-{ Quote: "I've been trying to read most of this thread so sorry if similar questions have been asked. I'm currently running KIS 2009 and SAS with real-time scanning. Which if any does this replace? I'm assuming I could at least dump SAS with this?

Also, I assume this is next to useless without a net connection as the definitions are on-line?" }-

If i had to choose id be running Edge with SAS in realtime instead of kav but thats just me

-{ Quote: "Also, I assume this is next to useless without a net connection as the definitions are on-line?" }-
Yes, Edge gets its strength from the online community database. Only few detection techniques remain usefull offline. But if you could manage to be online, when you first execute a new program, that should help.

... as far as I understand.

WOW.
31 page/753 Post.

PrevX Support: Is PrevXEdge compatible with Zemana's AntiLogger? Or is having NIS 2009, Zemana AntiLogger and PrevX Edge too much?

Is there any way to try the cleanup abilities or you have to buy the product first?

-{ Quote: "Is there any way to try the cleanup abilities or you have to buy the product first?" }-
This has been raised before and I think that Prevx are considering a 30 day completely unrestricted trial period just so that the cleanup abilities can also be tested...but since this was discussed I have not heard anything more about this.

yep im still waiting on the functional 30 day trial

-{ Quote: "This has been raised before and I think that Prevx are considering a 30 day completely unrestricted trial period just so that the cleanup abilities can also be tested...but since this was discussed I have not heard anything more about this." }-

Ah, ok, Looking forward it.

-{ Quote: "This has been raised before and I think that Prevx are considering a 30 day completely unrestricted trial period just so that the cleanup abilities can also be tested...but since this was discussed I have not heard anything more about this." }-

This is correct - we are still planning the evaluation modifications, but the new design will be coming soon :)

-{ Quote: "PrevX Support: Is PrevXEdge compatible with Zemana's AntiLogger? Or is having NIS 2009, Zemana AntiLogger and PrevX Edge too much?" }-

We haven't experienced any problems with Zemana or NIS, so, it would be worth a try IMO

-{ Quote: "Thanks for your informative reply.

If the file is unknown then, you initially do not take a copy for analysis but you monitor it's behaviour on the system. Then I assume send the information gathered back to update your database. If you need the whole file because of insufficient information, do you just transmit it automatically? If I wrote an executable that you would never have come across before, would you take a copy of it?

I didn't relialise Prevx Edge would protect against keyloggers aswell. I couldn't find it mentioned on your web site. Probably missed it. Anyway, will have to see how it performs against AKLT." }-

We pick and choose what programs we require - we don't grab a copy of every program as that is generally unnecessary and we can gather the behaviors automatically (which saves bandwidth, processing power, etc. over sending the entire file).

Edge does protect against real keyloggers - AKLT is a leaktest which is not necessarily covered by Edge because it exhibits significantly different behavior from a real, malicious keylogger.

-{ Quote: "In general I have only used KIS 2009 without any other real time scanning given that so far the potential for the real time scanning in KIS and the other application to conflict has been very real.

In response to you question I would say that Prevx Edge would replace SAS in terms of real time scanning but I would keep it for back up, on demand scanning (that is what I do).

Not sure about the online query but believe that not being online does not make Prevx Edge useless as it uses black & white lists, rather it may make it less effective as it cannot keep them updated. But perhaps the Man from Prevx can confirm/dispute that.;D" }-

Mosqu's post accurately describes our system:

-{ Quote: "
Yes, Edge gets its strength from the online community database. Only few detection techniques remain usefull offline. But if you could manage to be online, when you first execute a new program, that should help.

... as far as I understand." }-

Hope that helps :)

Hi,

Could someone PM me a sampe submission email address please as I have a file to send in for analysis.

Cheers

Jlo

Going to trial this for a while. I see Defense + in Comodo blocked Prevx Edge from accessing the memory of cmdagent.exe but other than that, smooth as.

PH, has Edge been tested against all of the RoBoDoG trojans? could be a set-up question, though it might not be.


Mike

Does Prevx EDGE protect against Sinowal/Mebroot trojan?

Yuppers. Don't ask me how I know. ;D

-{ Quote: "Does Prevx EDGE protect against Sinowal/Mebroot trojan?" }-

Yes it does. It prevents infections and it has been one of the first scanners (CSI) to detect infections caused by MBR rootkit

-{ Quote: "PH, has Edge been tested against all of the RoBoDoG trojans? could be a set-up question, though it might not be.


Mike" }-

We've tested Edge against tons of infections and it always succesfully detected and removed them. Anyway, as you can have seen in this thread, if you find out any infection that is not detected by Edge, just PM us :)

-{ Quote: "Hi,

Could someone PM me a sampe submission email address please as I have a file to send in for analysis.

Cheers

Jlo" }-

Hi there,

please check here http://www.wilderssecurity.com/showpost.php?p=1349385&postcount=392 :)

Thank you! :)

Is there an issue with 1.72 and the tray icon/protection? When Windows loaded this morning I ended up with two icons - one green and one red. The green one goes when I hover over it and I get Prevx dis disabled? And yesterday I had no icon at all!

-{ Quote: "Is there an issue with 1.72 and the tray icon/protection? When Windows loaded this morning I ended up with two icons - one green and one red. The green one goes when I hover over it and I get Prevx dis disabled? And yesterday I had no icon at all!" }-

Known issue apparently and Prevx are working on it. Presumably if you try and re-enable (the red one) PX simply requests a reboot and you loop the same scenario? I've gotten similar scenario from every build from 165 to 185 (only on one testbed though).

If so one thing you consider trying is a (very)crude work-around (until fix):

Check if pxark (probably named CSIScanner) in SERVICES(via MMC) is on automatic and has started? (if it hasn't you should also have an entry in SYSTEM event log indicating pxark failed to start before it timed out)

If it isn't running try manually starting. If this "kicks" PX3 into life then you can semi automate this by using the RECOVERY options for that service by introducing a restart delay. The amount depends on how long the desktop startup takes to stabilise/complete eg in my memory constrained VM test system i used 10min for first and second recovery restarts.

If above doesn't apply then check you also have SELF PROTECTION option on PX3 disabled.

hth (I guess I now also have to append disclaimers: I'm not an expert, use at your own risk etc etc)

I tried PrevX Edge Protection + Cleanup (I asked at support and they gave me a 7 day license).
It's still buggy, especially GUI bugs, but I think that they will be fixed quickly.
The only major problem I had is that I couldn't uninstall correctly, every time I tried I got a BSOD about the pxark.sys driver, I don't remember the BSOD message though, it was probably because the driver couldn't be unloaded. I had to boot into safe mode to uninstall correctly.

-{ Quote: "I tried PrevX Edge Protection + Cleanup (I asked at support and they gave me a 7 day license).
It's still buggy, especially GUI bugs, but I think that they will be fixed quickly.
The only major problem I had is that I couldn't uninstall correctly, every time I tried I got a BSOD about the pxark.sys driver, I don't remember the BSOD message though, it was probably because the driver couldn't be unloaded. I had to boot into safe mode to uninstall correctly." }-

I experienced exactly the same problem. v180 wasn't loading protection at bootup and restarting as suggested didn't work and resulted in an endless loop.

I then tried to uninstall it and got a prevx messaging saying uninstallation successful but this was quickly followed by a BSOD with an error message reguarding the pxark.sys driver which couldn't be unloaded. Once started up I found that Prevx hadn't been uninstalled as reported by the message box and was forced to use safe mode like emperordarius to uninstall it.

I am now back to using v172 which appears to be stable on my system but I am unsure whether it will have the same BSOD issue with uninstallations as v180 did. I believe that Prevx are working on a solution to this significant problem and it should be resolved soon. Just out of curiosity which version did u experience the problem with emperordarius?

-{ Quote: "I experienced exactly the same problem. v180 wasn't loading protection at bootup and restarting as suggested didn't work and resulted in an endless loop.

I then tried to uninstall it and got a prevx messaging saying uninstallation successful but this was quickly followed by a BSOD with an error message reguarding the pxark.sys driver which couldn't be unloaded. Once started up I found that Prevx hadn't been uninstalled as reported by the message box and was forced to use safe mode like emperordarius to uninstall it.

I am now back to using v172 which appears to be stable on my system but I am unsure whether it will have the same BSOD issue with uninstallations as v180 did. I believe that Prevx are working on a solution to this significant problem and it should be resolved soon. Just out of curiosity which version did u experience the problem with emperordarius?" }-

Exactly the same with me.
I used the latest version, so I guess it was 180

-{ Quote: "Does Prevx EDGE protect against Sinowal/Mebroot trojan?" }-

yes.


Mike

okay i am sure this has been explained already, but i'm just not getting it...so bear with me...please.

how can one tell if Edge is blocking from the white/black list, or when it's blocking from intelligence?

as from what i understand P3's big advantage over P2 is the advancement of it's hueristics and sandboxing technology. i would like to see Edges behavioral analysis at work. is there any way to singularly test it?

for example when i decided not to renew my license for P2, i knew i still needed something to cover my often erroneous decision making at the HIPS pop-up. my first solution was Threatfire (for around the 8th time) but then after testing A2 Anti-malware on a different snapshot against Threatfire with identical samples of malware, A2 blocked on more single behaviors than did Threatfire (not bashing TF, just recalling my observations on that day with a relatively small sampling of malcode). the point is, i was able to see A2 in action so to speak and see what behaviors A2 considered dangerous. subsequently, in spite of my favorable impressions of it's malcode thwarting abilities i was/am glad to see it off of my system. welcome back Prevx.

so, how can i raise the hood and peek in??


Mike

V. 3.0.0.188 is now available. I wasn't having issues with v. 3.0.0.180, but I updated and things are running smoothly.

-{ Quote: "V. 3.0.0.188 is now available. I wasn't having issues with v. 3.0.0.180, but I updated and things are running smoothly." }-

Where is 3.0.0.188 from? Just re-downloaded and its still 172

yep, it is the new one:)

-{ Quote: "Where is 3.0.0.188 from? Just re-downloaded and its still 172" }-

You need to clear your browser cache. This is exact same issue with tons of vendors who fail to include versions in filename. :(

Is it safe to install over the previous installation?

-{ Quote: "Is it safe to install over the previous installation?" }-

I installed over previous version and everything seems OK.
Don't know why Check for Updates didn't work though.

Is there a log of Edge activity anywhere and can the 'authenticating file' pop-up's be disabled?

Under "Tools and Settings" there is an option to save scan results. That might be what you are looking for. Not sure on the other.

Hello everyone,
We have released v3.0.0.188 which now corrects the issues with loading on bootup, various AV compatibilities, self protection, and a handful of other bugs. It currently is only available to new users but it will be out for update soon.

You can download it from http://info.prevx.com/downloadedge.asp.

Please let me know if you have any problems!

-{ Quote: "Is there a log of Edge activity anywhere and can the 'authenticating file' pop-up's be disabled?" }-

We don't have a way of disabling the popup, but we will add it in as an update soon. We also don't log everything chronologically, however, as Threedog said, you can save a scan log which will contain a majority of the files we've looked at during the analysis process.

Let me know if you have any questions :)

Hi All,

Really so impressed with Edge. I found a new downloader which was not detected by Prevx Edge (Did a manual scan and showed file as clean)

Was going to send in the file but decided to run the file in Sandboxie explorer. As soon as it was double clicked on the file was blocked. Afterwards i did a manual scan and guess what, its now detected as 'Comunity outeredge' however when I visit the webpage for more info it says the file is currently being reviewed.

Says first seen in Uk and spain on the 23rd November so it much at triggered the heuristics.

