I disagree.

But will ask the same after x-mas ;D

(don't delay the next release guys 8) )

Build 3.0.0.199 is available for download. Installed here, and running smoothly.

-{ Quote: "Build 3.0.0.199 is available for download. Installed here, and running smoothly." }-
How come the "Update" feature of Prevx Edge doesn't download the new build? Is it not available to the general public yet?

-{ Quote: "How come the "Update" feature of Prevx Edge doesn't download the new build? Is it not available to the general public yet?" }-

As far as i know it's normal to release new builds for software (any vendor) as a new setup first. IF there is an issue with the new build, despite of all tests that are done with the new build, not all users are affected by the unforseen issue with an automatic update.

-{ Quote: "As far as i know it's normal to release new builds for software (any vendor) as a new setup first. IF there is an issue with the new build, despite of all tests that are done with the new build, not all users are affected by the unforseen issue with an automatic update." }-

:thumb: Completely correct, couldn't have said it any better myself ;D

I gotta say... I like the new icons! :)

-{ Quote: ":thumb: Completely correct, couldn't have said it any better myself ;D" }-

What is recommended procedure for update? Uninstall then install OR install on top of existing?

Change log?

running very well indeed.:thumb:

-{ Quote: "What is recommended procedure for update? Uninstall then install OR install on top of existing?

Change log?" }-

Download to desktop and install over the top, no problem but make sure you run it as trusted under DefenseWall.

Ian

-{ Quote: "Download to desktop and install over the top, no problem but make sure you run it as trusted under DefenseWall.

Ian" }-
Thanks for that. You've obviously been caught out by DW before just as I have.

Installed Edge 199 and running without problems.

Are the default heuristic settings considered adequate or is there need for tweaking. ???

GH113

-{ Quote: "Are the default heuristic settings considered adequate or is there need for tweaking. ???

GH113" }-

The default heuristic settings are adequate, however, feel free to change them if you wish and then see how they perform on your system :)

-{ Quote: "What is recommended procedure for update? Uninstall then install OR install on top of existing?

Change log?" }-

You can install them on top of the existing version - and, v3.0.0.199 is now available for update for general users as well.

Changelog is:

Improvements:
> Significantly improved stability and reliability
> Reduced internet bandwidth usage
> Optimized memory usage
> Improved compatibility with some AVs
> New icons added into the GUI

Bugfixes:
> Fixed an issue with the 'Right Click Scanner'
> Fixed some issues with the Detection Overrides dialog
> Fixed an issue installing under UAC/safemode

thanks Joe. What I think is cool is the way Prevx has listened to the feedback here at Wilders and implemented, fairly rapidly, the suggestions of the members here. That is how it should work, that is how a vendor will survive.:thumb:

-{ Quote: "thanks Joe. What I think is cool is the way Prevx has listened to the feedback here at Wilders and implemented, fairly rapidly, the suggestions of the members here. That is how it should work, that is how a vendor will survive.:thumb:" }-

The Wish List is still gigantic as well ;D We've got loads of very useful new features coming out over the coming weeks via updates :)

-{ Quote: "The Wish List is still gigantic as well ;D We've got loads of very useful new features coming out over the coming weeks via updates :)" }-

Keep up the good work Joe! So much fun to keep up with your technology. :thumb:

-{ Quote: "Keep up the good work Joe! So much fun to keep up with your technology. :thumb:" }-

Can't take all of the credit ;) I'll pass on the :thumb: to everyone ;D Thanks for the good words :)

TrueCrypt 6.1a gave a rootkit alert. Probably would be good to whitelist that.

Please check your website, Prevx. I tried downloading trial of Prevxedge using Firefox, and it crashed the browser, several times. Switched to Opera and had same problem. Had to use task manager to shut Pgms and reboot. Same problem, so used IE and got file. Didn't seem to be my end, as I tried other downloads on other sites, no problems. Weird. Doesn't mean I'm not anxious to try out Edge, just very unusual problems on your site (for me).

No problems here using any of those 3 browsers. ???

No problems here with Firefox 3.0.4 and Opera 9.62

opera 9.62 is how i got my Edge 199 file, from the Prevx website...no drama.


Mike

Nice update. Went in really smooth and unnoticed. If it was not for checking the forum I probably would never have known given how stable and reliable the product is...no real need to access the GUI yet (hope it stays that way).

Well done to all at Prevx...keep up the excellent work. :thumb:

Keep up the good work.Just one question.I purchased edge online ,does it auto renew.I hope not.I dont mind getting it again I just dont want to be suprised by a charge on my card.

I had to buy it also, running great so far. Price was alittle steep at $40.00 a year, but with all the good words about it I got it.

First time I have been able to get some time away from work to have some quality computing time in a while and I get a new version of Edge to play with.

Working great here so far.

-{ Quote: "Keep up the good work.Just one question.I purchased edge online ,does it auto renew.I hope not.I dont mind getting it again I just dont want to be suprised by a charge on my card." }-

Edge does not auto renew - it will just give you a gentle reminder a couple days before you're about to expire :)

-{ Quote: "Please check your website, Prevx. I tried downloading trial of Prevxedge using Firefox, and it crashed the browser, several times. Switched to Opera and had same problem. Had to use task manager to shut Pgms and reboot. Same problem, so used IE and got file. Didn't seem to be my end, as I tried other downloads on other sites, no problems. Weird. Doesn't mean I'm not anxious to try out Edge, just very unusual problems on your site (for me)." }-

I'll talk to our web guys - do you have any script blocking tools installed or anything of that sort that could interfere with the browser? Our website does use javascript, but so do virtually all other websites out there.

Question - I am going to give it another shot (I was the guy who had an initial blue-screen with the disk mount error message I thought was related) and am going to purchase a license.

My question is, if I like can I then buy a family license for the diff between a single and the family price? I would only need 4 total and would hate to have to buy 3 singles then....

Thanks in advance,
Mark.

Tried again this morning in case there was a problem with website last night. Opera (9.62) had an error on transfer and didn't finish:
From: http://pxnow.prevx.com/zeroL/PREVXEDGEFREE.EXE
To: C:\Documents and Settings\XXXX\Desktop\PREVXEDGEFREE.EXE
Size: 906 KB (927,288 bytes)
Transferred: 890 KB (910,368 bytes)

Firefox (3.0.4) crashed again. I do have Mamutu trial running--could that be cause of download problems?
BTW, I installed Prevx Edge that I downloaded with IE and it's a nice program. I downloaded the file 'TrojanSimulator' and when I went to run the exe., Prevx immediately gave a warning. Comodo gave me the usual pop-ups that would allow me to stop the program from running, but I allowed them. At the last minute Mamutu jumped in with a reccomendation to block program, which I did. But there was no initial warning from Mamutu, whereas Prevx warned me from the start. I also scanned the folder containing TrojanSimulator with Malwarebytes and it said all OK, then with Prevx, and under the "Threat Identified" column was "Malicious Software". This may be pretty basic stuff to people on Wilders, but it made me feel good about Prevx.

-{ Quote: "Question - I am going to give it another shot (I was the guy who had an initial blue-screen with the disk mount error message I thought was related) and am going to purchase a license.

