QUOTE}
No problem - credit to the author, who lurks on Neowin, I think.


To Joe

{QUOTE-> However, it does appear that it is a false positive - one which I can't blame our system for blocking... I've now marked it safe <-QUOTE}
Thank you Joe - I wasn't at all irked by the FP - I'm very glad Prevx was awake to the behaviour and sought to lock out the .dll - could well have been a baddie for all I knew, not knowing the exact provenance of the file...

philby

@PrevxHelp: Sent you PM regarding my software. They are now digitally signed.

{QUOTE-> "Prevx Protection is Active" works well, if you feel you must alter what is there now.

I actually think "System is Secure" is fine, inasmuch as it pertains to Prevx software, and everyone viewing those words knows it pertains only to Prevx. It is a given. That is, how could "Prevx v3.0.1.65 - System is Secure" pertain to anything else?

For example, most Wilders members use more than one security application, right? Any one of these apps might think the system is infected, or not secure. And they are of course free to make that claim. But in doing so, we don't see an AV program going into any disclaimer-type detail when it finds what it thinks is an infection.... "as far as Kaspersky is concerned, System is infected". That's ridiculous. As ridiculous as it is to suggest that Prevx stating the system is secure should be accompanied by a qualifier.

"System is Secure" is fine and 99.9% of the folks reading that understand it for what it is saying. <-QUOTE}

absolutely! i would not change a thing, especially for someone who in all likelihood is not even licensed for or using the product. let 'em eat mud.


Mike

Whatever text, does not matter for me.
I only take a look at the tray icon, and if it is green, all is ok for me... if it is red, something is wrong, and I then do not care what text is written there...

Hi PrevXHelp,

I have a FP here from the R-Wipe and Clean website. Log file details:

[B] e:\downloads\rwc_en_8.exe [PX5: C8012388D092EC2A937E2BDEB3FDF300E0740192] Malware Group: Medium Risk Malware
[B] e:\downloads\rwc_en_8.exe [PX5: C8012388D092EC2A937E2BDEB3FDF300E0740192] Malware Group: Medium Risk Malware

The file in question is their trial program - never had an issue with the earlier release of R-wipe just this new one.

Cheers!
Neil

{QUOTE-> I have a FP here from the R-Wipe and Clean website. Log file details: <-QUOTE}

Fixed now! Thanks :)

Hi, I hope someone can help me out with this,

This may be a possible bug, this behavior cant be right:wacko:

Ok then let me give you a quick summary of events:

I downloaded a screen saver, recommended by some trustworthy sites. I researched before downloading.
Well prevx detected 2 high risk worms:o Being a screen saver and all I thought that anything is possible(personally, still believing it to be a false positive)

Alarm bells went off within prevx and me...

I didn't want to clean up just yet, thought I would perform a system scan that's when it all started:doubt:

I sopped (not paused)the scan because I had to urgently attend to something, just for a minute. I wanted to restart the scan and had realised my red blinking icon had turned green(safe) STRANGE??? Well I proceed with my scan and there are no more threats on my system... CLEAN:ouch:

I couldn't believe it, So I thought I would run the exe again alarm bells in prevx detecting the same worm, well... scan, paused(clean green:))restart scan and no more threats:thumb: >:(
What has happend???

Now to make things worse I ran the exe again, this time prevx detects nothing
the file is now clean;D or is it???

Could you please explain this behaviour

I have both log files
1. Infection is noted at page bottom(high risk worm)
2.the miraculous recovery from certain destruction;D no mention of its existence (taken later; not even detecting or mentioning the previous infection)

Can some one replicate this, I'm sure it's not limited to my exe?(for identifying it as clean after a stopped scan and rescan)

Who can I post the log files too? I would like to send you the link to the site so you can verify it as a threat or FP

help;)

{QUOTE->
Who can I post the log files too? I would like to send you the link to the site so you can verify it as a threat or FP) <-QUOTE}

EDIT: I've analyzed your log and it is indeed a legitimate detection - the files appear to be a component of MyWebSearch. It looks like we caught it before it was able to do anything in the system and being that it was trying to run from only a temporary folder, the problem seems to have fixed itself :)

{QUOTE-> EDIT: I've analyzed your log and it is indeed a legitimate detection - the files appear to be a component of MyWebSearch. It looks like we caught it before it was able to do anything in the system and being that it was trying to run from only a temporary folder, the problem seems to have fixed itself :) <-QUOTE}

I am aware of this entry( myweb seach bar) I downloaded it, wanted to see if I would be alerted. But that was about 1 week ago and has nothing to do with the alert I had yesterday.

Last night: ******screensaver.zip\setup.exe [PX5:A497B95B001AE21240450510FFC75400F7BE684B] Malware Group: High Risk Worm

Last week: mwssetup.exe [PX5:CD7240500027C077B07B51453A86160079FD000A] Malware Group: Low Risk Adware

I suspect the real "problem" is that the file existed in a temporary directory and was either removed by the installer which extracted it or was removed by Windows automatically.

I downloaded the archive and tried installing it and didn't receive any warning, however, the file which I got when downloading it was much larger than the one you had (yours was ~66kb while mine is ~300kb).

{QUOTE-> I suspect the real "problem" is that the file existed in a temporary directory and was either removed by the installer which extracted it or was removed by Windows automatically.

I downloaded the archive and tried installing it and didn't receive any warning, however, the file which I got when downloading it was much larger than the one you had (yours was ~66kb while mine is ~300kb). <-QUOTE}

It was quite late last night when i posted, I have more details and more questions.

I honestly believed the file to be clean, but looking back Drivesentry also gave me a warning for the same 2 installers. As I said, I repeated this three times with identical results for prevx and DS.
Yet some 20 odd minutes later there was no warning.

I treid downloading before and yes no warning at all from prevx and 1 warning from DS (not an installer warning)

I'm starting to think the site may have had a rouge installer on it. I have a threatExpert log of the offending file. CIM detected nothing, VirusTotal 2/39, and your scanlog.

Would the site administrater be aware of this? I know of a paticular site that links here, I don't think they would be impressed unwittingly linking to malware. WOT also rates it as trustworthy.

Should I inform the sites administraters, or what would be the correct procedure.

There was definitely a different installer involved earlier this morning

Hi,

Reporting what I think to be two false positives.

First is the ASIO component of foobar2000 (perhaps the most comprehensive audio player), downloaded from here, under the ASIO support section
http://www.foobar2000.org/?page=Download

Second is aucdtect.exe, part of Audiochecker 1.2, which verifies FLAC and APE files to see if the audio is or is not actually lossless. It's accurate most of the time (not always reliable for older cd rips).
http://www.dester.hu/English/down_e.html

{QUOTE-> Reporting what I think to be two false positives. <-QUOTE}

They were :) Fixed now - thanks!

Very cool that I can already see the resulting clean scan on my end.