Nice work.

Can I ask what a 'Comunity Outeredge' detection is?

Many Thanks

Jlo

-{ Quote: "Hi All,

Really so impressed with Edge. I found a new downloader which was not detected by Prevx Edge (Did a manual scan and showed file as clean)

Was going to send in the file but decided to run the file in Sandboxie explorer. As soon as it was double clicked on the file was blocked. Afterwards i did a manual scan and guess what, its now detected as 'Comunity outeredge' however when I visit the webpage for more info it says the file is currently being reviewed.

Says first seen in Uk and spain on the 23rd November so it much at triggered the heuristics.

Nice work.

Can I ask what a 'Comunity Outeredge' detection is?

Many Thanks

Jlo" }-


Great to hear :) Community.OuterEdge is one of our heuristics, primarily configured by the "Age / Popularity" measures on Edge Settings > Heuristics Settings. This finds programs which appear to be on the "outer edge" of the community - ones that are extremely unpopular and contain suspicious attributes. The file is still being "currently reviewed" because the website doesn't have all of the heuristics that the client has - the website is for mostly "cut and dry" determinations.

Let me know if you have any questions :)

Interesting. Am running 172 but am able to uninstall with no ill effects (in fact KIS forces me to uninstall Prevx every time I want to update KIS). I have an Exclusion rule set up in KIS to handle PXARK.SYS. If you are using KIS do you have the same or could this be the casue of the issue...in some way.

I will try it with 188 and see what happens.

-{ Quote: "okay i am sure this has been explained already, but i'm just not getting it...so bear with me...please.

how can one tell if Edge is blocking from the white/black list, or when it's blocking from intelligence?

as from what i understand P3's big advantage over P2 is the advancement of it's hueristics and sandboxing technology. i would like to see Edges behavioral analysis at work. is there any way to singularly test it?

for example when i decided not to renew my license for P2, i knew i still needed something to cover my often erroneous decision making at the HIPS pop-up. my first solution was Threatfire (for around the 8th time) but then after testing A2 Anti-malware on a different snapshot against Threatfire with identical samples of malware, A2 blocked on more single behaviors than did Threatfire (not bashing TF, just recalling my observations on that day with a relatively small sampling of malcode). the point is, i was able to see A2 in action so to speak and see what behaviors A2 considered dangerous. subsequently, in spite of my favorable impressions of it's malcode thwarting abilities i was/am glad to see it off of my system. welcome back Prevx.

so, how can i raise the hood and peek in??" }-

There is no singular way to test the heuristics - as jlo just discovered, it is generally easiest to test it against real malware in the wild. The problem is that the behaviors that occur on your computer are aggregated against every behavior in the community, so, the malware might not be blocked because of the "Registry bootup entry" behavior on your computer but it is blocked because of the "Start Global Thermonuclear War" behavior found on a computer somewhere in another country ;D

-{ Quote: "Great to hear :) Community.OuterEdge is one of our heuristics, primarily configured by the "Age / Popularity" measures on Edge Settings > Heuristics Settings. This finds programs which appear to be on the "outer edge" of the community - ones that are extremely unpopular and contain suspicious attributes. The file is still being "currently reviewed" because the website doesn't have all of the heuristics that the client has - the website is for mostly "cut and dry" determinations.

Let me know if you have any questions :)" }-

Brilliant. Got mine both set at 'medium heuristics' so has done the job. On the Prevx website where it shows the file I have flagged it as Bad.

Cheers

Jlo

-{ Quote: "Interesting. Am running 172 but am able to uninstall with no ill effects (in fact KIS forces me to uninstall Prevx every time I want to update KIS). I have an Exclusion rule set up in KIS to handle PXARK.SYS. If you are using KIS do you have the same or could this be the casue of the issue...in some way.

I will try it with 188 and see what happens." }-
Just installed 188 with no problems. It was an over the top install. Have run a scan and it appears to be faster than with 172. Boot up seems on the face of it to be the same. Just now need to monitor for those 'Prevx is unable to start and requires a reboot' events that I have sufferred from in the past.

Well done the Prevx Team...seems to be a good'un!:thumb:

-{ Quote: "Just installed 188 with no problems. It was an over the top install. Have run a scan and it appears to be faster than with 172. Boot up seems on the face of it to be the same. Just now need to monitor for those 'Prevx is unable to start and requires a reboot' events that I have sufferred from in the past.

Well done the Prevx Team...seems to be a good'un!:thumb:" }-

Great :) Thanks for the testing. We ran hundreds of boot cycles with 188 and have not experienced the problem again so it does appear to be fixed.

If for some reason it does fail, wait a minute or two - the process will automatically start up soon after it should have if for some reason it doesn't :) (just as a failsafe in the event that something stops working)

New version all good here so far too.

It found an FP which I told it to trust, but now the icon is red saying a threat has been detected which obviously it hasn't! How do I clear the warning?

-{ Quote: "New version all good here so far too.

It found an FP which I told it to trust, but now the icon is red saying a threat has been detected which obviously it hasn't! How do I clear the warning?" }-
I think that if you relauch a scan it should come up clean (if you have advised of the FP and can see it recorded in Detection Overrides) and the icon should go back to green.;D

-{ Quote: "New version all good here so far too.

It found an FP which I told it to trust, but now the icon is red saying a threat has been detected which obviously it hasn't! How do I clear the warning?" }-


As Baldrick said, you can rescan and it will reset the status to green :) Also, could you PM me the incorrect entry from the scan log (Tools and Settings > Save Scan Results) so I can correct it in the database? :)

-{ Quote: "We ran hundreds of boot cycles with 188 and have not experienced the problem again so it does appear to be fixed." }-
Not here it's not.
V172 has run flawlesslessly on this system (with no other security software on it). However, v188 has exactly the same issue as v 182 in not starting up at all. I've rebooted the damned machine five times now and Edge still won't start up.
I'm reluctant to reimage my system yet again to accommodate this one prog and I don't have a link to v172. Could you tell me where to download it please.

-{ Quote: "Not here it's not.
V172 has run flawlesslessly on this system (with no other security software on it). However, v188 has exactly the same issue as v 182 in not starting up at all. I've rebooted the damned machine five times now and Edge still won't start up.
I'm reluctant to reimage my system yet again to accommodate this one prog and I don't have a link to v172. Could you tell me where to download it please." }-
Hi Clive

I still have a copy. If you want it then PM me and I will email it to you.;D

@ Baldrick.
Thanks - I might take you up on that but see the following first!

@ PrevxHelp
Since my post above I've:
- Uninstalled Edge
- Rebooted to safe mode to install v188 unsuccessfully (the installation crashed with a MS error message)
- Rebooted to normal mode and installed v188.
- During its initial scan it found an 'infected' file at windows\system32\msscript.ocx - which I believe to be a legitimate file. I let it clean it and entered an endless loop of "infected file found" - clean - scan - clean - scan etc.
- I got the hump and restarted the PC and Edge now seems to have settled down. This is hard work!

Edited for typo

I am having none of the problems with 188 that have been described above. I just suspended Edge, and installed 188 over the top. Everything has worked perfectly.

Is it me or are there a lot of FP's generated by Edge?

-{ Quote: "Is it me or are there a lot of FP's generated by Edge?" }-

I've gotten 7 in total that were all fixed within the hour. None now.

-{ Quote: "I've gotten 7 in total that were all fixed within the hour. None now." }-
That seems a lot to me. I suppose it's early day's for the community database.

-{ Quote: "@ Baldrick.
Thanks - I might take you up on that but see the following first!

@ PrevxHelp
Since my post above I've:
- Uninstalled Edge
- Rebooted to safe mode to install v188 unsuccessfully (the installation crashed with a MS error message)
- Rebooted to normal mode and installed v188.
- During its initial scan it found an 'infected' file at windows\system32\msscipt.ocx - which I believe to be a legitimate file. I let it clean it and entered an endless loop of "infected file found" - clean - scan - clean - scan etc.
- I got the hump and restarted the PC and Edge now seems to have settled down. This is hard work!" }-
Hi Clive

If you get what you believe to be an FP you should be able to record it as such in which case the information should be transmitted to Prevx so that they can review/adjust their definitions/white & black lists, etc., but it should also log the override in Detection Overrides. That is what I have done wit a couple of what I believe to be FPs and this appraoch seems to have worked really well for me!;)

-{ Quote: "........but it is blocked because of the "Start Global Thermonuclear War" behavior found on a computer somewhere in another country ;D" }-

gasp! you mean someone would actually want to block that?!?!? :'( :doubt: ;D

okay, well i think i've got it, but i have thought that before! thanks.


Mike

I scheduled a scan at 5pm or next boot up. I booted at 6.30pm and never noticed a scan and in the Prevx window it said 'last scan over ten hours ago' (Can't remember exactly how long ago it was but it was something like 12 hours ago). I was using the .172 version (the one previous to .188 )

-{ Quote: "Is it me or are there a lot of FP's generated by Edge?" }-

Based on observations of feedback here? and/or on your own PE3 experience?
In both cases related to what specific HEURISTIC settings on what version(s)?

Number of FP's compared with what? Even PX2 still throws the odd FP and in earlier days had (IMO) subjectively an equally high number (if not more in relation to age of product) to PE3? However I personally always found the response via either the forums(Castlecops) and/or direct to Px TS was superlative with FP's resolved in hours or worst case within 24hrs even during PE3 development when PX forum presence was greatly diminished.
To date Joe seems to be angling for a well deserved Xmas bonus by reducing the FP TAT to minutes! :P

I suspect those that complained previously of tardy technical support were either less than diligent in initially providing basic environmental diagnostic information on versions,OS,source,PX5/MD5 id's and any comparative testing with other products or were singularly unlucky in perhaps having their emails (ISP's) blacklisted by Prevx mail servers(or vice versa)?

Point is I suspect the backend AI and thus ultimately the local heuristics (rules updates) will always be subject to "tweaking"/"fine-tuning" as that is inherently the "nature of the beast".

I would suggest what we should be really concerned about is any false-'ves !!!

Have rebooted a significant number of times since installing 188 and so far have not come across any of those 'Prevx is unable to start and requires a reboot' events that I have suffered from in the past.

As I said in a previous post...looking good...Well done the Prevx Team...seems to be a good'un!;D

To Prevx:

Just noticed spyware terminator (http://www.spywareterminator.com/download/download.aspx) is listed as a problem file. ;)

@Clive_T: Safemode may cause difficulty during installation, we will take a look into reproducing it. Could you click Tools and Settings > Save Scan Results and send me (or PrevxMalwareHelp) the log entry of the legitimate script activex component which we are falsely detecting?

RE: False positives in general - as Horseman has said, our new heuristic engines are constantly being tuned and as Edge becomes more widely used, it will have a lesser number of false positives just because of the more complete picture of programs from the community.

I do keep a close eye on false positives and forward them over to the malware guys who update/modify the rules to help make things as seamless as possible :) Edge just sees programs differently than P2 did, so, there are going to be marginally more false positives early in its life.

-{ Quote: "I scheduled a scan at 5pm or next boot up. I booted at 6.30pm and never noticed a scan and in the Prevx window it said 'last scan over ten hours ago' (Can't remember exactly how long ago it was but it was something like 12 hours ago). I was using the .172 version (the one previous to .188 )" }-

Hello,
We stagger scan times based around bootup to make sure that we don't accidentally overload a large enterprise network by having every computer scan at once. Generally, the scan should start within 1 hour of bootup if the scan time was missed and if the last scan was > 1 hour ago. If you could let me know - did a scan start sometime before 7:30 (the last time scanned should now be < 10 hours if it did)?