My question is, if I like can I then buy a family license for the diff between a single and the family price? I would only need 4 total and would hate to have to buy 3 singles then....

Thanks in advance,
Mark." }-
Good question. I am thinking of buying 1 license to start with and note that if I buy 2 at the same time the incremental price is very interesting. Only thing is I do not know at this moment if I need 2 licenses and like mhallerman I would hate to end up having to purchase multiple licenses separately at the same price as the initial unit.???

Exactly - Hopefully Joe is still trolling here today and will give us some good news on this :)

Best,
Mark.

-{ Quote: "My question is, if I like can I then buy a family license for the diff between a single and the family price? I would only need 4 total and would hate to have to buy 3 singles then....." }-
Hi there,

You can easily upgrade your existing license, by opening Edge, selecting "License Information" and then clicking "Get a License" (We probably need to reword that to "Renew / Upgrade" when already licensed). This will present a page of options available to you. You can also get here by going to the following URL and entering your license key:
http://www.prevx.com/renewlickey.asp

Under the upgrade options you will notice we effectively reimburse your remaining license value, then will restart your license for as many PCs as you wish.

Hope that helps :)

Thanks very much for the reply - I apologize, but can you please clarify, if I purchase 1 for myself now, can I soon then purchase 3 more for approx diff of @ 40 USD?

Basically I *think* I will want 4 in total but am only prepared to purch 1 right now....

Thanks,
Mark.

-{ Quote: "Thanks very much for the reply - I apologize, but can you please clarify, if I purchase 1 for myself now, can I soon then purchase 3 more for approx diff of @ 40 USD?

Basically I *think* I will want 4 in total but am only prepared to purch 1 right now....

Thanks,
Mark." }-

No problem. :)

The licensing system should work so that you can upgrade to a 4 PC license by simply paying the difference.

e.g.

I currently have a 1 PC license for Prevx Edge with 324 days remaining. This is valued as US $22.22.

4 PC Original Price: US $70.70,
Minus $22.22 of the current license remaining value,
My price to upgrade to a 4 user license would be: US $48.48

Hope that makes sense :)

Sounds great - thanks very much!

Best,
Mark.

Quickmonth Calender continues to be flagged as a miscreant.
It's from Code Dawn and I've been using it for over a year.
Hugger

As a further complication on that upgrade scenario - how about upgrading a Fam/Bis license of say 5 PX2 to Fam/Bis unit that comprises 1 x PX2 and 4 x PE3 ? (well someone had to ask...? ;) )

Well, ran a full scan after installing, and it found 3 what I believe were false positives, but in any event I seleted to remove them, rebooted and again like the time I trilaed it a few weeks ago, booted to a blue screen with the "Unmountable Boot Volume" error.

Trying to boot into safe mode is not working either, giving me just the same error. I will have to revert to the image I made right before install. If possible will try to get the dump off, but anything we can do to see why prevx is doing this? The only time I have bluescreened on this machine is after rebooting after installing and running Prevx.

I would hate to go the refund route, so is there anything we can do to track this down? thanks...

Best,
Mark

-{ Quote: "Question - I am going to give it another shot (I was the guy who had an initial blue-screen with the disk mount error message I thought was related) and am going to purchase a license.

My question is, if I like can I then buy a family license for the diff between a single and the family price? I would only need 4 total and would hate to have to buy 3 singles then....

Thanks in advance,
Mark." }-

Hello,
We will respond to you from the inbox for the license conversion :)

-{ Quote: "Well, ran a full scan after installing, and it found 3 what I believe were false positives, but in any event I seleted to remove them, rebooted and again like the time I trilaed it a few weeks ago, booted to a blue screen with the "Unmountable Boot Volume" error.

Trying to boot into safe mode is not working either, giving me just the same error. I will have to revert to the image I made right before install. If possible will try to get the dump off, but anything we can do to see why prevx is doing this? The only time I have bluescreened on this machine is after rebooting after installing and running Prevx.

I would hate to go the refund route, so is there anything we can do to track this down? thanks...

Best,
Mark" }-

This is quite odd as literally no one else has ever reported this. If you could send a minidump, that would be very helpful. Also, what files were detected on your system? It's very hard to guess what may be going on as this seems to be just a stray report from what I can see so far.

-{ Quote: "As a further complication on that upgrade scenario - how about upgrading a Fam/Bis license of say 5 PX2 to Fam/Bis unit that comprises 1 x PX2 and 4 x PE3 ? (well someone had to ask...? ;) )" }-

These cases will generally be taken care of on a case-by-case basis, preferably through the inbox where we can manage your license keys, etc.

-{ Quote: "Quickmonth Calender continues to be flagged as a miscreant.
It's from Code Dawn and I've been using it for over a year.
Hugger" }-

Could you please click Tools and Settings > Save Scan Results and send me the entry of the file which is being found?

I deleted the contents of this message as I have responded to you via the prevx site as to not clutter up this thread with my personal support work issues with you and the team - thanks and I look forward to hearing from you there.....

Best,
Mark.

Hi, i have found 2 false positive with edge.

Dono if i followed the correct way to report it to u. Correct me if i am wrong.

-{ Quote: "Hi, i have found 2 false positive with edge.

Dono if i followed the correct way to report it to u. Correct me if i am wrong." }-

Hello,
I only see one false positive in that log, C:\Program Files\GetAmpedSEA\amped.exe, (which is now fixed)

Please let me know what I'm not seeing (or try rescanning your system and let me know if it is all fixed now :))

-{ Quote: "Hello,
I only see one false positive in that log, C:\Program Files\GetAmpedSEA\amped.exe, (which is now fixed)

Please let me know what I'm not seeing (or try rescanning your system and let me know if it is all fixed now :))" }-

Sry i think it is because i added it as trusted.:)

but the amped.exe is still detected.

here is the new log,

-{ Quote: "Sry i think it is because i added it as trusted.:)

but the amped.exe is still detected.

here is the new log," }-

Hmm... the files are definitely 'Good' in the database, could you try rescanning again? Not sure why it wouldn't update your determination. Let me know what you find!

-{ Quote: "Hmm... the files are definitely 'Good' in the database, could you try rescanning again? Not sure why it wouldn't update your determination. Let me know what you find!" }-

Both detections are not found anymore. :thumb:

Thanks for the help.

;D So far I love this and runs smooth on vista. I realize you spent alot of time on this product. Good for us all and 'thanks":thumb:

I have been running Edge for about a month now and can't go without it in my setups. ;D

I ran EDGE in trial mode..and it came up with a FP I beleive (have reason to beleive it was a component with my Lenovo Desktop)

Fiile is C:\ProgramFiles\Lenovo\MultiRecover\windisk.dll

Just letting you guys know, is there some sort of a test license I can test this software of further before buying it?

Matt

Try uploading the .dll to Virus Total (http://www.virustotal.com/) for another opinion?