Hi Joe

Any news when the big improvements (how can you improve on Prevx 3.0 as is?) are due to be out for beta testing. ???

One bored beta tester here waiting patiently. ;)

{QUOTE-> Hi Joe

Any news when the big improvements (how can you improve on Prevx 3.0 as is?) are due to be out for beta testing. ???

One bored beta tester here waiting patiently. ;) <-QUOTE}

The changes take quite some time :) We're still deciding exactly how everything is going to fit in (and when we'll be branching off into Prevx 4.0 :))

More news to come in the near future :)

Hi Joe, I take it many of the samples i sent you the other day are not malware (or real malware) as Prevx is only detecting one more than it did.

Cheers.

{QUOTE-> Hi Joe, I take it many of the samples i sent you the other day are not malware (or real malware) as Prevx is only detecting one more than it did. <-QUOTE}

I just got back to the States from the UK but I'll be taking a look at them shortly :)

No worries. Prevx is still detecting more than Avira, A2 and Hitman!

{QUOTE-> No worries. Prevx is still detecting more than Avira, A2 and Hitman! <-QUOTE}

Are you sure about Hitman as PREVX is incl. in that package? Maybe Joe can explain why...

When going v4.0, will the same licenses apply to make the process as seemless as possible? Maybe it's even just a usual program update, or what... ?

{QUOTE-> Are you sure about Hitman as PREVX is incl. in that package? Maybe Joe can explain why... <-QUOTE}

The engine included in Hitman is an extremely old version of Prevx which only supports a subset of our technology.

{QUOTE-> When going v4.0, will the same licenses apply to make the process as seemless as possible? Maybe it's even just a usual program update, or what... ? <-QUOTE}

We haven't finalized all of these decisions but we will definitely be making it as seamless as possible :) We're currently focusing on some upgrades to v3 which will also be included in v4 (and should be ready in the next few weeks).

{QUOTE-> The engine included in Hitman is an extremely old version of Prevx which only supports a subset of our technology.



We haven't finalized all of these decisions but we will definitely be making it as seamless as possible :) We're currently focusing on some upgrades to v3 which will also be included in v4 (and should be ready in the next few weeks). <-QUOTE}

Thanks to you I noticed my grammar mistake - shows that I'm still learning. ;D I live in Sweden, but languages have always been easy for me. ;)

Guess v4 is what will still be the bomb then. ;D

Hitman uses its own engine to scan the system locally. When it finds suspect files, they are uploaded to the cloud and scanned by the various engines, including an old version of prevx.

Hitman is good, but I have found several major issues with it failing to remove infections on reboot. I was testing it for the author, but he has not got back to me, so wont bother reporting these issues to him.

{QUOTE->
Guess v4 is what will still be the bomb then. ;D <-QUOTE}

Yes, without trying to get it flagged by customs, v4 will be "the bomb" ;D

{QUOTE-> Yes, without trying to get it flagged by customs, v4 will be "the bomb" ;D <-QUOTE}

Are you saying weeks for v4 or additions to v3?

TH

{QUOTE-> Are you saying weeks for v4 or additions to v3?

TH <-QUOTE}

For v3 :) Sorry for being unclear!

{QUOTE-> For v3 :) Sorry for being unclear! <-QUOTE}

Ok, how about v4 months or next year? ;D

TH

{QUOTE-> Ok, how about v4 months or next year? ;D

TH <-QUOTE}

We don't have an exact timeframe ready yet but we should have a beta/RC ready in Q3.

{QUOTE-> We don't have an exact timeframe ready yet but we should have a beta/RC ready in Q3. <-QUOTE}

Great Thanks ;)

{QUOTE-> We don't have an exact timeframe ready yet but we should have a beta/RC ready in Q3. <-QUOTE}
How does one sign up for beta testing for you? :D

{QUOTE-> How does one sign up for beta testing for you? :D <-QUOTE}

We'll let everyone here know as soon as it's ready and I believe we're going to have a formal beta program via our website as well :)

{QUOTE-> We'll let everyone here know as soon as it's ready and I believe we're going to have a formal beta program via our website as well :) <-QUOTE}

Great the more the merrier, this is why I'm a Prevx user now!

TH

{QUOTE-> We'll let everyone here know as soon as it's ready and I believe we're going to have a formal beta program via our website as well :) <-QUOTE}
Sign me up now. I am ready and waiting! ;D ;D ;D

{QUOTE-> We don't have an exact timeframe ready yet but we should have a beta/RC ready in Q3. <-QUOTE}

Q3 starts July - hope its the beginning and not the end of Q3 ;D

{QUOTE-> Sign me up now. I am ready and waiting! ;D ;D ;D <-QUOTE}

Another one here :thumb: :thumb:

Is there any commandline to check a file via prevx, like

prevx.exe myfile.exe

????

Sign me up too.. I'm interesting in beta testing V4. Seriously, others should follow PrevX's customer service model. In the end you provide a service to your customers, not just a piece of software that sits in the background. And this is where you guys get it right.

{QUOTE-> Is there any commandline to check a file via prevx, like

prevx.exe myfile.exe <-QUOTE}

We don't currently have commandline support but we are planning on adding this in a future version (alongside MSN scanning support which requires a similar commandline).

Hi Joe,

I'm still having problems on 3 machines with the Tray Icon not showing up on boot up! Two are XP SP3 32bit & One Vista SP2 32bit. It shows fine in Task Manager and some reboots it comes back but not all times. I also go into the GUI and uncheck show Icon and save an go back and check it and it shows up fine until I reboot again.

TIA,

TH

{QUOTE-> Hi Joe,

I'm still having problems on 3 machines with the Tray Icon not showing up on boot up! Two are XP SP3 32bit & One Vista SP2 32bit. It shows fine in Task Manager and some reboots it comes back but not all times. I also go into the GUI and uncheck show Icon and save an go back and check it and it shows up fine until I reboot again.

TIA,

TH <-QUOTE}

:-\ I'm really not sure what would cause this. To take a guess - could you let me know what product you're using (i.e. if you're using the business version or enterprise version?) If you're just using the consumer version, are you using any apps which could affect the tray icon or if your Windows Explorer crashes at all on bootup?

Also, does the tray icon never show up? If you wait ~2 minutes its possible that it would show up (hard to say, however :))

{QUOTE-> I'm still having problems on 3 machines with the Tray Icon not showing up on boot up! <-QUOTE}
Hi Triple Helix. Excuse me for butting in, but I found an interesting page (http://forums.techguy.org/all-other-software/710658-tool-tray-icons-missing.html) that has a number of solutions and workarounds that just might offer you some ideas. Slowing down the boot process or eliminating some start up services worked for a couple people. Maybe you'll find something in there. :)

{QUOTE-> :-\ I'm really not sure what would cause this. To take a guess - could you let me know what product you're using (i.e. if you're using the business version or enterprise version?) If you're just using the consumer version, are you using any apps which could affect the tray icon or if your Windows Explorer crashes at all on bootup?