The logic is quite complicated to control the scan, but it is carefully designed so please let us know if you are still experiencing something out of the ordinary :)

-{ Quote: "Based on observations of feedback here? and/or on your own PE3 experience?
In both cases related to what specific HEURISTIC settings on what version(s)?

Number of FP's compared with what? Even PX2 still throws the odd FP and in earlier days had (IMO) subjectively an equally high number (if not more in relation to age of product) to PE3? However I personally always found the response via either the forums(Castlecops) and/or direct to Px TS was superlative with FP's resolved in hours or worst case within 24hrs even during PE3 development when PX forum presence was greatly diminished.
To date Joe seems to be angling for a well deserved Xmas bonus by reducing the FP TAT to minutes! :P

I suspect those that complained previously of tardy technical support were either less than diligent in initially providing basic environmental diagnostic information on versions,OS,source,PX5/MD5 id's and any comparative testing with other products or were singularly unlucky in perhaps having their emails (ISP's) blacklisted by Prevx mail servers(or vice versa)?

Point is I suspect the backend AI and thus ultimately the local heuristics (rules updates) will always be subject to "tweaking"/"fine-tuning" as that is inherently the "nature of the beast".

I would suggest what we should be really concerned about is any false-'ves !!!" }-
It was based on feedback on this forum. I personally have had no FP's. However, one member did have 7 which does seem a lot to me. PrevxHelp posted on this forum that one of the strengths with Edge compared with HIP's is that it does not rely on the user to make decisions.

PrevxHelp quote "The problem is that while you are inclined enough to make decisions on whether a file is good or bad based on the HIPS prompts you receive, there is a very large percentage of users that haven't the slightest idea what "modifying process memory" or "querying for direct disk access" means. Our "big brother" approach allows our centralized heuristics to work like a team of AV researchers, analyzing every behavior that comes in and deciding what the file should be determined as."

That is great if the team of AV researchers and experts also make the right decisions. If not, the ordinary user who may not know any better, may have wiped out some legitimate files that now causes serious problems.

Having said all that, I understand that it is early days for Edge and yes, I agree that false negatives are even more important.

-{ Quote: "Hello,
We stagger scan times based around bootup to make sure that we don't accidentally overload a large enterprise network by having every computer scan at once. Generally, the scan should start within 1 hour of bootup if the scan time was missed and if the last scan was > 1 hour ago. If you could let me know - did a scan start sometime before 7:30 (the last time scanned should now be < 10 hours if it did)?

The logic is quite complicated to control the scan, but it is carefully designed so please let us know if you are still experiencing something out of the ordinary :)" }-


I'll have a look out next time I reboot!

-{ Quote: "It was based on feedback on this forum. I personally have had no FP's. However, one member did have 7 which does seem a lot to me. PrevxHelp posted on this forum that one of the strengths with Edge compared with HIP's is that it does not rely on the user to make decisions.

PrevxHelp quote "The problem is that while you are inclined enough to make decisions on whether a file is good or bad based on the HIPS prompts you receive, there is a very large percentage of users that haven't the slightest idea what "modifying process memory" or "querying for direct disk access" means. Our "big brother" approach allows our centralized heuristics to work like a team of AV researchers, analyzing every behavior that comes in and deciding what the file should be determined as."

That is great if the team of AV researchers and experts also make the right decisions. If not, the ordinary user who may not know any better, may have wiped out some legitimate files that now causes serious problems.

Having said all that, I understand that it is early days for Edge and yes, I agree that false negatives are even more important." }-

And also, if its any consolation, the 7 false positives consisted of some duplicate files (yielding only 4 real false positives) and they were all on somewhat obscure programs. Every AV has false positives, and that is something we will never be able to avoid (even some extremely popular AVs which have been around for many years longer than us, if you read recent news).

We are adamantly working on improving the false positive resilience and we do thank everyone for reporting the FPs to us, as it allows us to tune our engines. I think we will see FPs improve significantly over time - we're just in a small transitional period currently which will end as soon as Edge gains more foothold on the market :)

One thing I would like to see is cusyomizable contect menu entries. Wuth those the context menu need not be so wide; I can use "Scan wiith Edge' as opposed to "Scan with Prevx Edge. As it is now the latter will just be recreated. Also, putting those entries in places where they cannot be of any use, ie the recylcle bin, or "My Computer" is needless because no files from those areas can even be scanned. That just seems like a lazy approach to adding the entries; all at once versus individually.

I got a FP while installing KeyScrambler 2.3. Edge flagged the installer KeyScrambler_Setup.exe as an infection.


Kid Shamrock

The scan ran 55 minutes after it was scheduled. The PC was running all afternoon and night so it decided to scan at 5.55pm when I set it for 5pm. Not a big deal to me, perhaps an option to run exactly when scheduled or a staggered scheduled scan for a large enterprise network is worth considering if enough people request it.

It runs very light and I've had no FP's despite running everything on my PC.

-{ Quote: "The scan ran 55 minutes after it was scheduled. The PC was running all afternoon and night so it decided to scan at 5.55pm when I set it for 5pm. Not a big deal to me, perhaps an option to run exactly when scheduled or a staggered scheduled scan for a large enterprise network is worth considering if enough people request it.

It runs very light and I've had no FP's despite running everything on my PC." }-

Thanks for letting me know. I'll ask if we can make an option to configure exactly when to schedule the scan :)

-{ Quote: "I got a FP while installing KeyScrambler 2.3. Edge flagged the installer KeyScrambler_Setup.exe as an infection.


Kid Shamrock" }-

We have corrected this false positive and similar false positives will be corrected in the future.

-{ Quote: "One thing I would like to see is cusyomizable contect menu entries. Wuth those the context menu need not be so wide; I can use "Scan wiith Edge' as opposed to "Scan with Prevx Edge. As it is now the latter will just be recreated. Also, putting those entries in places where they cannot be of any use, ie the recylcle bin, or "My Computer" is needless because no files from those areas can even be scanned. That just seems like a lazy approach to adding the entries; all at once versus individually." }-

Windows considers the Recycle Bin and My Computer to be legitimate folders, and therefore applied context menu entries to them that apply to normal folders.

I have yet to see "Scan with Prevx Edge" extend the context menu past what it is at by default on plain Windows installations - could you please send a screenshot showing it extending it larger than necessary?

-{ Quote: "Windows considers the Recycle Bin and My Computer to be legitimate folders, and therefore applied context menu entries to them that apply to normal folders.

I have yet to see "Scan with Prevx Edge" extend the context menu past what it is at by default on plain Windows installations - could you please send a screenshot showing it extending it larger than necessary?" }-

If "Scan with Prevx Edge" is the longest thing in the menu then the context menu will be wider. If not then it will be as wide as the longest item. For me it is. It would be nice to be able to edit the entry to whatever the user wants.

-{ Quote: "If "Scan with Prevx Edge" is the longest thing in the menu then the context menu will be wider. If not then it will be as wide as the longest item. For me it is. It would be nice to be able to edit the entry to whatever the user wants." }-

I'll add this to the "consideration" list, but that is a feature I honestly don't see ever being used by any more than a handful of users - it is just far too technical for any user to understand what it means.

-{ Quote: "We have corrected this false positive and similar false positives will be corrected in the future." }-


Confirmed. KeyScrambler and Prevx Edge working nicely alongside each other!

Is anyone else getting the disabled icon again and needing a re boot or is it just me. I had one yesterday and another one today. Any suggestions please?

-{ Quote: "Is anyone else getting the disabled icon again and needing a re boot or is it just me. I had one yesterday and another one today. Any suggestions please?" }-

Just to double check - are you using v3.0.0.188?

(And, is Self Protection enabled?)

-{ Quote: "Just to double check - are you using v3.0.0.188?

(And, is Self Protection enabled?)" }-

Wow, that was a quick response :-)

Yes, I am using 188, but the self defence was not ticked, so I have ticked it to see if that will help?

Thanks Rollers

-{ Quote: "Wow, that was a quick response :-)

Yes, I am using 188, but the self defence was not ticked, so I have ticked it to see if that will help?

Thanks Rollers" }-

Let me know if it helps at all :) Also, what other security products are you using? Some combinations may cause problems with Edge, but, if all else fails, it should restart itself within a few minutes of bootup.

-{ Quote: "Let me know if it helps at all :) Also, what other security products are you using? Some combinations may cause problems with Edge, but, if all else fails, it should restart itself within a few minutes of bootup." }-

Hi, I am only using Esets ESS realtime and prevx edge. The icon showed up but was disabled. Seems ok at the moment, so hopefully that will solve it.

Regards Rollers

Is the self-defence option required to be on, to stop the disabled issue?

-{ Quote: "Is the self-defence option required to be on, to stop the disabled issue?" }-

No, version 188 should fix it without self defense on at all, but there could be an incompatibility with ESET which may be more visible with self defense on.

-{ Quote: "No, version 188 should fix it without self defense on at all, but there could be an incompatibility with ESET which may be more visible with self defense on." }-

Ok, will run and see if the problem replicates. It would be interesting to know if anyone else is running the two together and whether they have run into any problems?
Thanks Rollers

I am running Now 188 with self defense on and Nod32 AV 3.0 with No conflics,However I do have Prevx.Exe in the exclusion of nod32.

One thing I have found is that even with 188 I had to go into the registry to remove as much of Threatfire as I could in order to stop having problems with Edge.
Even though I had uninstalled TF some part of it was running in the background and giving me a real headache.
I fixed it by restoring an image and then editing the registry.
Hope this help someone.
Edge is running properly now.
Hugger

You could have tried this removal tool for ThreatFire:
http://www.pctools.com/forum/showpost.php?p=191047&postcount=11

-{ Quote: "I am running Now 188 with self defense on and Nod32 AV 3.0 with No conflics,However I do have Prevx.Exe in the exclusion of nod32." }-

Hi thanks for your response. When you say you have excluded prevx.exe in Nod32 is that the one under advanced set up, exclusions? or do I need to exclude it anywhere else as well? Thanks Rollers

Hi there!

Prevx Edge (cleaning/blocking enabled) blocks the updated
version of Rootkit Unhooker (V 3.8.341.552) from installing.

When installed, RKU-executable gets a unique random filename, could it be
that this triggered heuristics?

The log shows it classified as "worm"

Andreas

-{ Quote: "Hi there!

Prevx Edge (cleaning/blocking enabled) blocks the updated
version of Rootkit Unhooker (V 3.8.341.552) from installing.

When installed, RKU-executable gets a unique random filename, could it be
that this triggered heuristics?

The log shows it classified as "worm"

Andreas" }-

Yes, I'd imagine something to do with the covert process installation, low level system access and random filename is triggering heuristics :) I'll get it sorted momentarily - thanks for the report!

-{ Quote: "Hi there!

Prevx Edge (cleaning/blocking enabled) blocks the updated
version of Rootkit Unhooker (V 3.8.341.552) from installing.

When installed, RKU-executable gets a unique random filename, could it be
that this triggered heuristics?

The log shows it classified as "worm"

Andreas" }-

I'm unable to track down exactly which file you have - I installed a v3.8.341.552 copy and it was not detected. Could you send me the scan excerpt from Edge referencing the file (Tools and Settings > Save Scan Results) or send me the file itself? :) Thanks for your help!

Okay, here it comes...

There are some other detections inside, which are at least partially FPs...

Just take a look for yourself :)

Thanks in advance!