Prevx on Windisk.dll (http://www.prevx.com/filenames/249195529939058849-X1/WINDISK.DLL.html)

SAS on Windisk.dll (http://www.fileresearchcenter.com/W/WINDISK.DLL-11734.html)

-{ Quote: "I ran EDGE in trial mode..and it came up with a FP I beleive (have reason to beleive it was a component with my Lenovo Desktop)

Fiile is C:\ProgramFiles\Lenovo\MultiRecover\windisk.dll

Just letting you guys know, is there some sort of a test license I can test this software of further before buying it?

Matt" }-

If you could send us this program or click Tools and Settings > Save Scan Results, I will take a look to see if it is a false positive or not.

I'll also PM you a test license to trial out the disabled/limited features of Edge :)

Great program running with XP SP3 and Firefox along with Avira. No problems so far.

Went ahead and bought it for my wife's system (mines 64bit so no go). Very clean interface and easy to understand.

i think i have an issue with prevx edge. After the computer booted, i went to check the task manager and one prevx service is using 18k another using using 12k. But after i open the gui, one service reduce to using 1k . I repeated doing this and i can conclude that the prevx service memory usage will only reduce when i open the gui.

So do anyone here have this issue or it is a known issue??

FYI, my setup is in my signature.:)

False positive report:

Filename: Scan.dll
Directory location: D:\Program Files\World of Warcraft\
Source: Blizzard World of Warcraft
Virustotal report: 2/38 (eSafe:Suspicious File, Prevx1:Cloaked Malware)

OS version: Windows Vista Ultimate SP1 Dutch 32-bit
Prevx version: Prevx Edge v3.0.0.199 (medium heuristics)
Detected as: Cloaked Malware

Explanation from a Blizzard employee:
-{ Quote: "
This is nothing to worry about. We occasionally check the hardware specifications on your computer to know what types of computers our customers are using. Please be assured we do not check for any personal information. We're strictly looking for CPU speed, amount of RAM, video card information, and similar non-personal information.
" }-
Rename "Scan.txt" too "Scan.dll"
Download: 204755

I am very impressed and shall purchase a license in a day ior so, just trying to get the funds to:)

Here is some screenies to address my issue. :)

Before:
http://www.filehive.com/files/081209/before.JPG

After:
http://www.filehive.com/files/081209/after.JPG

-{ Quote: "False positive report:

Filename: Scan.dll
Directory location: D:\Program Files\World of Warcraft\
Source: Blizzard World of Warcraft
Virustotal report: 2/38 (eSafe:Suspicious File, Prevx1:Cloaked Malware)

OS version: Windows Vista Ultimate SP1 Dutch 32-bit
Prevx version: Prevx Edge v3.0.0.199 (medium heuristics)
Detected as: Cloaked Malware

Explanation from a Blizzard employee:

Rename "Scan.txt" too "Scan.dll"
Download: 204755" }-

Thank you for the report :) The file is indeed legitimate and we've corrected the false positive.

-{ Quote: "Here is some screenies to address my issue. :)

Before:
http://www.filehive.com/files/081209/before.JPG

After:
http://www.filehive.com/files/081209/after.JPG" }-


I don't believe there is a problem here :) Edge optimizes its memory usage frequently so you may see some change in the memory allocated to Edge (almost always for the better :))

-{ Quote: "I don't believe there is a problem here :) Edge optimizes its memory usage frequently so you may see some change in the memory allocated to Edge (almost always for the better :))" }-

But prevx service will only reduce to 1k and stay at it when only after i open gui. So there is nth wrong there? ???

-{ Quote: "But prevx service will only reduce to 1k and stay at it when only after i open gui. So there is nth wrong there? ???" }-

The GUI is the process which is dropping its memory usage. It does require as much memory as it has allocated, but Windows periodically pages out areas of process memory so depending on what the GUI is doing, it may allocate more or send more back into the pagefile.

-{ Quote: "The GUI is the process which is dropping its memory usage. It does require as much memory as it has allocated, but Windows periodically pages out areas of process memory so depending on what the GUI is doing, it may allocate more or send more back into the pagefile." }-

ok thank for the clarification. :)

i have found 1 false positive with firefox 3.1 beta 2.

This is the download link for it.
http://www.mozilla.com/en-US/firefox/all-beta.html

-{ Quote: "i have found 1 false positive with firefox 3.1 beta 2.

This is the download link for it.
http://www.mozilla.com/en-US/firefox/all-beta.html" }-

I've forwarded this onto the research team and it will be sorted shortly :)

-{ Quote: "I've forwarded this onto the research team and it will be sorted shortly :)" }-

ok, plz inform me the result ltr thank. :)

Hi PrevxHelp,
Just spent almost two hours reading this thread and your reaction time is unbelievable. You are always here to help, all credentials go to you :thumb:

Well, having ntb Vaio, dual core, 4GB RAM, Vista Business with Eset Smart Security v3 running on and so far so good. However the Edge's capabilities sound impressively so I would like to honestly know ...
1) Do you have any issues with ESS?
2) Is there a benefit or sense to complement ESS with trial version (only) of Edge?
3) How about Edge uninstall, easy way, no remnants (like Symantec) which would have to be hunted and manually deleted?

Thx and regards.
pegas

-{ Quote: "Hi PrevxHelp,
Just spent almost two hours reading this thread and your reaction time is unbelievable. You are always here to help, all credentials go to you :thumb:

Well, having ntb Vaio, dual core, 4GB RAM, Vista Business with Eset Smart Security v3 running on and so far so good. However the Edge's capabilities sound impressively so I would like to honestly know ...
1) Do you have any issues with ESS?
2) Is there a benefit or sense to complement ESS with trial version (only) of Edge?
3) How about Edge uninstall, easy way, no remnants (like Symantec) which would have to be hunted and manually deleted?

Thx and regards.
pegas" }-

Hello,
(Sorry for the delayed response time for this post, today has been quite busy ;D)

We are not aware of any issues with any ESET product. They do tend to generate a periodic false positive on new releases, but they are always fast at fixing it. I think combining ESS with the trial version of Edge would be a very good compliment as Edge will pick up and complain about anything which gets past ESS.

Edge's uninstall routine is very tuned and removes everything. It periodically may require a reboot, but it almost always does not.

Please let me know if you have any further questions! :)

Any news on a french version soon?
I was told from someone in your support team that Prevx 2.0 was already supporting french language.
I then asked what were the differences between 2.0 and Edge but never got a reply. (it was about a week ago)

Care to answer me here, please?

Regards,
François

-{ Quote: "Any news on a french version soon?
I was told from someone in your support team that Prevx 2.0 was already supporting french language.
I then asked what were the differences between 2.0 and Edge but never got a reply. (it was about a week ago)

Care to answer me here, please?

Regards,
François" }-

Sorry about the delayed response to the inbox. We are planning on adding further languages soon, but we are first focusing on product-based improvements rather than branching out into other languages for now. They will come ASAP tho :)

The core differences between 2.0 and Edge lie in ease of use and system impact. Prevx2 requires user interaction and requires significantly more resources when active on the system while Edge automates the answering process to virtually all prompts and requires very little resources/CPU.

Let me know if you have any further questions :)

-{ Quote: "The core differences between 2.0 and Edge lie in ease of use and system impact." }-
1-Does 2.0 possess all of the "power" of Edge?