Also, does the tray icon never show up? If you wait ~2 minutes its possible that it would show up (hard to say, however :)) <-QUOTE}

This will happen on my laptop occasionally too. I follow the same steps Triple Helix uses to get it to appear. I'm using the personal/home version of Prevx. I have Online Armor Premium running along side but litle else. I also can't seem to get it to quit doing a bootup scan no matter how I try in the settings...??? :blink: :)

Are there any plans for a Cloud URL scanner by Prevx?

{QUOTE-> Are there any plans for a Cloud URL scanner by Prevx? <-QUOTE}
Hope they are not planning to implement those stuff :)
Prevx should really stay out of the "big suite-offers". It has a perfect concept like it is, imo. It´s all you need to be secure in future.

Regards,
Nightwatch

{QUOTE-> Are there any plans for a Cloud URL scanner by Prevx? <-QUOTE}

We are indeed trying to keep everything as straightforward as possible, however, a cloud URL scanner will most likely come as a separate/distinct product from the standard Prevx 3.0 offering sometime down the line :)

{QUOTE-> This will happen on my laptop occasionally too. I follow the same steps Triple Helix uses to get it to appear. I'm using the personal/home version of Prevx. <-QUOTE}
Same here.

This is the only icon on my machine which shows this behaviour and it has been observed over several months now. But its frequency has decreased since switching to Windows 7.

Fortunately the Prevx process is still running in Task manager.

Hello, i would like to have a lizenz ;-)
but at the moment i can't send a pm.

some critic:
I'm a emploid Person.
the handling of prevx is not easy, if you have to use the keyborard. perhaps the developer can do somethin :-)
I use this Screenreader:
freedomscientific.com/products/fs/jaws-product-page.asp
thanks for answer.

{QUOTE-> Hello, i would like to have a lizenz ;-)
but at the moment i can't send a pm.

some critic:
I'm a emploid Person.
the handling of prevx is not easy, if you have to use the keyborard. perhaps the developer can do somethin :-)
I use this Screenreader:
www.freedomscientific.com/products/fs/jaws-product-page.asp -
thanks for answer. <-QUOTE}

Hello,
We currently do not support keyboard navigation but we will be adding this soon :) Also, I've PM'd you a 7 day trial license - let me know if you have any questions!

{QUOTE-> :-\ I'm really not sure what would cause this. To take a guess - could you let me know what product you're using (i.e. if you're using the business version or enterprise version?) If you're just using the consumer version, are you using any apps which could affect the tray icon or if your Windows Explorer crashes at all on bootup?

Also, does the tray icon never show up? If you wait ~2 minutes its possible that it would show up (hard to say, however :)) <-QUOTE}

I have nothing that would affect the Tray Icon nor does Windows Explorer crash. And I use the consumer version and waiting does not help. Also it seems I'm not the only one.

TH

{QUOTE-> I have nothing that would affect the Tray Icon nor does Windows Explorer crash. And I use the consumer version and waiting does not help. Also it seems I'm not the only one.

TH <-QUOTE}

Honestly, I had hoped you were the only one, however, it appears you definitely aren't ;D

We'll take a look at it shortly and let you know what we find :)

Thanks for the patience!

working like a hit
on 64 bit ;)

{QUOTE-> Honestly, I had hoped you were the only one, however, it appears you definitely aren't ;D

We'll take a look at it shortly and let you know what we find :)

Thanks for the patience! <-QUOTE}

I'll be waiting too...:thumb: Sheesh, 175 pages in this topic in less than 7 months. Just 13 pages behind the long running "What is your security setup these days? " A Wilders Prevx dedicated forum must be just around the corner...:o ;D

{QUOTE-> working like a hit
on 64 bit ;) <-QUOTE}
You poet you.

@ Prevx Help: Question about log flag [NF] what is it about?

{QUOTE-> [NF] c:\windows\temp\tmp00000038b743e01427da777a [PX5: 0D0120F6002DA0A9000508511CA225002AC8E42E] <-QUOTE}

{QUOTE-> @ Prevx Help: Question about log flag [NF] what is it about? <-QUOTE}

NF says that the file is overridden by the user (most likely you've marked it as a false positive).

Joe, I have just been looking at a few articles concerning Morro. Looks like it will be cloud based. Have you got any thoughts?

Puss

{QUOTE-> NF says that the file is overridden by the user <-QUOTE}
Doh! stupid User. ::)

{QUOTE-> (most likely you've marked it as a false positive). <-QUOTE}

Most likely? What is the difference?
I would like to know all flags... :)

{QUOTE->
Most likely? What is the difference?
I would like to know all flags... :) <-QUOTE}

Well, NF always means "marked as a false positive". Most likely means it may not have been you ;D (i.e. another user on your machine ;D)

Most of the flags are just for internal use but you can cover a majority of them with:

B = Bad
U = Unknown/Untrusted
G = Good/trusted

{QUOTE-> Joe, I have just been looking at a few articles concerning Morro. Looks like it will be cloud based. Have you got any thoughts?

Puss <-QUOTE}

I haven't really looked into it much but we really don't consider it much of a threat - the free AV market is already quite saturated with a number of very good products. Microsoft's Morro may have a leg up on the others if it leverages community intelligence (and Microsoft's ubiquitous knowledge) but we aren't worried at all ;)

{QUOTE-> Well, NF always means "marked as a false positive". Most likely means it may not have been you ;D (i.e. another user on your machine ;D)

Most of the flags are just for internal use but you can cover a majority of them with:

B = Bad
U = Unknown/Untrusted
G = Good/trusted <-QUOTE}

Thank you so far.

This log does not belong to my mashine. God save. Otherwise i would have a lot of problems.. ;)

{QUOTE-> Thank you so far.

This log does not belong to my mashine. God save. Otherwise i would have a lot of problems.. ;) <-QUOTE}

;D Good luck!

Sure is a beautiful day. Hmm, I can just smell the roses.;)

:thumb: guess they just bloomed. Congrats Prevx and thank you Wilders.

Not sure if this has been requested before, but perhaps an option to not scan while other application is in fullscreen mode?


I myself have very low-end machine and can barely play Sims3, and then *bang* comes the scheduled scan :) It of course took focus back to desktop and left my machine swapping for a moment :D

I do realize I could disable the scanning window in Edge, this could perhaps allow the game keep fullscreen mode on, it'd still take nearly an hour for the scheduled Quick scan to complete.

Just been looking on the a-squared Anti-Malware homepage , they say they are
currently protecting over 5 ,000,000 window users does anyone have any numbers on prevx users being protected ?