Andreas

Edit: Prevx EDGE alerts when running the installer... not the installed rku itself

-{ Quote: "You could have tried this removal tool for ThreatFire:
http://www.pctools.com/forum/showpost.php?p=191047&postcount=11" }-

More fun sitting and suffering.
Hugger

-{ Quote: "Okay, here it comes...

There are some other detections inside, which are at least partially FPs...

Just take a look for yourself :)

Thanks in advance!

Andreas

Edit: Prevx EDGE alerts when running the installer... not the installed rku itself" }-

We have corrected the false positives and are investigating some of the questionable ones now. Thank you for your help :)

-{ Quote: "
Edit: Prevx EDGE alerts when running the installer... not the installed rku itself" }-

On a side note: there's an updated version of RkU - 3.8.342.554 - at http://www.rootkit.com/vault/DiabloNova/RkU3.8.342.554.rar

Just to let everyone know, the double Edge icon in the system tray seems to be fixed with version 188. I'm really happy with Edge and hope that the support from Prevx continues. We all know how support for Prevx 2 seemed to be abandoned. But, I'm guessing it was due to resources being devoted to developing Edge and CSI. Keep up the great support..........thx

-{ Quote: "Just to let everyone know, the double Edge icon in the system tray seems to be fixed with version 188. I'm really happy with Edge and hope that the support from Prevx continues. We all know how support for Prevx 2 seemed to be abandoned. But, I'm guessing it was due to resources being devoted to developing Edge and CSI. Keep up the great support..........thx" }-

Great to hear :) And, as a word of reassurance, I'm not going anywhere ;)

Hi guys!

Thanks for the lightning fast fixing, scans of rku installer come up clean now!
(and I have also updated to the most recent version now as EraserHW suggested)

Yours

Andreas

-{ Quote: "Great to hear :) And, as a word of reassurance, I'm not going anywhere ;)" }-
True, good help for cheap pay is always hard to find.;)

-{ Quote: "Hi thanks for your response. When you say you have excluded prevx.exe in Nod32 is that the one under advanced set up, exclusions? or do I need to exclude it anywhere else as well? Thanks Rollers" }-
Yes in the advanced set up for exclusion.The first trial I had version 180 I can not remember exactly what happened but NOD terminated it from running.Besides the fact why let a security product scan files of another security product.IMHO its always a good idea to exclude each other.

-{ Quote: "Just to let everyone know, the double Edge icon in the system tray seems to be fixed with version 188. I'm really happy with Edge and hope that the support from Prevx continues. We all know how support for Prevx 2 seemed to be abandoned. But, I'm guessing it was due to resources being devoted to developing Edge and CSI. Keep up the great support..........thx" }-
I seen that today two icons with version 188 then one vanished have not seen it there after.

Edge seems to be running fine now with build 188 & Nod v2.7.

Now trying Winpatrol..... ;)

Are there any known conflicts between Edge and the latest a-squared Anti-Malware? Anyone running both?

-{ Quote: "Are there any known conflicts between Edge and the latest a-squared Anti-Malware? Anyone running both?" }-

No problems. Running Edge with with a-squared Anti-Malware 4 since beta testing. Also no issues with a-squared Free and Edge.

Sure, a-squared will ask if something is allowed (depends on your settings), if you allow Prevx there is no problem running both programs. Prevx Edge and a-squared 4 with the extra Ikarus engine is a very nice combination.

Hi, in Detection Overrides i have a few files listed as "Detect (Default)". What does it mean? Thx

-{ Quote: "Hi, in Detection Overrides i have a few files listed as "Detect (Default)". What does it mean? Thx" }-

Hello,
This means that the files are detected by our engines and not by Detection Overrides. From this screen, you can correct/change the definitions easily rather than having to add each one manually.

If you have a question about the definitions, PM me the log and I'll check them out :)

-{ Quote: "Hello,
This means that the files are detected by our engines and not by Detection Overrides. From this screen, you can correct/change the definitions easily rather than having to add each one manually.
" }-

Maybe I'm dense today but change/correct what/why exactly? I haven't added the entries there in the first place, so why are those there? ???

Should Prevx Edge evaluation react somehow when I run the new Comodo leak test?
http://www.testmypcsecurity.com/securitytests/firewall_test_suite.html

-{ Quote: "Maybe I'm dense today but change/correct what/why exactly? I haven't added the entries there in the first place, so why are those there? ???" }-
I noticed that files that are very "new" get in there as "Default (Detect)".

-{ Quote: "Maybe I'm dense today but change/correct what/why exactly? I haven't added the entries there in the first place, so why are those there? ???" }-

For instance, if you have 200 infections on your system constantly being executed, using this feature you would be able to add an automatic Block override over the "Detect (Default)" override which would automatically block the files and prevent them from showing an annoying warning every time they load.

Or, if you do find a file to be a false positive, you can override the detection on this screen and it will correct it without you having to right click on the file and select "Report as a false positive".

-{ Quote: "Should Prevx Edge evaluation react somehow when I run the new Comodo leak test?
http://www.testmypcsecurity.com/securitytests/firewall_test_suite.html" }-

Hello,
It will most likely not react to the leaktests as we focus on real malware, rather than leaktests which have completely different behavior from actual infections so they do not actually demonstrate the effectiveness of Edge accurately.

Ok, I cant test this app. against "leaktests", I cant test it against "rootkit tests", "keylogger tests" and any tests out there, I can test it only against real malware...
Question is: How can I evaluate this software and not infect my PC with malware?

Use Virtualbox
http://www.virtualbox.org/
Its like VMWare but free.
Or run the malware inside Sandboxie.

-{ Quote: "Use Virtualbox
http://www.virtualbox.org/
Its like VMWare but free." }-
Do they have it included in installation package (together with prevx)?

No, why should they? Virtualbox has nothing to do with Prevx. In Virtualbox you can install PrevxEdge and test it a gainst real malware without being afraid of infecting your real system.

-{ Quote: "Do they have it included in installation package (together with prevx)?" }-

No - that's a virtual machine, an isolated "computer within a computer" which will let you run malware within it and not disturb the outlying operating system.

However, you can use safe test viruses to assess if Edge is working properly - the EICAR test virus would be an accurate test or you can try one of the Zemana keylogger tests as we have added detection for those.

We are also in the process of being tested by various independent organizations, so, feel free to just wait until they release their reviews if you want :)

(Also, what rootkit tests did you try and run that Edge is "incompatible" with?)

-{ Quote: "No - that's a virtual machine, an isolated "computer within a computer" which will let you run malware within it and not disturb the outlying operating system.

However, you can use safe test viruses to assess if Edge is working properly - the EICAR test virus would be an accurate test or you can try one of the Zemana keylogger tests as we have added detection for those.

We are also in the process of being tested by various independent organizations, so, feel free to just wait until they release their reviews if you want :)

(Also, what rootkit tests did you try and run that Edge is "incompatible" with?)" }-
I didnt tried yet prevx, because of "silly" evaluation strategy, also I do not need to know does this software work, I need to know how it work, so how to test this soft. in real time without infection... (also some malware do not "work properly" in virtual environment)

-{ Quote: "No, why should they?" }-
In order to test it "properly" and not to infect real system, that is why...

-{ Quote: "In order to test it "properly" and not to infect real system, that is why..." }-

Huh? Or perhaps they should bundle VMWare, or Virtual PC, or... ? And also AV vendors should do the same, I guess? ??? ::)

-{ Quote: "However, you can use safe test viruses to assess if Edge is working properly - the EICAR test virus would be an accurate test or you can try one of the Zemana keylogger tests as we have added detection for those." }-

Would that be meaningful?

Best Regards

-{ Quote: "Huh? Or perhaps they should bundle VMWare, or Virtual PC, or... ? And also AV vendors should do the same, I guess? ??? ::)" }-
Yes if software is not capable to stop malware which it can detect in real time
Only thing they need to do is to change software functionality in trial time...

-{ Quote: "Would that be meaningful?

Best Regards" }-

It wouldn't necessarily be meaningful, however, it would demonstrate if your protection/detection is working properly.

-{ Quote: "Yes if software is not capable to stop malware which it can detect in real time
Only thing they need to do is to change software functionality in trial time..." }-

VMWare and Edge are completely different products and serve very different purposes.

The limitations in the trial version are just that - limitations. They are intentionally added in so that users can continue to use Edge as an "ondemand" scanner. I've PM'd you a test license which will let you enable malware blocking in the trial version.

-{ Quote: "VMWare and Edge are completely different products and serve very different purposes.

The limitations in the trial version are just that - limitations. They are intentionally added in so that users can continue to use Edge as an "ondemand" scanner. I've PM'd you a test license which will let you enable malware blocking in the trial version." }-
Manny thanks :)
Why you do not do that on your home page, as a standard for all your trialling installations of prevx edge?

-{ Quote: "Manny thanks :)
Why you do not do that on your home page, as a standard for all your trialing installations of preyx edge?" }-

We are still working on officially changing the license model and will have something along these lines soon :)

-{ Quote: "We are still working on officially changing the license model and will have something along these lines soon :)" }-
Do not "think" too much, it is step in right/correct direction...:)

Prevx Edge sounds interesting but I need to see some bigger unbiased 3rd party testing results against real malware, before I buy.

-{ Quote: "We are also in the process of being tested by various independent organizations, so, feel free to just wait until they release their reviews if you want :)

(Also, what rootkit tests did you try and run that Edge is "incompatible" with?)" }-
Who are these testers may I ask?

-{ Quote: "Who are these testers may I ask?" }-

I'm not sure I'm allowed to disclose that at this time. I'll be sure to post links to the reviews once they are released (unless someone else finds them before I do ;D)

Prevx blocked hpHosts-Setup-Win32.exe on execution - but this is a safe program, right?

Got it from here:

http://www.hosts-file.net/?s=Download

-{ Quote: "I'm not sure I'm allowed to disclose that at this time. I'll be sure to post links to the reviews once they are released (unless someone else finds them before I do ;D)" }-matt is testing prevx and the results will be here soon:http://remove-malware.com/:thumb:

Hmm, that's no fun.

So when they due then?

-{ Quote: "Prevx blocked hpHosts-Setup-Win32.exe on execution - but this is a safe program, right?

Got it from here:

http://www.hosts-file.net/?s=Download" }-

Yes this is safe - I have corrected the false positive.

-{ Quote: "Yes this is safe - I have corrected the false positive." }-

Thanks - very quick! :thumb:

-{ Quote: "Hmm, that's no fun.

So when they due then?" }-

Not sure - I'm not involved in any of that end. Edge was just released < 2 weeks ago so I'm guessing it will take a bit of time to complete the reviews.

I have a question regarding all the false positive work being done not only via the folks here putting the app through it's paces, but certainly you rectifying them on the Prevx side.

Isn't this process a losing battle so to speak? The list of Fp's could be never-ending and constantly growing - is it not possible to attack the aspect of the engines with respect to the root cause of what the engines are reading/analyzing as opposed to what (correct me if I am wrong) white-listing these FPs?

I don't mean to seem unappreciative of the superb support you are providing, I am just questioning if there is no better way to look at it - and this assumes I am correctly assuming what you are doing on the prevx side.

Thanks,
Mark.

-{ Quote: "I have a question regarding all the false positive work being done not only via the folks here putting the app through it's paces, but certainly you rectifying them on the Prevx side.

Isn't this process a losing battle so to speak? The list of Fp's could be never-ending and constantly growing - is it not possible to attack the aspect of the engines with respect to the root cause of what the engines are reading/analyzing as opposed to what (correct me if I am wrong) white-listing these FPs?