2-Does Edge possess all of the "power" of 2.0?

3-Is 2.0 as up-to-date as Edge (with respect to handling the latest malware & exploits)?

4-Is an update to 2.0 still planned?

-{ Quote: "1-Does 2.0 possess all of the "power" of Edge?

2-Does Edge possess all of the "power" of 2.0?

3-Is 2.0 as up-to-date as Edge (with respect to handling the latest malware & exploits)?

4-Is an update to 2.0 still planned?" }-

Hello,
2.0 does not possess all of the power of Edge. With our new rootkit scanning, heuristics, and completely redesigned architecture, Edge is able to leverage our technologies far better than 2.0 can. However, 2.0 is still functional and will continue to protect against new threats, just not as well as Edge can.

2.0 is currently stable and essentially complete with no updates to the actual software scheduled. Updates to rules, signatures, etc. take place 24 hours/day :)

-{ Quote: "I've forwarded this onto the research team and it will be sorted shortly :)" }-

So how is the result?? ???
Is it a false positive?

-{ Quote: "I think combining ESS with the trial version of Edge would be a very good compliment as Edge will pick up and complain about anything which gets past ESS.
Please let me know if you have any further questions! :)" }-

Many thanks for your reply but could you be kindly more specific how the Edge would complement the ESS? You know I am not so IT tech savvy :-[ . I thought the trial version of Edge is not capable of cleaning, it does only monitoring, doesn't it? An exact explanation what the trial Edge will do, would be highly appreciated. Apologies for any inconvenience, my query could cause.

regards,
pegas

Hey PrevxHelp,

I had a hit with your program for a possible MBR rootkit.

I have a large drive and had some unallocated space I decided to format. It was during the end of this procedure that your program alerted. I know that MBRrootkit likes to drop stuff at the end of a drive.

The EQSecure alert at the same time was about "\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{CLSID}\Shell\Autoplay\DropTarget" but there is no entry in the logs for this alert.

I decided to run GMER and the MBR.exe also. GMER BSOD's during the devices scan with a stop 0x050/win32k.sys; the MBR.exe came up clean.
I emailed GMER 2 days ago about the BSODs, but he hasn't returned my email.

I had been running RootRepeal before and it was only showing 3 entries in drivers. Normally it would show entries in files like locked to the windows api and such. Didn't even show EQSecures hidden processes. After uninstalling a driver in Device Manager/show hidden devices/non plug and play, Its name was related to Acronis, It now shows more stuff in Rootrepeal.
I think something may have been limiting RootRepeal's scanning.

Is there anything I can do to verify if I do or do not have an MBR Rootkit?

-{ Quote: "So how is the result?? ???
Is it a false positive?" }-

I've yet to hear back from the research guys but I'll let you know as soon as I do. If you have the exact program which was causing the FP (or the precise link within the firefox website), I'll check it out myself.

-{ Quote: "Hey PrevxHelp,

I had a hit with your program for a possible MBR rootkit.

I have a large drive and had some unallocated space I decided to format. It was during the end of this procedure that your program alerted. I know that MBRrootkit likes to drop stuff at the end of a drive.

The EQSecure alert at the same time was about "\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{CLSID}\Shell\Autoplay\DropTarget" but there is no entry in the logs for this alert.

I decided to run GMER and the MBR.exe also. GMER BSOD's during the devices scan with a stop 0x050/win32k.sys; the MBR.exe came up clean.
I emailed GMER 2 days ago about the BSODs, but he hasn't returned my email.

I had been running RootRepeal before and it was only showing 3 entries in drivers. Normally it would show entries in files like locked to the windows api and such. Didn't even show EQSecures hidden processes. After uninstalling a driver in Device Manager/show hidden devices/non plug and play, Its name was related to Acronis, It now shows more stuff in Rootrepeal.
I think something may have been limiting RootRepeal's scanning.

Is there anything I can do to verify if I do or do not have an MBR Rootkit?" }-

I believe this might be a false positive on our end. During your format, the formatting program most likely modified the MBR/bootsector/partition table, etc. which caused the warning.

I'm going to err on the side of this being legitimate and see if we can make any changes to allow format operations, which look very similar to MBR infections, and not warn.

Thanks for the report ;D Let me know if you have any further questions with this or if you want one of us Prevx representatives to check out your system remotely if you aren't convinced you are clean.

-{ Quote: "i have found 1 false positive with firefox 3.1 beta 2.

This is the download link for it.
http://www.mozilla.com/en-US/firefox/all-beta.html" }-

ok sry i forgt to state which version i dl.

I downloaded the eng (us) windows version.

This is the link :
http://www.mozilla.com/en-US/products/download.html?product=firefox-3.1b2&os=win&lang=en-US

I have a license for Edge and it is currently active on my rig but can someone please clarify which of Online Armor 3 paid, A Squared Anti Malware 4 and Edge is an overlap or duplication of protection, I am now also running Avast Home 4.8., I have removed Threatfire since installing Edge.

Gh113???

Can't seem to get through initial scan on install.

Here's the Vista error:

Problem signature:
Problem Event Name: APPCRASH
Application Name: prevx.exe
Application Version: 3.0.0.199
Application Timestamp: 49382c38
Fault Module Name: ntdll.dll
Fault Module Version: 6.0.6001.18000
Fault Module Timestamp: 4791a7a6
Exception Code: c0000005
Exception Offset: 00069460

Can Joe or anyone take a look?

I've given Edge permission in ESS.

Thanks in advance.

philby

Thanks PrevxHelp,

I figured it was something like a FP, better to have an expert verify.

If I have any issues with Prevx Edge or malware questions from same I will post.

I appreciate the help and kindness. I haven't seen a product with such great support.

Question-My gmer scan showed the file mbr.sys in a TEMP file in Documents and Settings:
? C:\DOCUME~1\VERR_I~1\LOCAL\Temp\mbr.sys
The system cannot find the file specified. !

Is this something I should investigate further?

-{ Quote: "Thanks PrevxHelp,

I figured it was something like a FP, better to have an expert verify.

If I have any issues with Prevx Edge or malware questions from same I will post.

I appreciate the help and kindness. I haven't seen a product with such great support.

Question-My gmer scan showed the file mbr.sys in a TEMP file in Documents and Settings:
? C:\DOCUME~1\VERR_I~1\LOCAL\Temp\mbr.sys
The system cannot find the file specified. !

Is this something I should investigate further?" }-

Hmm.... this is an interesting case. While the operation you were doing on your harddisk (formatting) would generally make modifications to the MBR legitimately, potentially causing a false positive, Edge may have been correct in its diagnosis of an MBR rootkit in this case as that driver does not look like it is doing anything legitimate.

If you run an Edge scan now, does it say anything about \\.\PhysicalDrive0\MBR as an infection named "Possible MBR Rootkit"? If it does, then you may very well be infected. If not (and if this was really a malware intrusion), Edge appears to have blocked it.

This is interesting though, and possibly a very odd set of coincidences. Please let me know what you find! :)

-{ Quote: "Can't seem to get through initial scan on install." }-

Hello,
This could be caused by malware or a software bug. I've sent you a PM as to what we could try and do to resolve it :) Thank you for the report!