{QUOTE-> Just been looking on the a-squared Anti-Malware homepage , they say they are
currently protecting over 5 ,000,000 window users does anyone have any numbers on prevx users being protected ? <-QUOTE}

We have around 6 million users (between Enterprise/Business/Consumer users).

{QUOTE-> Not sure if this has been requested before, but perhaps an option to not scan while other application is in fullscreen mode?


I myself have very low-end machine and can barely play Sims3, and then *bang* comes the scheduled scan :) It of course took focus back to desktop and left my machine swapping for a moment :D

I do realize I could disable the scanning window in Edge, this could perhaps allow the game keep fullscreen mode on, it'd still take nearly an hour for the scheduled Quick scan to complete. <-QUOTE}

This is definitely a good suggestion - we will be adding an option into the scheduler to not run a scan if a fullscreen application is open :)

Thanks!

Hello,
please check these:

[B] c:\program files\via\setup\viastor\driver\ide\nt5\videx32.sys [PX5: BD2DC1509821C1E736A300E7BDDE70003209B686] Malware Group: Medium Risk Malware

[B] c:\program files\via\setup\viastor\driver\ide\nt5\videx32.sys [PX5: BD2DC1509821C1E736A300E7BDDE70003209B686] Malware Group: Medium Risk Malware

B] c:\windows\system32\driverstore\filerepository\vminiide.inf_d147f797\videx32.sys [PX5: BD2DC1509821C1E736A300E7BDDE70003209B686] Malware Group: Medium Risk Malware

Thank you.

{QUOTE-> Hello,
please check these: <-QUOTE}

Fixed the FP - thanks! :)

{QUOTE-> This is definitely a good suggestion - we will be adding an option into the scheduler to not run a scan if a fullscreen application is open :)

Thanks! <-QUOTE}

Haha, that's one exact reason that I'd to uninstall Prevx. ;D Should've mentioned it before myself, but I guess I didn't bother or something. ::) I do hope that this option will be enabled by default, cause I only see more negative things coming from having it disabled instead. This type of detection is what Norton's 2009 lineup has been running non-stop. ;)

{QUOTE-> Haha, that's one exact reason that I'd to uninstall Prevx. ;D Should've mentioned it before myself, but I guess I didn't bother or something. ::) I do hope that this option will be enabled by default, cause I only see more negative things coming from having it disabled instead. This type of detection is what Norton's 2009 lineup has been running non-stop. ;) <-QUOTE}

I agree - it will be enabled by default :) Any other similar suggestions are warmly welcomed ;D

{QUOTE-> Fixed the FP - thanks! :) <-QUOTE}
I gotta say, I sure like how quickly you fix FPs. In no time at all. It literally is like no other vendor I've seen. Thanks!

WOW! Prevx has come into the big time here at Wilders with their own forum. I just had to tip my hat...:thumb: ;D

:argh: i just infected heavily a machine and tried A B C D E Products and none of them took one rootkit out i was wondering if my prevx will get rid of it and TARA !! :argh: :thumb: the rootkit is gone

but i wonder if this harm my license activations ::)

well was good to try new rootkits against prevx

{QUOTE-> :argh: i just infected heavily a machine and tried A B C D E Products and none of them took one rootkit out i was wondering if my prevx will get rid of it and TARA !! :argh: :thumb: the rootkit is gone

but i wonder if this harm my license activations ::)

well was good to try new rootkits against prevx <-QUOTE}

Send me a PM with your license key and the hostname of the computer and I can deactivate it so you can use it further if wanted :)

Glad to hear it worked well!

Can I get Prevx 3.0.1.65 trial license key, because my computer is infected by rootkit, and my AV doesn't remove it.

Thank You.

{QUOTE-> Can I get Prevx 3.0.1.65 trial license key, because my computer is infected by rootkit, and my AV doesn't remove it.

Thank You. <-QUOTE}

For these cases we do not give out license keys as cleanup is a paid feature. However, if you do have any problems cleaning your system after purchasing a license, please let me know and I'll ensure your support ticket is elevated :)

{QUOTE-> Can I get Prevx 3.0.1.65 trial license key, because my computer is infected by rootkit, and my AV doesn't remove it.

Thank You. <-QUOTE}
You could also try using Dr.Web CureIt Utility, usually it is good at cleaning already infected PC's

http://www.freedrweb.com/cureit/

Hi, I'm interested in buying Prevx 3.0.1.65 license key for one year, can i get 7 days trial key to see how exactly does it work?

{QUOTE-> Hi, I'm interested in buying Prevx 3.0.1.65 license key for one year, can i get 7 days trial key to see how exactly does it work? <-QUOTE}

PM sent :)

;D i dont know but i think Hess and _temp are the same person :argh:

Thank You very much for trial license :)

Does the free version of Prevx 3.0 detect and popup alerts in real time monitoring for all that like in paid version ? Only difference is no ''block'' option on popup,in real time alert ?

{QUOTE-> Does the free version of Prevx 3.0 detect and popup alerts in real time monitoring for all that like in paid version ? Only difference is no ''block'' option on popup,in real time alert ? <-QUOTE}
That is correct :)

{QUOTE-> That is correct :) <-QUOTE}

Thanks!
That is nice reason for push free version :doubt: but i think about paid.......I try a lot of them but there is a really only few security products that are so light on RAM(commit charge in task manager),fast ,easy to work,and strong in protection....

New Norton is ''light'' all say,for me NO. Fast is ,that's true, but RAM usage(commit charge) is bigger than in lot of security programs(KIS,Eset,Online Armor).......GeSWall has the lowest commit charge RAM usage,fast,and it's strong in protection but you must spend time and think always on his untrusted files,rules......

When will be done some serious testing of Prevx 3.0 ? (like AV Comparative,av-test.org.....or something like this on tons of malwares,new samples )

What testing is done by now on Prevx ? Can we see that links to compare with other products please....All I know are some stories from wilders forum(bad and good),PC Mag award,and youtube test on few samples.......I think lots of people are interested,and want to see some serious test results before they pay for protection.

You can read some reviews from this thread: http://www.wilderssecurity.com/showthread.php?t=244969

We disagree with the testing methodology from AV Comparatives/AV-Test.org so we are currently not participating in their tests.

Thanks

1.Trojans and other malware via USB and autorun.inf Prevx can block :thumb: ,it's some stuff about this on page 172,o.k.,but can stop them without internet conection ? (Only with prevent execution capabilities of prevx ? -without base in the cloud) Can prevx stop some basic stuff without internet connection?

2.I don't see the download and upload ratio when i scan PC with prevx ,how then prevx contact net base ? it's not depending on fast or slow internet conection,prevx will do it right?

3.Prevx free has detected hook.dll in my pc (1 file)and said :''High Risk Cloaked Malware''...but it's not in system32 ,not in partition where are windows....the risk file it's from camstudio 2.5 beta portable...i have read some about that file on the net,thing is dangerous if it is in system32 folder.