I don't mean to seem unappreciative of the superb support you are providing, I am just questioning if there is no better way to look at it - and this assumes I am correctly assuming what you are doing on the prevx side." }-

Hello,
While simply whitelisting the individual file is a temporary patch over the false positive, we then go back and update/tune our rules engines to prevent similar false positives in the future.

However, users at Wilders tend to run into some odd applications which either make strange system modifications or have some very suspicious characteristics to them, so, they tend to get flagged on a number of different heuristic metrics. The number of false positives that users here are experiencing is significantly higher than the average number of false positives found outside of Wilders, but, this is one of the great things about Wilders - everyone here definitely beats AVs to a pulp to find their flaws :)

That's great - thanks for clarifying that for me. I think the operative thing I was not aware of was "we then go back and update/tune our rules engines to prevent similar false positives in the future."

That certainly can help alleviate it being a never ending torrent of FPs....

Thanks again,
Mark.

-{ Quote: "That's great - thanks for clarifying that for me. I think the operative thing I was not aware of was "we then go back and update/tune our rules engines to prevent similar false positives in the future."

That certainly can help alleviate it being a never ending torrent of FPs....

Thanks again,
Mark." }-

Yes, definitely. While I do enjoy fixing false positives manually to some extent, it is not a very scalable solution :) We recently tracked back a number of the more obscure FPs reported here to a single overly suspicious rule and have fixed this rule which subsequently made the one-file-at-a-time whitelisting for a few dozen files completely unnecessary as it corrected them all at once.

Our motto tends to be "automate whatever possible" - saves on effort, improves scalability, and it is generally far more interesting than having to do repetitive tasks ;D

Excellent - thanks again for the response and information!

Best,
Mark.

PS - Do you have a given name we can use to better "humanize" you? :) Hate to not refer to you by name....

-{ Quote: "Excellent - thanks again for the response and information!

Best,
Mark.

PS - Do you have a given name we can use to better "humanize" you? :) Hate to not refer to you by name...." }-

I was named PrevxHelp at birth (it's strange, isn't it...), however, my friends call me Joe ;)

LOL - thanks Joe!

Best,
Mark.

-{ Quote: "The number of false positives that users here are experiencing is significantly higher than the average number of false positives found outside of Wilders," }-
I already was wondering, why "they" get so many more FPs than my family and me. Now I understand... ;D

Oh dear. I see PrevxEdge is reporting loads of FPs again.

It has, today, reported the latest version of 'CCleaner' 2.14.570 as a threat.

This is pretty unsatisfactory and taking 'protection' to a ludicrous level.

-{ Quote: "Oh dear. I see PrevxEdge is reporting loads of FPs again.

It has, today, reported the latest version of 'CCleaner' 2.14.570 as a threat.

This is pretty unsatisfactory and taking 'protection' to a ludicrous level." }-

Could you please send me a scan log by clicking Tools and Settings > Save Scan Results and I'll correct the false positive immediately.

-{ Quote: "Oh dear. I see PrevxEdge is reporting loads of FPs again.

It has, today, reported the latest version of 'CCleaner' 2.14.570 as a threat.

This is pretty unsatisfactory and taking 'protection' to a ludicrous level." }-

I'm not seeing any false positive here - it could be that because v2.14.750 of CCleaner was literally JUST released a couple hours ago, we did not receive enough behavior to determine it as good yet.

EDIT: We've made an important change in some of the FP prevention code which will now handle program updates MUCH better (like the new CCleaner version) for all users.

I just updated CCleaner No false positives at Default heuristic settings.

-{ Quote: "We are also in the process of being tested by various independent organizations, so, feel free to just wait until they release their reviews if you want" }-I am delighted to hear that. I do hope that AV-Comp is included among the testers. Since AV-C is where Prevx failed, long ago, it would be fitting to ask AV-C to re-test you, this time checking the Edge.

Independent professional testing doesn't usually come free, but the results thereof are FAR more persuasive that tests by hobbiests & enthusiasts & fan boyz, IMO.

There are those whose job tenure depends on selecting effective, highly protective, professionally validated security apps. The fact that someone is "self-anointed", or has a website named for security efforts, or is an "enthusiatic hobbiest", or can win a "nice guy contest", does NOT make him a reliable source for validating the protective ability of a security application.

Hello,
Just installed trial and have one short question (because to be honest, I'm too lazy at the moment to read the entire, long thread), assuming you have a community database and so on, I had a Thunderbird update and saw that Prevx was authenticating the files - does it have a file integrity checking mechanism? (MD5/SHA or whatever)
I'm asking, because a situation came to my mind where you have a certain known safe file and it has been tampered with in a malicious way. What then?

Well, actually another question came to mind - what about files with malicious payload like these:
http://secunia.com/advisories/27210/
What are the chances that Edge will block such threats?

Finally, last question - does free (evaluation) version have same MBR monitoring capabilities like paid one?
Any known and proven results against fighting so-called "stealth MBR rootkits" and PoC like newest incarnations of BootRoot etc. ?

Best regards :)

ps. by the way - I very much like sleek GfX in your products :)

Hello Swordfish,
We do not care about the filename at all and only consider files based on their hashes, so, if a file is modified, it will appear completely differently to the community database.

As for the Secunia advisory - I'd imagine we would block it fine: our engines look for suspiciously behaving code, so, if anything would actually try and modify the outlying operating system from an exploit, we would block it straight away.

The free version does have the same MBR monitoring but not blocking as the full version. We were actually one of the first companies to make a completely generic solution for MBR rootkits which has yet to fail us, many months after the start of MBR rootkits (and we have not had to update that engine at all from its first incarnation). I'm not aware of any actual comparisons of Edge versus rootkits, however, rootkits are a very significant focus in the detection of Edge and we completely block (and detect when active) virtually every rootkit in existence (provided it is not a PoC that only hides legitimate files).

To name a few names of some prominent ones which we block and detect even when actively infecting the system: TDSServ, Braviax, Rustock.a/b/c, Unreal, Mebroot, AK922, Srizbi, phide_ex, and a whole mess of others. Our engine is generic and does not use signatures to detect the rootkits so I'm sure there are many others which I'm just not aware of.

Hope that helps :) I know my test results are biased/untrustable/etc., but I've personally tested our engines against each one of the aforementioned rootkits in clean system images and we have found/blocked each of them and I'm sure that if someone else runs similar tests that they would have the same results.

Off the subject but I have a question regarding licensing. I have the family plan (allows for up to 4 PC's). One of the four PC's (my main rig) is a dual boot system (Vista Home Prem. & XP Home). I have Edge on the XP system (since I use it the most), but can I also install it on Vista? I would think yes since each license is for one PC.

Please advise.............thanks!

Looks good.

-{ Quote: "Off the subject but I have a question regarding licensing. I have the family plan (allows for up to 4 PC's). One of the four PC's (my main rig) is a dual boot system (Vista Home Prem. & XP Home). I have Edge on the XP system (since I use it the most), but can I also install it on Vista? I would think yes since each license is for one PC.

Please advise.............thanks!" }-

Hello,
The license is limited to the actual Windows installation as our identification system is dependent on unique identifiers generated when Windows installs, therefore, you would require a separate license for each the XP Home and Vista Home Premium installations.

You can, however, scan the opposite Windows installation from the other so you will receive some "protection" for both with one license (however, the protection would be reactive rather than proactive).

Please let me know if you have any further questions.

Does this product really work ? Its hard to tell without the real-time protection. My system was badly infected with the minimal tests which I did.

-{ Quote: "Does this product really work ? Its hard to tell without the real-time protection. My system was badly infected with the minimal tests which I did." }-

Hello,
You will need to obtain a test license to actually enable trial protection as otherwise your system will get infected if you run it against live malware. If you're interested, drop me a PM and I'll get you a license shortly.

I spent some time testing this after receiving the real-time protection license key and to summarize I would want to stay far away from it for the time being.

I tested with some 100 URLs that are known to exploit browser vulnerabilities. I have a number of concerns
1. This product does not have any sort of browser exploit detection. This makes the problem of keeping the system clean that much more difficult because now they have to detect every single PE file that gets dropped on the machine. All it takes is one to slip through and you are screwed.
2. THIS ONE IS SCARY - I was running the test on a VM. I browsed to the infected URL and when the dialog popped up to BLOCK gameeeee.pif, I clicked on OPTIONS and chose "TRUST ALWAYS". Then I reverted the snapshot. I tried the same URL, and through Process Explorer I could see gameee.pif start running (the same Md5), but there was no alert from Edge. Did the backend remember the fact that 1 user chose to always TRUST this exe and therefore used that decision for subsequent users ?? If so thats a pretty crappy design. This happened for many other exes as well. Scary!!
3. It missed a ton of malware, but thats not surprising.
4. It suddenly became disabled all by itself.
5. It doesn't appear to have a synchronous design. The process has started and stopped by the time the alert dialog appears. This means that the application has done its damage by the time PrevX even detects it.
6. I noticed some FPs on files from www.ieaddons.com
7. It mainly prompts the user to block!! Why. Why not automatically convict. I think they are concerned about False Positives. This makes this product not suitable for general use.


Overall, I think other products that have both browser protection and Heuristic detection have better protection than PrevX Edge.

False positive hstart.exe
http://www.ntwind.com/software/utilities/hstart.html

download: http://www.ntwind.com/download/hstart.zip

Hi There,

This is technically not a "false positive" more like an error in classification. We have 3 examples in our database of this file being used to launch malware. Thus we have reverted it from "Bad" to "Caution". Obviously i can see the legitimate use of it, however, it's a grey area. You can locally trust this file and it will not bother you anymore.

I hope this helps.

Regards,

Jacques

-{ Quote: "I spent some time testing this after receiving the real-time protection license key and to summarize I would want to stay far away from it for the time being.
" }-

Hello,
First, I have to point out that if the protection appeared to be non-synchronous, then something is wrong in your installation. This would tend to coincide with the disabled status you received as well. On the image, are you using any other security products, and, are you using XP SP2 or higher?

We also do not take one user's opinion on a file at all - the fact that the user disagreed is logged, but nothing is actually done on the backend. In your case, it appears that it recalled the fact that your client disagreed that file and then applied those options.

In the end, you went to 100 exploiting URLs - do you really expect any antimalware program to protect you 100%? Browser exploit detection, while useful in some instances, is hardly a panacea to block threats. Recent independent tests found that most AVs have a 3% or lower detection rate on the exploits themselves, therefore, they are blocking based on the PEs that are dropped.

If you do have the samples/a scan log from your tests and if you could give me any more information on events leading up to the Disabled status, please let me know.

-{ Quote: "Hello,
First, I have to point out that if the protection appeared to be non-synchronous, then something is wrong in your installation. This would tend to coincide with the disabled status you received as well. On the image, are you using any other security products, and, are you using XP SP2 or higher?
" }-

The disabled status was on separate run. I restored the snapshot and tried another test and thats when I noticed the non-synchronous behavior. This is on a clean XP SP2 image that is unpatched. There is no other software on that image other than Windows and PrevX.

-{ Quote: "
We also do not take one user's opinion on a file at all - the fact that the user disagreed is logged, but nothing is actually done on the backend. In your case, it appears that it recalled the fact that your client disagreed that file and then applied those options.
" }-
So are you keeping tracking of every clients response to every MD5 individually ?