Bout time, someone stumped you.;)

I ran a Prevx scan after the alert and it came up 0 malicious items found.

Previously Detected Files: [D] (ACTIVE) C:\Documents and Settings\VERR_INVALID_NAME\Local Settings\Temp\_TinDel.exe [PX5: 0186414100B628B80A9F005FF9C7D500B79BCD14] Malware Group: Community.OuterEdge [BP] (ACTIVE) C:\Documents and Settings\VERR_INVALID_NAME\Desktop\sreng2\Plugins\NTFSTREAM.SRE [PX5: 589384C400CD63CFB04001FDB02AF10097C552D3] Malware Group: Worm

Installation issue was resolved by Joe via remote access.

He is extremely professional.

Wish I worked with/for someone like him. Excellent stuff.

Thanks again

philby

-{ Quote: "I ran a Prevx scan after the alert and it came up 0 malicious items found.

Previously Detected Files: [D] (ACTIVE) C:\Documents and Settings\VERR_INVALID_NAME\Local Settings\Temp\_TinDel.exe [PX5: 0186414100B628B80A9F005FF9C7D500B79BCD14] Malware Group: Community.OuterEdge [BP] (ACTIVE) C:\Documents and Settings\VERR_INVALID_NAME\Desktop\sreng2\Plugins\NTFSTREAM.SRE [PX5: 589384C400CD63CFB04001FDB02AF10097C552D3] Malware Group: Worm" }-

Hello,
This looks fine. I'm going to err on the side of saying your system is clean. Whether it was actually infected or not may remain a mystery ;D

-{ Quote: "Installation issue was resolved by Joe via remote access.

He is extremely professional.

Wish I worked with/for someone like him. Excellent stuff.

Thanks again

philby" }-

Thank you for your kind words :) As always, if you (or anyone else for that matter) ever run into any problems, I'm never too far away :)

-{ Quote: "Hey PrevxHelp,

I had a hit with your program for a possible MBR rootkit.

I have a large drive and had some unallocated space I decided to format. It was during the end of this procedure that your program alerted. I know that MBRrootkit likes to drop stuff at the end of a drive.

The EQSecure alert at the same time was about "\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{CLSID}\Shell\Autoplay\DropTarget" but there is no entry in the logs for this alert.

I decided to run GMER and the MBR.exe also. GMER BSOD's during the devices scan with a stop 0x050/win32k.sys; the MBR.exe came up clean.
I emailed GMER 2 days ago about the BSODs, but he hasn't returned my email.

I had been running RootRepeal before and it was only showing 3 entries in drivers. Normally it would show entries in files like locked to the windows api and such. Didn't even show EQSecures hidden processes. After uninstalling a driver in Device Manager/show hidden devices/non plug and play, Its name was related to Acronis, It now shows more stuff in Rootrepeal.
I think something may have been limiting RootRepeal's scanning.

Is there anything I can do to verify if I do or do not have an MBR Rootkit?" }-

I'd suggest running comparison scans using Rootkitty within Windows and from UBCD4Win,that should highlight any discrepancies.

I've tried using Rootkitty but the scan from UBCD4win shows a very large amount of files. Impossible to verify integrity.

At the time I used Rootkitty I decided to wipe the drive. After wiping I surfed with the UBCD4win. While surfing I recieved a raw write of 5108 sectors at the end of the disk. A wiped drive had been written to.
The only possibility for this behaviour is if UBCD4win was corrupt when created.

I put in the first UBCD/linux and wiped again. Then I decided to see what all of the tools were. One by one loading them. I found a tool that would reset the HDD to it's maximum size. It reported a difference of about 100kb so I reset to maximum and then wiped front and back, completing with a full wipe.

After reinstalling I load SP3 from CD. Connecting to the internet, I download and install Returnil. Now all connections to internet are through Returnil. While using Returnil something was causing a BSOD of corrupt driver. (I think an attack now.) Connecting without Returnil, one BSOD of the same kind. After reboot no more BSODs with or without Returnil.

Wiping and reinstalling seems to clear the issues but they wiggle back in. Currently My CMOS clock is an hour back after a mysterious reboot.

-{ Quote: "Many thanks for your reply but could you be kindly more specific how the Edge would complement the ESS? You know I am not so IT tech savvy :-[ . I thought the trial version of Edge is not capable of cleaning, it does only monitoring, doesn't it? An exact explanation what the trial Edge will do, would be highly appreciated. Apologies for any inconvenience, my query could cause.

regards,
pegas" }-

Hi PrevxHelp, would you kindly expedite an answer to my query. Or is there something what hinders to publicly reveal the Edge's capabilities in the trial mode?

Hey PrevxHelp,

Malware and the Component Object Model system.

Is there any malware written to use the C.O.M. system partially or fully?

If malware is written for C.O.M., Is detecting it anymore difficult to detect than other types of malware?

If Malware is written in C.O.M., Would it be truly cross platform capable?

Morning Joe,
Clicked on Help & FAQ's under Tools & Settings last night and got this pop-up:

Is this a known problem or confined to my particular machine? This is reproducible every time I click on Help & FAQ's.
Prevx restarts on its own about 30 secs or so later leaving two icons in the system tray.

@Dark Star 72, works fine for me :)

-{ Quote: "Hi PrevxHelp, would you kindly expedite an answer to my query. Or is there something what hinders to publicly reveal the Edge's capabilities in the trial mode?" }-

Hello,

PrevxHelp hasn't replied during this weekend because he has had an air travel :)

Prevx Edge in trial mode has full detection capabilities of Prevx Edge full version. The only difference is that Prevx Edge won't remove eventually detected infections.

If a malware bypass ESS and is detected by Edge, you'll get a popup that advise you Prevx Edge detected the malware but it couldn't remove it as it is in evaluation mode.

-{ Quote: "Hello,

PrevxHelp hasn't replied during this weekend because he has had an air travel :)

Prevx Edge in trial mode has full detection capabilities of Prevx Edge full version. The only difference is that Prevx Edge won't remove eventually detected infections.

If a malware bypass ESS and is detected by Edge, you'll get a popup that advise you Prevx Edge detected the malware but it couldn't remove it as it is in evaluation mode." }-

Also, to add what EraserHW said, Edge will only detect malware in realtime and not block it under the trial, but the trial is time-unlimited so you can use it for as long as you want (as somewhat of an on-demand scanner in realtime if wanted).

-{ Quote: "Morning Joe,
Clicked on Help & FAQ's under Tools & Settings last night and got this pop-up:

Is this a known problem or confined to my particular machine? This is reproducible every time I click on Help & FAQ's.
Prevx restarts on its own about 30 secs or so later leaving two icons in the system tray." }-

Hi Dark Star 72,
We haven't heard of any other users complaining about this, however, its possible that there is an issue.

Do you have any programs installed which could be filtering memory access/changing allocations/etc.? Clicking 'Help & FAQs' doesn't really "do" a whole lot so I'd doubt there is really a buffer overflow going on, so I'm going to tend to err on the side of it being another product interfering with us when using that function.