{QUOTE-> 1.Trojans and other malware via USB and autorun.inf Prevx can block :thumb: ,it's some stuff about this on page 172,o.k.,but can stop them without internet conection ? (Only with prevent execution capabilities of prevx ? -without base in the cloud) Can prevx stop some basic stuff without internet connection? <-QUOTE}

The protection when entirely offline is currently limited to being against threats and derivatives of threats which the system has seen before but we will be including additional functionality to lock down areas (like USB-borne malware) soon :)

{QUOTE-> 2.I don't see the download and upload ratio when i scan PC with prevx ,how then prevx contact net base ? it's not depending on fast or slow internet conection,prevx will do it right? <-QUOTE}

The communication between the agent and the server is designed to be as small as possible and the roundtrip time is quite short so you shouldn't see much of a load at all.

{QUOTE-> 3.Prevx free has detected hook.dll in my pc (1 file)and said :''High Risk Cloaked Malware''...but it's not in system32 ,not in partition where are windows....the risk file it's from camstudio 2.5 beta portable...i have read some about that file on the net,thing is dangerous if it is in system32 folder. <-QUOTE}

If you could click Tools > Save Scan Results and email the log to report@prevxresearch.com, we'll analyze it there. I suspect they're using a hooking library which is used by malware as well and it will be best to fix it by getting a scan log :)

{QUOTE-> but we will be including additional functionality to lock down areas (like USB-borne malware) soon <-QUOTE} "soon" sounds very good... :D

{QUOTE->
If you could click Tools > Save Scan Results and email the log to report@prevxresearch.com, we'll analyze it there. I suspect they're using a hooking library which is used by malware as well and it will be best to fix it by getting a scan log :) <-QUOTE}

Done.Log sent :thumb:
I'm testing free version of Prevx....hope that paid version has not stronger system impact(pc slowndowns) than free

{QUOTE-> Done.Log sent :thumb:
I'm testing free version of Prevx....hope that paid version has not stronger system impact(pc slowndowns) than free <-QUOTE}

FP fixed :) And the system load of the paid version is exactly the same as the impact of the free version :)

Does Prevx safeguard against something like this?

http://www.broadbandreports.com/forum/r22653931-Cloudbased-computing-will-be-extremely-dangerous

{QUOTE-> Does Prevx safeguard against something like this?

http://www.broadbandreports.com/forum/r22653931-Cloudbased-computing-will-be-extremely-dangerous <-QUOTE}

That sounds more like the need of network security on web admin's side.

While we can't directly protect against an admin using an insecure password, our research helps organizations improve their security: http://www.thetechherald.com/article.php/200927/3960/ZBot-data-dump-discovered-with-over-74-000-FTP-credentials

{QUOTE-> That sounds more like the need of network security on web admin's side.

While we can't directly protect against an admin using an insecure password, our research helps organizations improve their security: http://www.thetechherald.com/article.php/200927/3960/ZBot-data-dump-discovered-with-over-74-000-FTP-credentials <-QUOTE}

So this doesn't have to do with in the cloud AVs and software like Prevx?

{QUOTE-> So this doesn't have to do with in the cloud AVs and software like Prevx? <-QUOTE}

No, from what I got from the article, he's just saying that because companies are moving all of their data online (like online document editing), it makes it easier to attack it as before it was already easy when it wasn't online.

Another question: would Prevx along with NIS 2010 be too much overlapping "in the cloud" technology?

{QUOTE-> Another question: would Prevx along with NIS 2010 be too much overlapping "in the cloud" technology? <-QUOTE}

No, NIS' cloud technology is significantly different from ours so you can use them alongside each other (and neither is perfect ;))

{QUOTE-> No, NIS' cloud technology is significantly different from ours so you can use them alongside each other (and neither is perfect ;)) <-QUOTE}

Please elaborate - I'm completely open for a good explanation (and eventually discussion...). :) I don't mean just Symantec ofc. ;)

{QUOTE-> Please elaborate - I'm completely open for a good explanation (and eventually discussion...). :) I don't mean just Symantec ofc. ;) <-QUOTE}

The fact that NIS2010's installer is 88.49 MB and ours is .8MB pretty much sums it up ;D (and from what I can tell this does not contain their signatures, etc.)

The only benefit users of Prevx would have with a local signature database would be to have protection when offline. Granted, we're adding this into v4 (and it will be optional and non-default), but there is no other benefit from them.

Symantec/other "in-the-cloud" companies are all using the cloud as a supporting means of protection. Their cloud technology is not intelligent enough on its own to sustain a reasonable level of protection while ours is because of the vast differences behind the hood. We've spoken with many of the cloud vendors and compared technology and while we all may use the same overused nomenclature of CLOUD CLOUD CLOUD, the approach is the polar opposite (and for confidentiality reasons/IP reasons we can't go into too much detail here I'm afraid).

Small addition to my previous post:

To be fair, I'm not trying to slight Symantec here. They have come a LONG way in the last couple years - honestly much farther than any most companies I've seen and I commend them for that.

I think their "in-the-cloud" offering will shape up to be one of the more fully featured than some of the others but at Prevx we really don't feel any more threatened by their position in-the-cloud because we have a trick up our sleeves for every trick they do (and we do have quite a bit more experience in this realm of cloud protection, since long before it was called "cloud" :P)

However, I do hope that consumers who are long-time haters of Symantec products try them again because recently they have made a 180º improvement over their previous products and we will work adamantly to coexist peacefully with them as well :)

{QUOTE-> The fact that NIS2010's installer is 88.49 MB and ours is .8MB pretty much sums it up ;D (and from what I can tell this does not contain their signatures, etc.)

The only benefit users of Prevx would have with a local signature database would be to have protection when offline. Granted, we're adding this into v4 (and it will be optional and non-default), but there is no other benefit from them.

Symantec/other "in-the-cloud" companies are all using the cloud as a supporting means of protection. Their cloud technology is not intelligent enough on its own to sustain a reasonable level of protection while ours is because of the vast differences behind the hood. We've spoken with many of the cloud vendors and compared technology and while we all may use the same overused nomenclature of CLOUD CLOUD CLOUD, the approach is the polar opposite (and for confidentiality reasons/IP reasons we can't go into too much detail here I'm afraid). <-QUOTE}


I respect your comment, and have read the post after the one that's quoted here, but I think you said why the installer is so big yourself; the other components. Sure, it might seem big, and I think this is improved all the time - but PLEASE keep in mind that this has NOTHING to do with the software's effectivity and the technology that's inside it. It was a bad move by you to make to be honest. I should also note that I believe even NIS, which is the "biggest" product using Quorum, is not that big too. I think 60 or 70 MBs to be fair, but I might be wrong on this point. What I'm saying is that has nothing to do with the subject, so don't go there.