-{ Quote: "
In the end, you went to 100 exploiting URLs - do you really expect any antimalware program to protect you 100%? Browser exploit detection, while useful in some instances, is hardly a panacea to block threats. Recent independent tests found that most AVs have a 3% or lower detection rate on the exploits themselves, therefore, they are blocking based on the PEs that are dropped.
" }-
I dont expect the product to protect me 100%, but browser exploit protection is extremely effective at blocking unknown exes. Btw.. NIS2009 had a 30.95% detection on the Secunia test mainly in part due to is good browser protection. That number is low but that is because its being tested against vulnerabilities that have never been exploited. In reality, only a small fraction of those vulnerabilities have ever been exploited. Detection of "exploited" in-the-wild vulnerabilities was close to 98%.

Wrt PrevX most malware today is singletons.. that is, there is one and only once instance of that hash ever seen. Any form of community based system falls apart since you dont have enough data to form an opinion.

I also saw a few FPs on applications from ieaddons.com

Thank you for your further information. We will investigate the non-synchronous behavior closer to see why it happened on your system (as that is most definitely not desired behavior).

We do not use MD5 (or SHA-1, etc.) for program correlation as you are exactly correct - infections are far from constant, most being server-side randomized (i.e. the Storm worm which would render any one-to-one cryptographic hash useless). Rather, we have a number of our own correlative signatures which allow us to relate programs to one another with far more accuracy than a straight hash. Therefore, rather than requiring one signature for every individual file, we can relate literally thousands/millions of files to one another with a single signature. We are also able to correlate program similarities based on behavior, comparing the behavior from a program on a single user's system to the behavior on another system to relate the two if for some reason the other correlative signatures fail.

We do log user responses to files and they are entered and prioritized to our researchers who then manually (with help from server-side sandboxing) analyze the samples and make a decision as to if the program is truly legitimate or not. The user's responses are not actually automatically fed to other users at all, and even if 1000 users say "Trust Always" to a file, we will not trust it - we force it to go through a tightly controlled process first.

We all agree that browser exploit detection is an area which needs closer consideration, however, merely detecting exploits mid-stream or mid-operation is not good enough and not generic to be a completely viable solution. We are in the process of developing different techniques to analyze browser behavior which should dramatically reduce the effects of browser exploit-based malware. This is, however, a difficult area to work in because browsers DO require system access in some cases so, a blatant "block everything coming from the browser" will not work for a majority of non-techie users.

However, we will keep updating and improving our technologies to hopefully get closer to the perpetually-eluding 100% mark :) (and I have forwarded ieaddons.com to the research team to get them whitelisted).

I found a couple of issues with my first trial of Prevx Edge. Upon finishing scanning and installing, Edge found a few suspicious file and show them in a dialog. In that dialog I could only right-click on a single suspicious file and mark it as a false positive. However, right after I did this on one file then Edge would immediately ask me to click OK and then it would start a full scan of my PC again. It would be much more convenient if the user could select multiple files and then reported them as suspicious and finally just one single additional scan by Edge afterwards. I aborted the scan and then I could not see which files were suspicious anymore. Only under Detection Overrides where I could see the single file which I had previously reported as a false positive. I could still select Save Scan Results even though I aborted the scan. The good news was that so far Edge ran fine with my KIS and SAS.

Cheers.
Lu Chin

-{ Quote: "I found a couple of issues with my first trial of Prevx Edge. Upon finishing scanning and installing, Edge found a few suspicious file and show them in a dialog. In that dialog I could only right-click on a single suspicious file and mark it as a false positive. However, right after I did this on one file then Edge would immediately ask me to click OK and then it would start a full scan of my PC again. It would be much more convenient if the user could select multiple files and then reported them as suspicious and finally just one single additional scan by Edge afterwards. I aborted the scan and then I could not see which files were suspicious anymore. Only under Detection Overrides where I could see the single file which I had previously reported as a false positive. I could still select Save Scan Results even though I aborted the scan. The good news was that so far Edge ran fine with my KIS and SAS.

Cheers.
Lu Chin" }-

Hello,
I agree that this is not very userfriendly. We will have this behavior changed in the next update :)

Thank you for your report!

my only nag is, if i have a folder of infected files on my desktop etc.

a scan will find 'some' and clean > reboot

then the scan after reboot will find 'some more' and clean > reboot

then the scan starts again, finds some more......

its a very long process, and takes bloody ages to get it to say nothing detected.

also, ive tried twice to update to the newer version with errors both times, prevx shuts down, both times when testing i have to un-install > and download the new version manually, kinda made the updater in the program pointless.

-{ Quote: "my only nag is, if i have a folder of infected files on my desktop etc.

a scan will find 'some' and clean > reboot

then the scan after reboot will find 'some more' and clean > reboot

then the scan starts again, finds some more......

its a very long process, and takes bloody ages to get it to say nothing detected." }-

The folder on your desktop most likely either has too many pieces of malware in it (we will only ever report 255 infections at once to conserve memory, but continue blocking the others), or it is being slowly populated in the background which is causing other processes to access the files and in turn, causing Edge to scan them.

-{ Quote: "
also, ive tried twice to update to the newer version with errors both times, prevx shuts down, both times when testing i have to un-install > and download the new version manually, kinda made the updater in the program pointless." }-

We have reproduced some similar issues as well, but they should be corrected in 188 so future upgrading should be seamless again.

Hello
It's been said more than once that Edge's capabilities overlap that of Prevx2, but some people are running both. Can you explain how much of an overlap there is? Is there a comparison chart? I'd like to know just how much benefit there is to running both side by side.

Thanks

-{ Quote: "Hello
It's been said more than once that Edge's capabilities overlap that of Prevx2, but some people are running both. Can you explain how much of an overlap there is? Is there a comparison chart? I'd like to know just how much benefit there is to running both side by side.

Thanks" }-

We don't have a comparison chart of both because it will most likely confuse a majority of the user rather than help because they both overlap in so many areas.

Edge has superior malware removal, rootkit detection, and heuristic protection to Prevx2. However, Prevx2 DOES have malware removal, rootkit detection, and heuristic protection - however, Edge's is just significantly improved.

The primary benefit of running both is that you can get the granularity of Prevx2's prompting next to the new Edge heuristics if you want. Some technical users find it important to know what is going on in the system so they want to be prompted/notified of each action - Edge works to hide all of the prompting and only talk to the user when it is absolutely necessary.

Running both side-by-side will only help if you are interested in the granular details coming from Prevx2, otherwise, you will be fine with just Edge :)

Hope that helps!

That does indeed, thanks.

Does Prevx protection load very early on after Windows starts? Some security software still have slight delays on Vista before the service starts.

-{ Quote: "Does Prevx protection load very early on after Windows starts? Some security software still have slight delays on Vista before the service starts." }-

Edge's core driver loads immediately after the filesystem itself loads and malware removal loads before the file system or registry are loaded. However, we have delayed the loading of the tray icon/splash screen by some seconds after bootup to ensure that we are being loaded properly into the system (so, protection loads long before it visibly loads).

I received my trial license for the week but after a couple of days I got this error.

Error:L016: License is in use on another system, you can fix this using the MyPrevx web console.
I didn't touch anything on my computer, only thing running is Edge and Sandboxie

I'm interested in purchasing Prevx Edge but what happens if say I happen to reformat my computer or do an image restore will this error occur also?

-{ Quote: "I received my trial license for the week but after a couple of days I got this error.

Error:L016: License is in use on another system, you can fix this using the MyPrevx web console.
I didn't touch anything on my computer, only thing running is Edge and Sandboxie

I'm interested in purchasing Prevx Edge but what happens if say I happen to reformat my computer or do an image restore will this error occur also?" }-

Hello,
We will investigate this error further - is your license working now or does it still produce that error?

If you reformat your computer, your license may become invalid for that system, but just come into our support inbox or PM me and I'll get it reset for you :)

-{ Quote: "Hello,
We will investigate this error further - is your license working now or does it still produce that error?

If you reformat your computer, your license may become invalid for that system, but just come into our support inbox or PM me and I'll get it reset for you :)" }-

Yes it's still producing that error.

Anyway, I will send you a PM, thanks.

Prevx Edge v3.0.0.188 detects zlib1.dll in the folder C:\Program Files\XBMC\ belonging to the mediacenter program XBMC v8.10 for Windows XP/Vista from the website http://xbmc.org/ as malicious software with medium/recommend heuristics.

I uploaded zlib1.dll to:

http://www.virustotal.com/
http://virscan.org/
http://virusscan.jotti.org/

All 3 scanning websites gave zlib1.dll a complete clean bill of health. So I guess Prevx Edge falsely detects it as malware?

-{ Quote: "Prevx Edge v3.0.0.188 detects zlib1.dll in the folder C:\Program Files\XBMC\ belonging to the mediacenter program XBMC v8.10 for Windows XP/Vista from the website http://xbmc.org/ as malicious software with medium/recommend heuristics.

I uploaded zlib1.dll to:

http://www.virustotal.com/
http://virscan.org/
http://virusscan.jotti.org/

All 3 scanning websites gave zlib1.dll a complete clean bill of health. So I guess Prevx Edge falsely detects it as malware?" }-
yep, probably.

but with a product like prevx, over time, lets say in a few weeks or days maybe..... detection would have significantly increased and FP's lower, at least i think it should, this is what i like about an on-going real-time community-based-detection. lol :-p

-{ Quote: "Prevx Edge v3.0.0.188 detects zlib1.dll in the folder C:\Program Files\XBMC\ belonging to the mediacenter program XBMC v8.10 for Windows XP/Vista from the website http://xbmc.org/ as malicious software with medium/recommend heuristics.

I uploaded zlib1.dll to:

http://www.virustotal.com/
http://virscan.org/
http://virusscan.jotti.org/

All 3 scanning websites gave zlib1.dll a complete clean bill of health. So I guess Prevx Edge falsely detects it as malware?" }-

Please try again :)

It should be now fixed ;)

Nope, not fixed.

-{ Quote: "Nope, not fixed." }-

Can you click Tools and Settings > Save Scan Results and then send EraserHW or myself the entry from the scan log which is referencing zlib1.dll? :)

-{ Quote: "Can you click Tools and Settings > Save Scan Results and then send EraserHW or myself the entry from the scan log which is referencing zlib1.dll? :)" }-

I sended both you and EraserHW a private message with the download link.

-{ Quote: "I sended both you and EraserHW a private message with the download link." }-

Could you please try rescanning now - it should not be detected anymore :)

It's still detected as malicious.

-{ Quote: "It's still detected as malicious." }-

Hmmm... not sure how - I scanned it here and it is not found anymore ???

Can you please try uninstalling and reinstalling?

-{ Quote: "Hmmm... not sure how - I scanned it here and it is not found anymore ???

Can you please try uninstalling and reinstalling?" }-

Uninstalled and then reinstalled, started a new scan.

Final result: file is NOT detected as malicious anymore.

But I think this should not be the way to solve a false positive.

-{ Quote: "Uninstalled and then reinstalled, started a new scan.

Final result: file is NOT detected as malicious anymore.

But I think this should not be the way to solve a false positive." }-

Yes, I agree... I'm really not sure why it was not picking up the new determination properly. We'll take a look at it shortly to see if there is something wrong in the communication. Thanks for the report :)

-{ Quote: "Yes, I agree... I'm really not sure why it was not picking up the new determination properly. We'll take a look at it shortly to see if there is something wrong in the communication. Thanks for the report :)" }-

Your welcome. :)

Thank you and EraserHW for a very fast response and solution! :)

Seeing this thread progress its pretty clear what the M.O. is here. There is a team at PrevX that is constantly whitelisting exes. How is that different from constantly writing signatures.