Let me know and I'll investigate it further ASAP :)

-{ Quote: "Hey PrevxHelp,

Malware and the Component Object Model system.

Is there any malware written to use the C.O.M. system partially or fully?

If malware is written for C.O.M., Is detecting it anymore difficult to detect than other types of malware?

If Malware is written in C.O.M., Would it be truly cross platform capable?" }-

Hello,
To the underlying OS, COM is just another layer for software to communicate through. It is a Windows-dependent technology (but cross-platform within Windows itself).

Malware is really no harder to detect if it uses COM, and I'm imagining there are some infections which use it just to obfuscate their actions a bit more (I personally haven't seen any but IANAMR (I Am Not A Malware Researcher ;D)

-{ Quote: "Hi Dark Star 72,
We haven't heard of any other users complaining about this, however, its possible that there is an issue.

Do you have any programs installed which could be filtering memory access/changing allocations/etc.? Clicking 'Help & FAQs' doesn't really "do" a whole lot so I'd doubt there is really a buffer overflow going on, so I'm going to tend to err on the side of it being another product interfering with us when using that function.

Let me know and I'll investigate it further ASAP :)" }-

I have a few other products installed, ie: GeSWall, Rollback Rx and Executable Lockdown which isn't on all the time. I am going to remove them all so that I only have Edge on board and see what happens. Will let you know what happens :(

-{ Quote: "I have a few other products installed, ie: GeSWall, Rollback Rx and Executable Lockdown which isn't on all the time. I am going to remove them all so that I only have Edge on board and see what happens. Will let you know what happens :(" }-

Sorry for the inconvenience with this, but it will be extremely useful to have a somewhat isolated environment to test in. Please let me know what you find!

-{ Quote: "Sorry for the inconvenience with this, but it will be extremely useful to have a somewhat isolated environment to test in. Please let me know what you find!" }-

Right, removed everything from my system, ran CrapCleaner. Then downloaded a fresh copy of Edge. Uninstalled the copy of Edge installed on the computer and then installed the fresh copy. Problem solved, can now access Help & FAQ's without any problems. Gut feeling is that the problem is to do with Rollback Rx, may install it again in a few days and see what happens, on the other hand I may not:-\ .
However, I will keep an eye on it to see if it reoccurs, if it does I should know what causes it next time.

-{ Quote: "Right, removed everything from my system, ran CrapCleaner. Then downloaded a fresh copy of Edge. Uninstalled the copy of Edge installed on the computer and then installed the fresh copy. Problem solved, can now access Help & FAQ's without any problems. Gut feeling is that the problem is to do with Rollback Rx, may install it again in a few days and see what happens, on the other hand I may not:-\ .
However, I will keep an eye on it to see if it reoccurs, if it does I should know what causes it next time." }-

Thank you for the information - I'm going to have our internal QA take a look to see if we can do anything to prevent the problem as well. Please let me know if you find anything else amiss :)

-{ Quote: "Thank you for the information - I'm going to have our internal QA take a look to see if we can do anything to prevent the problem as well. Please let me know if you find anything else amiss :)" }-

Sorry for delay in getting back to you,other things got in the way;D
With just Edge on the computer and Windows XP Home SP3 firewall - first I reinstalled GeSWall and the problem is back:o Uninstalled GeSWall and installed DefenseWall - no problem. Added Executable Lockdown and still no problem. Haven't reinstalled Rollback RX but it seems that the problem lies with GeSWall.
Hope that is of assistance to your testing, first time I have knowingly had a problem with GeSWall.

-{ Quote: "Sorry for delay in getting back to you,other things got in the way;D
With just Edge on the computer and Windows XP Home SP3 firewall - first I reinstalled GeSWall and the problem is back:o Uninstalled GeSWall and installed DefenseWall - no problem. Added Executable Lockdown and still no problem. Haven't reinstalled Rollback RX but it seems that the problem lies with GeSWall.
Hope that is of assistance to your testing, first time I have knowingly had a problem with GeSWall." }-

Thank you for the information - we'll start testing against GeSWall shortly to see if we can avoid the problem :)

Do you know of any current problems between Edge and PC Tools Firewall and or Threatfire?
Thanks.
Hugger

-{ Quote: "Do you know of any current problems between Edge and PC Tools Firewall and or Threatfire?
Thanks.
Hugger" }-

The only possible problem I've seen between PC Tools FW and Edge is an incompatibility in the optional self protection feature of Edge. Threatfire seems to be fine AFAICT.

Let me know if you see any differently :)

-{ Quote: "Sorry for delay in getting back to you,other things got in the way;D
With just Edge on the computer and Windows XP Home SP3 firewall - first I reinstalled GeSWall and the problem is back:o Uninstalled GeSWall and installed DefenseWall - no problem. Added Executable Lockdown and still no problem. Haven't reinstalled Rollback RX but it seems that the problem lies with GeSWall.
Hope that is of assistance to your testing, first time I have knowingly had a problem with GeSWall." }-
Hi Dark Star

I think I can confirm you view that the problem does not lie with Rollback Rx as I have it installed (since prior to installing Edge) and I can advise that I cannot reproduce the symptoms you describe...no matter how hard I try. I also DO NOT have GeSWall installed.

Cheers ;D

Jesus, I just spent an hour trying to upgrade from Prevx2 to MyPrevx Edge. I am toying with the thought of loading my 9mm Sig Sauer P239 and just ending it all. Is this a trick? Do I have to uninstall Prevx2 and forget about the financial credit toward Edge for 3 years time served with Prevx2?

I feel like an idiot. I just sent a message to customer support as Prevx was supposed to dispatch an email to me to continue the license/product transfer from Prevx2 to Edge and never did.

Should I just forget about it?

Wow. Chatter on this channel has increased. http://www.wilderssecurity.com/images/smilies/eek.gif -{ Quote: "To the underlying OS, COM is just another layer for software to communicate through. It is a Windows-dependent technology (but cross-platform within Windows itself)." }-
-{ Quote: " IDLs describe an interface in a language-neutral way, enabling communication between software components that do not share a language – for example, between components written in C++ and components written in Java.

The IDL file is compiled by the MIDL compiler into a pair of forms for consumption from various languages.

C++ source code for a proxy module can also be generated by the MIDL compiler. This proxy contains method stubs for converting COM calls into Remote Procedure Calls, thus enabling DCOM.

IDLs are commonly used in remote procedure call software (What is remote procedure call software? (http://en.wikipedia.org/wiki/Remote_procedure_call)). In these cases the machines at either end of the "link" may be using different operating systems and computer languages. IDLs offer a bridge between the two different systems.

An RPC is initiated by the client sending a request message to a known server in order to execute a specified procedure using supplied parameters.

In order to allow servers to be accessed by differing clients, a number of standardized RPC systems have been created. Most of these use an interface description language (IDL) to allow various platforms to call the RPC.

The IDL files can then be used to generate code to interface between the client and server. The most common tool used for this is RPCGEN.

XML-RPC is an RPC protocol which uses XML to encode its calls and HTTP as a transport mechanism.
" }-

From what I have excerpted from Wikipedia above, it appears to me that C.O.M. is cross platform capable though C.O.M. is a microsoft developement system.