I know you as a different company can't say "we have no chance against this company, so you choose", and by that I'm obviously not saying that this is the case, I simply mean I know you can't - but you gotta make a thorough analyzis on their technology if comparing before making claims. You could do that analyzis, and THEN prove why your software is better on this point, on that point - etc. THEN I would respect your reply. Now with only claims, I'm not at all. In your PM to me you made claims about the pop-up when I sort of proved you wrong; it's not even NEAR the same pop-up that you get from a known threat, it's being very clear that what the user sees is a new file, and that he or she should choose carefully what to do with it next.


"Their cloud technology is not intelligent enough on its own to sustain a reasonable level of protection while ours is because of the vast differences behind the hood. We've spoken with many of the cloud vendors and compared technology and while we all may use the same overused nomenclature of CLOUD CLOUD CLOUD, the approach is the polar opposite" - I suggest you explain why very firmly, cause this claim could backfire really quickly if not. It's a very aggressive claim.



I mean no offence by this message. All I mean is aggressive claims should be thought through VERY thoroughly - and not only that; explained with reasons, a really big why this is. The more aggressive or big the claim, the better explanation for it's needed.

Best regards...

{QUOTE-> Sure, it might seem big, and I think this is improved all the time - but PLEASE keep in mind that this has NOTHING to do with the software's effectivity and the technology that's inside it. <-QUOTE}

I think you've misunderstood my comment (or the progression of comments):

"Another question: would Prevx along with NIS 2010 be too much overlapping "in the cloud" technology?" - mvdu

"No, NIS' cloud technology is significantly different from ours so you can use them alongside each other (and neither is perfect )" - PrevxHelp

"Please elaborate - I'm completely open for a good explanation (and eventually discussion...). I don't mean just Symantec ofc. " - raven211

"The fact that NIS2010's installer is 88.49 MB and ours is .8MB pretty much sums it up" - PrevxHelp

You requested elaboration on my previous point, "NIS' cloud technology is significantly different from ours" and the fact that our software is 100x smaller shows that it is significantly different. I never said it is less effective because it is larger :-\

{QUOTE-> I simply mean I know you can't - but you gotta make a thorough analyzis on their technology if comparing before making claims. You could do that analyzis, and THEN prove why your software is better on this point, on that point - etc. <-QUOTE}

We have - but I don't think it is legally a good idea to go into technical details about another company's product on a forum. If they wanted to release more information about how their software works, they would have said it in a press release or in a whitepaper somewhere.

pbust's post here: http://www.wilderssecurity.com/showpost.php?p=1499228&postcount=12 goes into a bit more detail but he is still being intentionally cautious.

{QUOTE-> I'm not at all. In your PM to me you made claims about the pop-up when I sort of proved you wrong; it's not even NEAR the same pop-up that you get from a known threat, it's being very clear that what the user sees is a new file, and that he or she should choose carefully what to do with it next. <-QUOTE}

Sure, and we will be improving this in the future. We wagered on users reading through a prompt when shown to them which forces them to make a decision, but we will be lightening it up in Prevx 4.

{QUOTE-> "Their cloud technology is not intelligent enough on its own to sustain a reasonable level of protection while ours is because of the vast differences behind the hood. We've spoken with many of the cloud vendors and compared technology and while we all may use the same overused nomenclature of CLOUD CLOUD CLOUD, the approach is the polar opposite" - I suggest you explain why very firmly, cause this claim could backfire really quickly if not. It's a very aggressive claim. <-QUOTE}

Again, I'm just stating it logically, not aggressively. If their cloud protection provided all of the protected they wanted, they would do away with the other protection elements as they would be redundant. In Prevx, there is no reason to include a local database if you have at least a semi-reliable internet connection. Symantec's cloud protection does not duplicate the strength of their local database - it is an added layer.

"Another question: would Prevx along with NIS 2010 be too much overlapping "in the cloud" technology?" - mvdu

"No, NIS' cloud technology is significantly different from ours so you can use them alongside each other (and neither is perfect )" - PrevxHelp

"Please elaborate - I'm completely open for a good explanation (and eventually discussion...). I don't mean just Symantec ofc. " - raven211

"The fact that NIS2010's installer is 88.49 MB and ours is .8MB pretty much sums it up" - PrevxHelp

You requested elaboration on my previous point, "NIS' cloud technology is significantly different from ours" and the fact that our software is 100x smaller shows that it is significantly different. I never said it is less effective because it is larger :-\


- Okay, sorry for that misunderstanding. What I meant was exactly that its size doesn't have anything to do with its effectivity. And to be fair, since the cloud is about having things on the internet, the size of the installer shouldn't have anything to do with Quorum at all if I'm not mistaken. I hope you see my point on this. :)



We have - but I don't think it is legally a good idea to go into technical details about another company's product on a forum. If they wanted to release more information about how their software works, they would have said it in a press release or in a whitepaper somewhere.

- Some more information can be found here: http://community.norton.com/t5/Norton-Protection-Blog/New-Feature-for-Norton-Internet-Security-2010-Download-Insight/ba-p/113827 - you could probably refer to that on a couple of things when we discuss. ;)

The best source would ofc be the official forum, and specifically the following topic: http://community.norton.com/norton/board/message?board.id=nis2010_pb&thread.id=310 - Jesse Gough, one of the engineers of Quorum, is there to firmly explain the feature and how it works - and how it works with the other components. This among other employees who also provide information. I'm ofc there too. (RavenMacDaddy) ;D Look it through to see what you can find out. ;)

pbust's post here: http://www.wilderssecurity.com/showpost.php?p=1499228&postcount=12 goes into a bit more detail but he is still being intentionally cautious.

- And I've ofc replied to start a discussion on the subject and specifically Norton - the reason being nothing more than that's what I use. :D ;)


Sure, and we will be improving this in the future. We wagered on users reading through a prompt when shown to them which forces them to make a decision, but we will be lightening it up in Prevx 4.



"Again, I'm just stating it logically, not aggressively. If their cloud protection provided all of the protected they wanted, they would do away with the other protection elements as they would be redundant. In Prevx, there is no reason to include a local database if you have at least a semi-reliable internet connection. Symantec's cloud protection does not duplicate the strength of their local database - it is an added layer."


I know you meant that, but dragging Symantec into the "CLOUD CLOUD CLOUD" thingie and so on made me understand it as aggressive, so I probably got a little aggressive in return. - This is the big problem with communication with text, so I try to steer it up as good as I can when I reply. ;)

True, it's an added layer like you said. I think that is because definitions for example are simply a great thing in certain situations. Generic sigs and heuristics are there. A defintion is just that; a definition, tells the program EXACTLY what to do with certain malware, which is important for various types of malware, even if not for all.