-{ Quote: "Seeing this thread progress its pretty clear what the M.O. is here. There is a team at PrevX that is constantly whitelisting exes. How is that different from constantly writing signatures." }-

We temporarily whitelist the program and then update our rules to fix it from happening in the future. We have many many rules running server side and the false positives seen here are the result of minor problems with different rules, so, fixing one rule leaves the rest and just because there are millions (billions?) of programs on the internet, it is hard to get a perfect result on every program :)

I'm still getting an alert from Kaspersky saying behavior similar to Trojan.Generic detected when Prevx is started for the first time. Can this FP be fixed?

Just a question regarding temporarily disabling Prevx protection. When I do this by right clicking on the sys tray icon and disabling protection for 15 minutes when installing an app it says protection disabled yet I still receive sys tray notifications saying "Authenticating files..." during the installation process. Is this normal behavior considering that Prevx has indicated that it is disabled?

-{ Quote: "I'm still getting an alert from Kaspersky saying behavior similar to Trojan.Generic detected when Prevx is started for the first time. Can this FP be fixed?" }-"An alert from Kaspersky" sounds like an FP on Kaspersky's part -- NOT a Prevx FP. In which case, it is probable that Kaspersky can make the fix, but not Prevx.

Am I reading you incorrectly?

-{ Quote: ""An alert from Kaspersky" sounds like an FP on Kaspersky's part -- NOT a Prevx FP. In which case, it is probable that Kaspersky can make the fix, but not Prevx.

Am I reading you incorrectly?" }-

I mentioned it earlier and PrevxHelp said he might get in touch with Kaspersky about it, so I want to see what he says.

hi, im trying to ... well... try this software

but every executable i download from prevx.com end up opening a window called CSI 3.0

is there a way to try edge if i already have csi installed ?

so far i've downloaded those files:
PREVXEDGEFREE.EXE
50BAFB54BE6B4F34BE6E.EXE

-{ Quote: "hi, im trying to ... well... try this software

but every executable i download from prevx.com end up opening a window called CSI 3.0

is there a way to try edge if i already have csi installed ?

so far i've downloaded those files:
PREVXEDGEFREE.EXE
50BAFB54BE6B4F34BE6E.EXE" }-

Hello,
Please first uninstall CSI and then reinstall Edge.

The Edge installation will duplicate all of the functionality of CSI (and you can use your CSI license within it). We currently don't have the functionality enabled to switch from CSI > Edge, but this will be a feature in a release soon.

-{ Quote: "Just a question regarding temporarily disabling Prevx protection. When I do this by right clicking on the sys tray icon and disabling protection for 15 minutes when installing an app it says protection disabled yet I still receive sys tray notifications saying "Authenticating files..." during the installation process. Is this normal behavior considering that Prevx has indicated that it is disabled?" }-

Hello,
This is not correct behavior - we will have this corrected in the next version. Thank you for your information :)

-{ Quote: "I mentioned it earlier and PrevxHelp said he might get in touch with Kaspersky about it, so I want to see what he says." }-

We are still working with them to resolve it, but it is a bit out of our hands. It seems as though they have chronically had this false positive against us and it appears to be non-trivial to prevent.

We are going to continue working with them to prevent it, and I'm hoping it will be resolved in a database update soon.

-{ Quote: "We are still working with them to resolve it, but it is a bit out of our hands. It seems as though they have chronically had this false positive against us and it appears to be non-trivial to prevent.

We are going to continue working with them to prevent it, and I'm hoping it will be resolved in a database update soon." }-

Thanks for your attention to this matter. :thumb:

-{ Quote: "Hello,
This is not correct behavior - we will have this corrected in the next version. Thank you for your information :)" }-

Thanks again for the quick response. :thumb:

I also just noticed that Prevx Edge does not appear in Windows Security Center which is something that should be addressed although it could just be a localised problem with my system.

Prevx as a company appears to be listening to their users very well atm and as the product matures and the kinks are worked out I am sure that they will have a killer security product on their hands in the near future. :)

-{ Quote: "
I also just noticed that Prevx Edge does not appear in Windows Security Center which is something that should be addressed although it could just be a localised problem with my system.
" }-

This alone could cause compatibility issues with other applications and certainly is not worth causing such problems, IMHO.

-{ Quote: "This alone could cause compatibility issues with other applications and certainly is not worth causing such problems, IMHO." }-

Hmmmmm. Didn't think of it from that perspective. I suppose if other security applications check Security Center during installation and find an already installed security app such as Prevx they may refuse to install which works against Prevx goal of complete compatibility. But on the other hand if the user only uses Prevx and nothing else they will receive warnings from Security Center which may confuse an average user (although you could tell security center not to monitor for that parameter). Its a win/lose situation :wacko:

-{ Quote: "Hmmmmm. Didn't think of it from that perspective. I suppose if other security applications check Security Center during installation and find an already installed security app such as Prevx they may refuse to install which works against Prevx goal of complete compatibility." }-

Yeah, that's what I meant...

-{ Quote: "
But on the other hand if the user only uses Prevx and nothing else they will receive warnings from Security Center which may confuse an average user (although you could tell security center not to monitor for that parameter). Its a win/lose situation :wacko:" }-

You could have a checkbox in the product to do the job. ThreatFire has one, e.g. I personally tend to disable WSC altogether on my boxes so... not an issue for me. ;)

-{ Quote: "
You could have a checkbox in the product to do the job. ThreatFire has one " }-

I agree that this is the best solution, the difficulty lying in how it is implemented without confusing the average user. It may be best to include this option as part of the installation wizard as well as in the preferences.

Alternatively it could be automated by temporarily removing the Prevx entry in WSC when install mode is activated in Prevx by the user thus when a new security app tries to detect existing security apps during installation it will find nothing but when install mode finishes (15 minutes later) Prevx automatically re adds itself to security center. This automated approach if feasible to implement would provide the best of both worlds in IMHO.

A very impressive thread, this, so I may have missed something. The thing is, I was a user of Prevx 1 and, for a while, 2. I liked both the app per se and the idea of user based contributions to a central db. The reason I ditched it wasn't really dissatisfaction, just a wish to keep security setup at a minimum and, more importantly, the fact that Prevx servers got inaccessible now and then - extremely annoying when you're installing something, for instance. But that was a couple of years ago. Maybe things have changed? Or maybe the problem was at my end? In that case I'd be more than willing to try out Edge. And a propos the licensing discussion here, what happened to that very nice exotic usage policy with Prevx running fully functional and no questions asked until you got infected, at which occasion the 30 days trial period began (at least that's how I remember it, but I'm getting old...)?

-{ Quote: "And a propos the licensing discussion here, what happened to that very nice exotic usage policy with Prevx running fully functional and no questions asked until you got infected, at which occasion the 30 days trial period began (at least that's how I remember it, but I'm getting old...)?" }-

Seems like your memory is still young then, cause that's actually what it supposedly was like before. ;D ;)

-{ Quote: "Thanks again for the quick response. :thumb:

I also just noticed that Prevx Edge does not appear in Windows Security Center which is something that should be addressed although it could just be a localised problem with my system.

Prevx as a company appears to be listening to their users very well atm and as the product matures and the kinks are worked out I am sure that they will have a killer security product on their hands in the near future. :)" }-

Edge actually does appear in the security center, however, you need to uninstall and then reinstall v3.0.0.188 for it to show up :)

Thank you for your compliments and we are all very open to any suggestions and ideas :)

-{ Quote: "I agree that this is the best solution, the difficulty lying in how it is implemented without confusing the average user. It may be best to include this option as part of the installation wizard as well as in the preferences.

Alternatively it could be automated by temporarily removing the Prevx entry in WSC when install mode is activated in Prevx by the user thus when a new security app tries to detect existing security apps during installation it will find nothing but when install mode finishes (15 minutes later) Prevx automatically re adds itself to security center. This automated approach if feasible to implement would provide the best of both worlds in IMHO." }-

This is a good point and I think a very good approach. I will look for any problems in this and then see what we can do to implement it :) 'Hiding' from other security software during installation is a bit unconventional, but I think it is a good approach to allow the user to install other software that generically identifies other WSC apps :)

-{ Quote: "A very impressive thread, this, so I may have missed something. The thing is, I was a user of Prevx 1 and, for a while, 2. I liked both the app per se and the idea of user based contributions to a central db. The reason I ditched it wasn't really dissatisfaction, just a wish to keep security setup at a minimum and, more importantly, the fact that Prevx servers got inaccessible now and then - extremely annoying when you're installing something, for instance. But that was a couple of years ago. Maybe things have changed? Or maybe the problem was at my end? In that case I'd be more than willing to try out Edge. And a propos the licensing discussion here, what happened to that very nice exotic usage policy with Prevx running fully functional and no questions asked until you got infected, at which occasion the 30 days trial period began (at least that's how I remember it, but I'm getting old...)?" }-

Hello,
We did have database connectivity problems in the past, but now our solutions are far more scalable and we have many more servers behind the userbase so if anything fails, there are a number of failsafes behind it to keep everything up and running :)

That licensing model you mentioned was definitely unique, but was not as beneficial as a more straightforward licensing model, as people would just cleanup and then uninstall our software :(

Our current licensing design works like: Edge can be installed and used for free as long as wanted but it will not block or cleanup infections (essentially making it a realtime on-demand scanner). We are still deciding how best to incorporate a full trial version and we're hoping to have an updated design ready in the coming weeks. :)

Thanks for a quick reply. I remember Prevx support always was like that.

-{ Quote: "That licensing model you mentioned was definitely unique, but was not as beneficial as a more straightforward licensing model, as people would just cleanup and then uninstall our software " }-

Well, that model was the thing that finally made me try Prevx in the first place. My trial period was actually trigged by a FP, support offered to reset but I didn't bother, since I'd already decided on purchase. Still the current model seems fair enough and I'll trust your word about server capacity, so I'll definitely go for Edge as soon as possible after the Christmas bank account purge.

Edge has cleaned 271 infections (on main GUI)

how can i reset this data to zero?

-{ Quote: "Edge has cleaned 271 infections (on main GUI)

how can i reset this data to zero?" }-

This can only be reset if you uninstall and reinstall.

not sure if this was addressed yet, but i recently purchased PrevX edge and by recently i mean thursday.
it worked fine the day of purchase, it scanned multiple times perfectly fine. then the day after and still continues to do it, i will start a scan and it will show me an error message and no certain given point during the scan saying that there are too many files to complete the scan and tells me to update/upgrade my license? [Your scan exceeded the maximum number of files allowed by your license. Please click OK to upgrade your license or Cancel to abort the scan.]
i have the home one and a normal number of files on my computer, it didnt mention anything about a file limit so idk what is up with it
if anybody could help me or tell me how to get this working please reply to think
thank you.

here is a problem for you i had csi on my vista installation so i went to uninstall it so i could run edge, i get the pop up box to tell me csi has been uninstalled and i re boot then proceed to install edge but csi came back on and wont go away, it pops up all the time, like a virus, i have to start task manager end the process and then i have 15 seconds before its back and then i cannot do anything with my computer

-{ Quote: "here is a problem for you i had csi on my vista installation so i went to uninstall it so i could run edge, i get the pop up box to tell me csi has been uninstalled and i re boot then proceed to install edge but csi came back on and wont go away, it pops up all the time, like a virus, i have to start task manager end the process and then i have 15 seconds before its back and then i cannot do anything with my computer" }-

Just to update still cannot do anything csi has taken over, i cant minimise it and there is nothig to uninstall in revoo uninstaller

-{ Quote: "Just to update still cannot do anything csi has taken over, i cant minimise it and there is nothig to uninstall in revoo uninstaller" }-

Hello,
It would probably be easiest if one of our engineers analyze you system remotely. Would you be interested in having us do this? Please send me a PM and I can schedule you a time.