Can client and server be on a single/individual computer?

Does Prevx Edge look for malicious rpc software or malicious IDL?

Does Prevx Edge look for legitimate RPC software being used by malicious software?

Would Malware install its own legitimate RPC software or maybe a maligned RPC?

How many RPC softwares should my computer contain on a clean install of WinXPProSP3?

Would HIPS be a better way to manage against nefarious use of RPC, IDL, TLBs and COM components?

IAJSFA (I am just searching for answers.)

OK, I gave up the ghost and miscreant fantasies of suicide and purchased Prevx Edge atop my recent renewal of Prevx2 as the license swap isn't working at present, somehow hamstrung at the email notification process.

Question: is there a link either here or elsewhere that details advanced settings for a system running both Prevx Edge and Prevx2? At this point is it best to uninstall Prevx2?

Any help would be much appreciated.

-Mark
Prevx Edge
Prevx2
NOD32
Malwarebytes
Online Armor

-{ Quote: "Jesus, I just spent an hour trying to upgrade from Prevx2 to MyPrevx Edge. I am toying with the thought of loading my 9mm Sig Sauer P239 and just ending it all. Is this a trick? Do I have to uninstall Prevx2 and forget about the financial credit toward Edge for 3 years time served with Prevx2?

I feel like an idiot. I just sent a message to customer support as Prevx was supposed to dispatch an email to me to continue the license/product transfer from Prevx2 to Edge and never did.

Should I just forget about it?" }-
Hi Mark,

Sorry you appear to have hit issues when trying to swap the remaining credit of your P2 license over to Edge. This is ordinarily an automated system, available on our website here:
http://info.prevx.com/licenseswap.asp

If you have tried to use this system but hit problems, please don't hesitate to drop me a PM here along with the license key you're having problems with and I'll get it followed up (can't find your message in the support area) :)

-{ Quote: "From what I have excerpted from Wikipedia above, it appears to me that C.O.M. is cross platform capable though C.O.M. is a microsoft developement system." }-

I think there is a bit of misunderstanding going on here. COM/RPC are benign, unless some legitimate software exposes an interface which could cause damage, i.e., if some legitimate software opens a RPC function to delete a file.

RPC is used very often by a number of different types of software and it would really have to be a design flaw to cause damage. Otherwise, RPC/COM do not have any more privileged interfaces to the underlying OS than any other program.

Hope that helps :)

Hi,

I know ealier on in the thread there was talk of a malware sample submission process. Is there any news on how this is getting along?

Cheers

Jlo

PS I already have supports emails so that is where my samples go at the moment.

-{ Quote: "Hi,

I know ealier on in the thread there was talk of a malware sample submission process. Is there any news on how this is getting along?

Cheers

Jlo

PS I already have supports emails so that is where my samples go at the moment." }-

We still don't have any web-based process yet, but feel free to send the samples to anyone of the Prevx representatives here and we will expedite the analysis process for you :)

I was just wondering if there were any differences between DriveSentry and Prevx Edge.

-{ Quote: "We still don't have any web-based process yet, but feel free to send the samples to anyone of the Prevx representatives here and we will expedite the analysis process for you :)" }-

Ok thanks:)

Tried Prevx Edge for a week and it seemed OK-didn't do anything, which was good, and didn't interfere. Had to uninstall today when it hung at 50% CPU usage and turning off monitoring didn't do anything. Couldn't see a way to simply exit and restart. Maybe next release ... . Vista Ultimate SP1+Avast!+Online Armor.

-{ Quote: "Tried Prevx Edge for a week and it seemed OK-didn't do anything, which was good, and didn't interfere. Had to uninstall today when it hung at 50% CPU usage and turning off monitoring didn't do anything. Couldn't see a way to simply exit and restart. Maybe next release ... . Vista Ultimate SP1+Avast!+Online Armor." }-

Out of curiosity - could it have been running a scan in the background? How long was it stuck at 50% for?

No scan running according to the gui-no "scanning" popup either. It had been running at least 5 minutes or so (possibly much longer) when I went to task manager to investigate the slowdown, let it run for a while, finally gave up.

-{ Quote: "No scan running according to the gui-no "scanning" popup either. It had been running at least 5 minutes or so when I went to task manager to investigate the slowdown, let it run for a while, finally gave up." }-

Thank you for the information. I haven't heard of this from any other user, but we'll investigate it further and see if we can find anything wrong. Sorry for the inconvenience :-\

I wasn't trying to point out COM/RPC but COM/IDL which is a neutral development language and RPC is developed with COM/IDL.

COM encompasses the OLE, OLE Automation, ActiveX, COM+ and DCOM technologies.

As an example, Hide My Folders (http://www.eltima.com/products/hide-folder-activex/). Based on their feature list they are malware with the ability to hide even in safe mode. This software is written using COM, which active-x is a part of.

Is this COM method of hiding detected by Prevx Edge?

Also I have been trying to find what COM related components are a part of Windows; exes, dlls and drivers. For instance, clbcatq.dll, a part of COM service, can be injected into any other processes. Control clbcatq.dll and you can inject your code into any running exe on demand.

Can Prevx Edge find a malware that hides info from the user but not from the system?

-{ Quote: "I wasn't trying to point out COM/RPC but COM/IDL which is a neutral development language and RPC is developed with COM/IDL. COM encompasses the OLE, OLE Automation, ActiveX, COM+ and DCOM technologies. As an example, Hide My Folders (http://www.eltima.com/products/hide-folder-activex/). Based on their feature list they are malware with the ability to hide even in safe mode. This software is written using COM, which active-x is a part of. Is this COM method of hiding detected by Prevx Edge? Also I have been trying to find what COM related components are a part of Windows; exes, dlls and drivers. For instance, clbcatq.dll, a part of COM service, can be injected into any other processes. Control clbcatq.dll and you can inject your code into any running exe on demand. Can Prevx Edge find a malware that hides info from the user but not from the system?" }-

The rootkit scanning in CSI and Edge reads the disk at the lowest level possible, therefore, it easily bypasses these very high-level methods of obfuscation. Hiding files with COM leaves them visible to other non-COM interfaces within the operating system, so the files are not really hidden at all and Edge would be able to see them without even using the rootkit scanner.

Edge finds malware which hides files from the user, but if you hide a legitimate file, Edge will not report it (as do many other antirootkit programs, but this generally causes more user confusion than necessary, so, we first check with the database rather than report every minor non-malicious entry in the system).

Thank you,

That puts it into perspective for me. You have saved me a long journey through the msdn forest by providing me a teleporter.