You have it "in the cloud"; on the internet, which is an excellent idea, but also has its backside; it leaves the software to always communicate and upload/download data from the internet too. We have discussed why this is a problem atleast to me previously - no offence. (Slow process to open (new) programs, or newly installed programs, because Prevx has to communicate with the server to transfer and analyze data.)


Then we have the other components who're partly communicating with Quroum - partly handling their own bussiness. SONAR for example provides its behavior analyzis, which it then adds to what Quorum has to say to come to a conclusion. The whole suite and its components working as a whole.


Thanks for your reply, and I'll happily discuss this further! :)

{QUOTE->
- Okay, sorry for that misunderstanding. What I meant was exactly that its size doesn't have anything to do with its effectivity. And to be fair, since the cloud is about having things on the internet, the size of the installer shouldn't have anything to do with Quorum at all if I'm not mistaken. I hope you see my point on this. :) <-QUOTE}

Indeed it doesn't :)

{QUOTE-> I know you meant that, but dragging Symantec into the "CLOUD CLOUD CLOUD" thingie and so on made me understand it as aggressive, so I probably got a little aggressive in return. - This is the big problem with communication with text, so I try to steer it up as good as I can when I reply. ;) <-QUOTE}

My comment was: "We've spoken with many of the cloud vendors and compared technology and while we all may use the same overused nomenclature of CLOUD CLOUD CLOUD" - With [B]we all I was commenting on how overused the word "cloud" has become - not in AV alone but everywhere. Rather than calling something an online service, everyone is just throwing the word cloud around. At the rate it's going, soon Youtube, Google, and Facebook will all call themselves "cloud" applications. Yes, its true they run on a server, but then should we just rename the internet to "the cloud"? :)

{QUOTE-> True, it's an added layer like you said. I think that is because definitions for example are simply a great thing in certain situations. Generic sigs and heuristics are there. A defintion is just that; a definition, tells the program EXACTLY what to do with certain malware, which is important for various types of malware, even if not for all. <-QUOTE}

This is the difference between Prevx/Symantec - they still have local technology which provides an additional layer on top of what they provide in the cloud - we've been able to centralize everything with centralized definitions/generic signatures/and heuristics exactly as we would if we were to have a local database - it's just far faster to run it in the cloud and keeps it immediately updated.

{QUOTE-> You have it "in the cloud"; on the internet, which is an excellent idea, but also has its backside; it leaves the software to always communicate and upload/download data from the internet too. We have discussed why this is a problem atleast to me previously - no offence. (Slow process to open (new) programs, or newly installed programs, because Prevx has to communicate with the server to transfer and analyze data.) <-QUOTE}

I agree, and this is why we're going to have a local database in the future - it won't provide any additional protection, but it will provide "easier" protection.

The issue you had with opening new programs or newly installed programs will be entirely addressed in v4 - it isn't the communication with the server that is the slowdown for you, it is the fact that Windows opens each component of a program synchronously which makes any form of analysis a big drain on new programs.

"My comment was: "We've spoken with many of the cloud vendors and compared technology and while we all may use the same overused nomenclature of CLOUD CLOUD CLOUD" - With we all I was commenting on how overused the word "cloud" has become - not in AV alone but everywhere. Rather than calling something an online service, everyone is just throwing the word cloud around. At the rate it's going, soon Youtube, Google, and Facebook will all call themselves "cloud" applications. Yes, its true they run on a server, but then should we just rename the internet to "the cloud"? :) "


- Good point - I can't more than agree that it should be avoided to be used when it's not the "real deal". :D



"This is the difference between Prevx/Symantec - they still have local technology which provides an additional layer on top of what they provide in the cloud - we've been able to centralize everything with centralized definitions/generic signatures/and heuristics exactly as we would if we were to have a local database - it's just far faster to run it in the cloud and keeps it immediately updated."


- Credits goes to fellow member Pleonasm ; "FYI -- Readers of this thread may be interested in the conversation occurring here (http://community.norton.com/norton/board/message?board.id=nis2010_pb&message.id=436&query.id=1051503#M436) about changes in scanning in Norton Internet Security 2010. It appears that NIS10 will by default will only examine files that are unrecognized by Quorum, greatly speeding a system scan." Then you take that together with Auto-Protect with its generic-detection and so on, and SONAR which cooperates with Quorum with its behavioral protection. Already there we've the "circle". ;D


"The issue you had with opening new programs or newly installed programs will be entirely addressed in v4 - it isn't the communication with the server that is the slowdown for you, it is the fact that Windows opens each component of a program synchronously which makes any form of analysis a big drain on new programs."

- Thanks for that information - it indeed explains and helps a lot. :)


Best regards, and I'm looking forward to hearing from you soon. ;)

Has there been any resolution to the Vipre compatibility issues talked abouy earlier, ie quick scan and roolit?

{QUOTE-> Has there been any resolution to the Vipre compatibility issues talked abouy earlier, ie quick scan and roolit? <-QUOTE}

It may be worth trying it once more as Vipre has released some updates and I know there are a few users here who are using both Vipre and Prevx 3.0.

Let me know what your results are :)

{QUOTE-> It may be worth trying it once more as Vipre has released some updates and I know there are a few users here who are using both Vipre and Prevx 3.0.

Let me know what your results are :) <-QUOTE}

Vipre still hangs during rootkit scans on my system. Runs fine when rootkit scans are turned off.

Also was having trouble with OA3.5 somehow disabling Prevx ability to run. There were some test files on the OA forum site and Prevx allowed them to run. Had to uninstall and reinstall Prevx. Seems to be running fine after that but I have not retested.

{QUOTE-> Vipre still hangs during rootkit scans on my system. Runs fine when rootkit scans are turned off.

Also was having trouble with OA3.5 somehow disabling Prevx ability to run. There were some test files on the OA forum site and Prevx allowed them to run. Had to uninstall and reinstall Prevx. Seems to be running fine after that but I have not retested. <-QUOTE}

We're looking into the Prevx/OA incompatibility as well as a few other beta testers now and hoping to have a solution shortly with the next upgrade. For now uninstalling/reinstalling does seem to solve it but we'll have more details as soon as we've distributed test versions after they're finished.

Thanks for the information :)

{QUOTE-> We're looking into the Prevx/OA incompatibility as well as a few other beta testers now and hoping to have a solution shortly with the next upgrade. For now uninstalling/reinstalling does seem to solve it but we'll have more details as soon as we've distributed test versions after they're finished.

Thanks for the information :) <-QUOTE}

I am waiting eagerly for both the next versions of Prevx and Vipre. My guess is all my problems will be solved. ;D I have come to the conclusion that even though I really like OA, I would probably give it up for Prevx because I like Prevx more and I have a lifetime to Outpost Pro. So many choices, so little $.

I find it annoying that when I press view threats it starts to scan.
When will this issue be fixed?

This issue was previously raised in this post
http://www.wilderssecurity.com/showpost.php?p=1476158&postcount=4199

{QUOTE-> I find it annoying that when I press view threats it starts to scan.
When will this issue be fixed?