-{ Quote: "not sure if this was addressed yet, but i recently purchased PrevX edge and by recently i mean thursday.
it worked fine the day of purchase, it scanned multiple times perfectly fine. then the day after and still continues to do it, i will start a scan and it will show me an error message and no certain given point during the scan saying that there are too many files to complete the scan and tells me to update/upgrade my license? [Your scan exceeded the maximum number of files allowed by your license. Please click OK to upgrade your license or Cancel to abort the scan.]
i have the home one and a normal number of files on my computer, it didnt mention anything about a file limit so idk what is up with it
if anybody could help me or tell me how to get this working please reply to think
thank you." }-

Hello,
We limit the number of programs scanned to prevent abuse of our system. Were you using the Full Scan feature or just the default system scan? It is highly recommended that you run the normal system scan rather than the full system scan as the normal scan will check your system much quicker.

Also, are you using any system imaging programs or any other programs which may duplicate files across your system?

Hopefully it's sorted out prevxedgeproblems and then you can change your username to prevxedgesolutions. ;)

-{ Quote: "Hello,
It would probably be easiest if one of our engineers analyze you system remotely. Would you be interested in having us do this? Please send me a PM and I can schedule you a time." }-

Hi

After a battle i managed to get system restore to run and i took my computer back a couple of days, and all is quiet, i had a pm from a poster on here who says it could have been caused by an incomplete uninstall

-{ Quote: "Hi

After a battle i managed to get system restore to run and i took my computer back a couple of days, and all is quiet, i had a pm from a poster on here who says it could have been caused by an incomplete uninstall" }-

This is possible, and it could be due to an incompatibility/interaction between another piece of software and the uninstall process.

Please let me know if you experience any further difficulty and I'll be glad to investigate it further :)

-{ Quote: "Hello,
We limit the number of programs scanned to prevent abuse of our system. Were you using the Full Scan feature or just the default system scan? It is highly recommended that you run the normal system scan rather than the full system scan as the normal scan will check your system much quicker.

Also, are you using any system imaging programs or any other programs which may duplicate files across your system?" }-




ive tried all the manual scan types - the normal scan (scan now), full/deep run to a certain point then stop.
i have photoshop installed on my computer being im into photography if thats what you mean by system imaging programs if not im sorry im pretty computer illiterate.
but the only one that works is the quick scan but im scared that it will miss files that may be infected
is there any solution to the problem that doesnt involve losing files?

i know this question has been drilled in your head;D , but whats the current status on the 64 bit version?

@Joe

one of my recent BSOD's was because of Prevx Edge.

i no longer have the .dmp file, but i will still try to ask for it back from Drweb, and if they do still have it, i will send it on to you.

they checked it and....

----
pxark.sys
* PXARK.SYS is related to Prevx CSI Rootkit Detection and Removal Engine.
* Manufacturer: Prevx CSI
* www.prevx.com
----

As this thread is so massive now, this may have been covered - so apologies if it has.

On the Prevx site, it is claimed that Edge has detected every rootkit they have found / know of, even when the rootkit is running. Is this still true? Would the opinion here be that Prevx Edge is superior to most other AMs, or is it that most AMs now will detect running rootkits?

-{ Quote: "ive tried all the manual scan types - the normal scan (scan now), full/deep run to a certain point then stop.
i have photoshop installed on my computer being im into photography if thats what you mean by system imaging programs if not im sorry im pretty computer illiterate.
but the only one that works is the quick scan but im scared that it will miss files that may be infected
is there any solution to the problem that doesnt involve losing files?" }-

Responded via email in the support inbox :)

-{ Quote: "@Joe

one of my recent BSOD's was because of Prevx Edge.

i no longer have the .dmp file, but i will still try to ask for it back from Drweb, and if they do still have it, i will send it on to you.

they checked it and....

----
pxark.sys
* PXARK.SYS is related to Prevx CSI Rootkit Detection and Removal Engine.
* Manufacturer: Prevx CSI
* www.prevx.com
----" }-


Please let me know if you have any further information (i.e. if you have self protection enabled or not, if it is just Dr. Web which you have installed, what was going on in your system at the time of the crash, etc.) It would definitely be easiest if we can reproduce it in-house.

-{ Quote: "i know this question has been drilled in your head;D , but whats the current status on the 64 bit version?" }-

64bit is progressing, but slowly as it is very low on the priority list still. If you can convert some hundred thousand users to 64bit quickly, let me know and I'll get it moved up in the priority ;D

-{ Quote: "As this thread is so massive now, this may have been covered - so apologies if it has.

On the Prevx site, it is claimed that Edge has detected every rootkit they have found / know of, even when the rootkit is running. Is this still true? Would the opinion here be that Prevx Edge is superior to most other AMs, or is it that most AMs now will detect running rootkits?" }-

I'm biased, but this still stands from what I've seen :) EraserHW and I would both be very interested in other opinions on this as well, and if anyone does manage to bypass our detection, let us know and send us a sample ;D

-{ Quote: "Please let me know if you have any further information (i.e. if you have self protection enabled or not, if it is just Dr. Web which you have installed, what was going on in your system at the time of the crash, etc.) It would definitely be easiest if we can reproduce it in-house." }-

self protection definatly enabled, and definatly the latest version 188.

yep, just drweb and i was messing around with Virtual Machine.

will the .dmp file tell you more?

i will ask if they still have it.

-{ Quote: "I'm biased, but this still stands from what I've seen :) EraserHW and I would both be very interested in other opinions on this as well, and if anyone does manage to bypass our detection, let us know and send us a sample ;D" }-
Another question - does Edge "remove" these, or are we talking about detction only?

Thanks,

MZ

-{ Quote: "Another question - does Edge "remove" these, or are we talking about detction only?

Thanks,

MZ" }-


Edge will remove them as well - the goal in Edge/CSI is to remove anything we detect, if not, the customer will definitely complain :)

-{ Quote: "self protection definatly enabled, and definatly the latest version 188.

yep, just drweb and i was messing around with Virtual Machine.

will the .dmp file tell you more?

i will ask if they still have it." }-

The dump will help if you have it, but it may be easier if you can try and reproduce it (or you can tell us exactly what version of Dr.Web you're using so we can download it and try and reproduce it here).

Self protection is the one area of Edge which can cause incompatibilities between other AVs and that is why its always the first question I ask - multiple AVs trying to protect themselves generally can cause system instability (which is why it is disabled by default in CSI/Edge).

It was drweb v5 beta.

V5 includes their own self protection module.

I can`t access the prevx site.Is it down?

-{ Quote: "I can`t access the prevx site.Is it down?" }-

It's working ok here.

Thanks.Working now.

Yesterday I swapped my Prevx2.0 license for an Edge license. The only version I downloaded and installed is 3.0.0.188. All seems to be working fine except that Prevx is not being recognized by the VISTA Security Center. I have rebooted many times since installation.

One other question. What is the "Self Protection" option?

Tom

Had a slight hiccup yesterday when Edge build 188 loaded disabled on boot. I was able to click on the icon & enable Edge without further problem. Edge has loaded fine this morning.

-{ Quote: "It was drweb v5 beta.

V5 includes their own self protection module." }-

Thanks for the information, I'll have QA check to see if they can reproduce any of the problems you have been experiencing.

-{ Quote: "Had a slight hiccup yesterday when Edge build 188 loaded disabled on boot. I was able to click on the icon & enable Edge without further problem. Edge has loaded fine this morning." }-

Please let me know if this happens again - it should automatically reload itself a few minutes after bootup if it finds that it is disabled, or, you can enable it manually.

-{ Quote: "Yesterday I swapped my Prevx2.0 license for an Edge license. The only version I downloaded and installed is 3.0.0.188. All seems to be working fine except that Prevx is not being recognized by the VISTA Security Center. I have rebooted many times since installation.

One other question. What is the "Self Protection" option?

Tom" }-

Hello,
We will be looking into the security center problem - a couple users have experienced it but we have not been able to reproduce it.

Self Protection can be used to prevent malicious software from terminating the Edge protection. It is an optional feature because it can create some incompatibilities between other antivirus software and isn't a necessary feature, but some users do request it.

Hello
I had some issues with Edge which an engineer looked into via remote access. I'll not go into that here, but just want to know when the next version will be out (approximately). Say, version 189 or later.

Thanks

-{ Quote: "Thanks for the information, I'll have QA check to see if they can reproduce any of the problems you have been experiencing." }-
hey joe,

the guys at drweb sent me back the .dmp file on request, shall email it you.

-{ Quote: "Hello
I had some issues with Edge which an engineer looked into via remote access. I'll not go into that here, but just want to know when the next version will be out (approximately). Say, version 189 or later.

Thanks" }-

We have another release planned within the next couple days which has a number of other fixes as well and various improvements. The version number will be v3.0.0.19x (some other updates over the build which was installed on your computer).

-{ Quote: "hey joe,

the guys at drweb sent me back the .dmp file on request, shall email it you." }-

Thank you - we are investigating the problem now and will hopefully have it fixed within the next release.

-{ Quote: "Thank you - we are investigating the problem now and will hopefully have it fixed within the next release." }-
could i ask that when you do, you let me know the outcome. ;)

-{ Quote: "could i ask that when you do, you let me know the outcome. ;)" }-

Will do :) QA is testing Edge's self protection versus Dr. Web right now on multiple systems and we're analyzing the dump file to hopefully get some insight as to what is breaking.

There have been no problems reported with NIS 2009, right? I'm experimenting with some different setups, and the latest has NIS 2009.

-{ Quote: "There have been no problems reported with NIS 2009, right? I'm experimenting with some different setups, and the latest has NIS 2009." }-

I haven't heard of any complaints against NIS :)

-{ Quote: "64bit is progressing, but slowly as it is very low on the priority list still. If you can convert some hundred thousand users to 64bit quickly, let me know and I'll get it moved up in the priority ;D" }-

hahaha ok...but only after i cure cancer

-{ Quote: "This can only be reset if you uninstall and reinstall." }-

Is there really no other way to reset the "infection" status?

I just did a reinstall of OpenDNS Updater, which was caught by heuristics, which I have set a little higher than recommended.

Now Edge considers me infected :) which I know is not true. Removal/reinstall with applying my own settings sounds a little bit too drastic step to do every time I might get heuristic warning just to get rid off some heuristic detection (even though that detection might be my own fault for tweaking heuristics, however better safe than sorry).

-{ Quote: "Is there really no other way to reset the "infection" status?

I just did a reinstall of OpenDNS Updater, which was caught by heuristics, which I have set a little higher than recommended.

Now Edge considers me infected :) which I know is not true. Removal/reinstall with applying my own settings sounds a little bit too drastic step to do every time I might get heuristic warning just to get rid off some heuristic detection (even though that detection might be my own fault for tweaking heuristics, however better safe than sorry)." }-

The value which C.S.J was referencing is the count of infections removed - you can mark the file as a false positive by right clicking > Report this file as a false positive and then rescanning. That will set your status back to green/secure :)

Let me know if you have any problems doing this.

Ah, silly me ;D Thanks for the info.

In fact in my case Edge is back green after reboot.

-{ Quote: "The value which C.S.J was referencing is the count of infections removed - you can mark the file as a false positive by right clicking > Report this file as a false positive and then rescanning. That will set your status back to green/secure :)

Let me know if you have any problems doing this." }-
yep, there still should be a reset statistics button in the settings somewhere.

:)

I would agree. Clear all logs option.