This issue was previously raised in this post
http://www.wilderssecurity.com/showpost.php?p=1476158&postcount=4199 <-QUOTE}

I'm unsure if this is a real issue - the "View Threats" button detects if a scan is required either by checking if the files were detected x hours ago or if there has been change in programs on the harddisk. However, if you run a scan and then immediately click View Threats after the scan finishes (after going back to the status screen), it should let you view the threats.

Could you let me know if it still requires a scan for you when clicking View Threats shortly after a scan?

{QUOTE-> I'm unsure if this is a real issue - the "View Threats" button detects if a scan is required either by checking if the files were detected x hours ago or if there has been change in programs on the harddisk. However, if you run a scan and then immediately click View Threats after the scan finishes (after going back to the status screen), it should let you view the threats.

Could you let me know if it still requires a scan for you when clicking View Threats shortly after a scan? <-QUOTE}
Thanks for the quick reply:D
Quote: the "View Threats" button detects if a scan is required either by checking if the files were detected x hours ago or if there has been change in programs on the harddisk.

I understand that.

My issue was: I rebooted my pc and returned some minutes later and after logging in I had the threats detected warning.

IMHO clicking view threats should allow me to do just that... view the threat.

It's no big issue, just confusing:-\

Also the response given to post 4199 didn't help me. I assumed there would be a fix.

What is the prevx upgrade policy? Do all customers with curent paid prevx edge licence able to download most recent version when it is released?

{QUOTE-> Thanks for the quick reply:D
Quote: the "View Threats" button detects if a scan is required either by checking if the files were detected x hours ago or if there has been change in programs on the harddisk.

I understand that.

My issue was: I rebooted my pc and returned some minutes later and after logging in I had the threats detected warning.

IMHO clicking view threats should allow me to do just that... view the threat.

It's no big issue, just confusing:-\

Also the response given to post 4199 didn't help me. I assumed there would be a fix. <-QUOTE}

I think there may be another factor involved on your system - is it possible that any of the detected malicious programs would run on bootup? I tried it locally on my PC, adding a bad file, scanning, rebooting, and it went directly to a file list on bootup. However, it seems that if something runs early on you may end up in the spot where you are with the View Threats button not working.

Also, to clarify, are you seeing a list of files at all, or does it just start on the page with the "View Threats" button?

Thanks! ;D

{QUOTE-> I think there may be another factor involved on your system - is it possible that any of the detected malicious programs would run on bootup? I tried it locally on my PC, adding a bad file, scanning, rebooting, and it went directly to a file list on bootup. However, it seems that if something runs early on you may end up in the spot where you are with the View Threats button not working.

Also, to clarify, are you seeing a list of files at all, or does it just start on the page with the "View Threats" button?

Thanks! ;D <-QUOTE}

My mistake I didn't reboot... it was a start from standby:-[
I had an issue with MSE trying to remove the eicar test virus ( which it couldn't) and I Kept clicking away the Prevx warnings.

Therefore the warning at start-up

My post was only to express my thoughts on the View Threats button.

My apologies for any confusion I may have caused and thanks for your concern regarding possible malware on my system upon rebooting:-[ ...

{QUOTE-> My mistake I didn't reboot... it was a start from standby:-[
I had an issue with MSE trying to remove the eicar test virus ( which it couldn't) and I Kept clicking away the Prevx warnings.

Therefore the warning at start-up

My post was only to express my thoughts on the View Threats button.

My apologies for any confusion I may have caused and thanks for your concern regarding possible malware on my system upon rebooting:-[ ... <-QUOTE}

Ah - that may indeed be an issue. I'll see what we can find shortly! Thanks for the information :)

{QUOTE-> IMHO clicking view threats should allow me to do just that... view the threat.

It's no big issue, just confusing:-\ <-QUOTE}
I agree with this post. Why shouldn't View Threats allow the user to view the threats? It's not very intuitive the way it is. Scan means scan & View Threats means scan? :-\

{QUOTE-> I agree with this post. Why shouldn't View Threats allow the user to view the threats? It's not very intuitive the way it is. Scan means scan & View Threats means scan? :-\ <-QUOTE}

This should very very rarely happen - could you possibly describe a reproducible condition that would cause this if you can get it to happen on-demand?

Sure. It just happened. I ran Hitman Pro scan with Prevx protection stopped. Upon completion, I ran Hitman Pro scan a second time, this time with Prevx protection enabled. Prevx alerted on an Age/Spread Criteria Violation Detection for an older geswall.sys file. I told Prevx to always trust the file. The Prevx systray icon was red, so I clicked on it. I saw "View Threats". I clicked on View Threats (thinking I would see the geswall.sys file) and instead Prevx launched into a scan.

{QUOTE-> Sure. It just happened. I ran Hitman Pro scan with Prevx protection stopped. Upon completion, I ran Hitman Pro scan a second time, this time with Prevx protection enabled. Prevx alerted on an Age/Spread Criteria Violation Detection for an older geswall.sys file. I told Prevx to always trust the file. The Prevx systray icon was red, so I clicked on it. I saw "View Threats". I clicked on View Threats (thinking I would see the geswall.sys file) and instead Prevx launched into a scan. <-QUOTE}

This would be one of the times it would happen - if you've changed the determination of a file (trusted/blocked/trust once/etc.) that forces it to rescan as at that point the determination known would be incorrect so showing the list of detected files could be misleading.

However, I tend to think we should be able to get around this :) Although that currently is the intended behavior, I agree that "View Threats" should do as labeled in all cases - the only difficulty is keeping track of if all of the threats have been ignored, requiring the status to be refreshed.

I'll see what we can do with this in either the next release or definitely in 4.0.

Thanks for the detailed report!

Originally Posted by Page42
Sure. It just happened. I ran Hitman Pro scan with Prevx protection stopped. Upon completion, I ran Hitman Pro scan a second time, this time with Prevx protection enabled. Prevx alerted on an Age/Spread Criteria Violation Detection for an older geswall.sys file. I told Prevx to always trust the file. The Prevx systray icon was red, so I clicked on it. I saw "View Threats". I clicked on View Threats (thinking I would see the geswall.sys file) and instead Prevx launched into a scan.


Simular problem
http://www.wilderssecurity.com/showthread.php?p=1522930#post1522930
Post 4416

Read the response

Joe: First hit on a scan in a while, is this an fp?

C:\Program Files\DigiPortal Software\ChoiceMail\CMOInstaller.exe » WISE » CMWSingleUserInstall266.exe » WISE » coach.exe - probably a variant of Win32/SdBot trojan

Program is a email filter one that I've used since 2002 and no hits before. Please advise.

EDIE: Whoops, sorry, got the programs mixed up. This was NOT Prevx, but another program. Prevx came up clean!