-{ Quote: "Thank you,

That puts it into perspective for me. You have saved me a long journey through the msdn forest by providing me a teleporter." }-

;D No problem at all - I spend far too much time myself trying to find my way through the MSDN forest as well ;D Always glad to help out by consolidating previous research into stomach-able chunks :)

Deleted because of duplication - see following post:;D

C:\WINDOWS\LMI2F1.tmp\lmi_rescue.exe > See screenshot attached:

Just noticed this file in SSM, after I was checking the (silent) update of PrevxEdge to version

3.0.0.199. Is it just coincidental? This file does not seem(no longer) to exist. A search of google turned up

nothing for - C:\WINDOWS\LMI2F1.tmp\lmi_rescue.exe

However, a search for - lmi_rescue.exe found this >

http://www.prevx.com/filenames/1238620912960067123-0/LMI_RESCUE.EXE.html

So I am curious as to what this means? Has my system been compromised or not? :-\

-{ Quote: "C:\WINDOWS\LMI2F1.tmp\lmi_rescue.exe > See screenshot attached:

Just noticed this file in SSM, after I was checking the (silent) update of PrevxEdge to version

3.0.0.199. Is it just coincidental? This file does not seem to exist. A search of google turned up

nothing for - C:\WINDOWS\LMI2F1.tmp\lmi_rescue.exe

However, a search for - lmi_rescue.exe found this >

http://www.prevx.com/filenames/1238620912960067123-0/LMI_RESCUE.EXE.html

So I am curious as to what this means? Has my system been compromised or not? :-\" }-

This file is legitimate - it is part of LogMeIn, used for remote assistance (we use it as well as a lot of other companies :))

If you are really doubting it, send it over to me and I'll double check it, but AFAICT, that is a legitimate copy.

-{ Quote: "This file is legitimate - it is part of LogMeIn, used for remote assistance (we use it as well as a lot of other companies :))

If you are really doubting it, send it over to me and I'll double check it, but AFAICT, that is a legitimate copy." }-


LOL - Joe, I just remembered it was downloaded about 4 weeks ago for that remote desktop session that I had with you. I just had a senior moment.:)

-{ Quote: "LOL - Joe, I just remembered it was downloaded about 4 weeks ago for that remote desktop session that I had with you. I just had a senior moment.:)" }-

No problem :) I figured it would be the same one :)

False positive report:

Program: TweakVI v1.0 build 1100 (Basic freeware version)
Website: http://www.totalidea.com/
Windows version: Windows Vista Ultimate SP1 Dutch 32-bit
Prevx version: Prevx Edge v3.0.0.199
Detection type: Malicious Software
Heuristics setting: High

Temp file detected during installation and uninstaller also detected.

204912

Is there an advanced settings tutorial for Edge, akin to Blackspear's famous NOD32 tutorial (http://www.wilderssecurity.com/showthread.php?t=197509) that I've used with joy on both versions 2.7 and 3.0?

I just installed the full version of Prevx Edge five minutes ago. I did not adjust a single setting. This was emotionally traumatizing for me and I expect some sympathy. I decided to just "set it and go" to see how it performs. All I know is that real-time protection is enabled as my little green light is on in the center of Prevx' system tray icon. I have used Prevx and Prevx2 for almost three years, but this seems like a very different animal.

I would love some focused education. Could anyone point me to white papers, blogs or intelligent reviews that analyze the similarities and differences between Edge and Prevx2 and, as I asked in sentence one, set-up options for a more articulated performance. I'm reading this thread front to back, but it's like a novel and a rather incoherent one.

Take care. Oh, FWIW, my 24/7 real-time security setup is:
1. Prevx Edge
2. ESET NOD32 Antivirus v3
3. Malwarebytes' Anti-Malware
4. Javacool SpywareBlaster
5. Netgear Router (hard) Firewall + Windows (soft) Firewall

Comments would be appreciated.

Has anyone come across this one?

Just after booting up, with the Edge sys tray icon visible the main UI opens 'by itself' and at the same time the upgrade/purchase popup appears, and every time that I try to close either of them they reappear seconds later???

I could not understand or see what was prompting this other than the recent installation of IE7 Security Update (KB960714)...not that I am saying that this is the case...and in fact cannot see how such an update would do this. However, I rolled my system back to a pre-install position and the issue appears to have disappeared.

Now this observation is not 'scientifically' analysed but I thought it worth asking the question. Hopefully, over the weekend I will have time to reinstall the MS update and check potential causality more thoroughly.:o

-{ Quote: "Is there an advanced settings tutorial for Edge, akin to Blackspear's famous NOD32 tutorial (http://www.wilderssecurity.com/showthread.php?t=197509) that I've used with joy on both versions 2.7 and 3.0?" }-

Hello,
I'm currently unaware of an advanced settings tutorial for Edge, but that would be somewhat against the "mantra" of Edge. The core objective in Edge has been to make security simple and not require users to walk through a learning curve to use it - it will work perfectly fine directly out of the box.

Prevx2, however, is definitely a different animal. It is much more HIPS-focused, which gives users more granular control over the reporting, etc. but a vast majority of users get confused rather than helped by extraneous popups.

In Edge, we do offer some fine tuning for the heuristics settings if you click Edge Settings > Heuristics Settings. In here, you can configure the strengths of three different heuristics engines which feed into our database rules. We do have a number of other heuristics besides the ones you can see there, but they are all maintained in the database centrally so that they can protect based on the knowledge gathered and analyzed globally.

If you have any further questions or if you want more clarification, let me know - this thread is definitely a novel and I hope you survive past reading every post to read this reply ;D

-{ Quote: "Has anyone come across this one?

Just after booting up, with the Edge sys tray icon visible the main UI opens 'by itself' and at the same time the upgrade/purchase popup appears, and every time that I try to close either of them they reappear seconds later???

I could not understand or see what was prompting this other than the recent installation of IE7 Security Update (KB960714)...not that I am saying that this is the case...and in fact cannot see how such an update would do this. However, I rolled my system back to a pre-install position and the issue appears to have disappeared.

Now this observation is not 'scientifically' analysed but I thought it worth asking the question. Hopefully, over the weekend I will have time to reinstall the MS update and check potential causality more thoroughly.:o" }-

I haven't seen this, but by any chance is your system status "Infected"? If so, the GUI will open by default on bootup to prompt the user with any problems that were identified.

If not, let me know and we'll try and investigate further :)

-{ Quote: "False positive report:

Program: TweakVI v1.0 build 1100 (Basic freeware version)
Website: http://www.totalidea.com/
Windows version: Windows Vista Ultimate SP1 Dutch 32-bit
Prevx version: Prevx Edge v3.0.0.199
Detection type: Malicious Software
Heuristics setting: High

Temp file detected during installation and uninstaller also detected.

204912" }-

Hello,

please check again :) It should be now fixed :)

Thank you for your help :)

Hey Joe

Is the scheduler running correctly?

Edge seems to be scanning out of whack with the scheduler. Mine is set to 9pm daily but the capture shows the time of last scan as at 10.04 tonight.

I can replicate this at work on XP - various delays after scheduled time of up to an hour before the scan kicks off according to later reference to the GUI.

Not critical for me, but maybe for others?

philby

-{ Quote: "Hey Joe

Is the scheduler running correctly?

Edge seems to be scanning out of whack with the scheduler. Mine is set to 9pm daily but the capture shows the time of last scan as at 10.04 tonight.

I can replicate this at work on XP - various delays after scheduled time of up to an hour before the scan kicks off according to later reference to the GUI.

Not critical for me, but maybe for others?

philby" }-

Hello,
This is the intended behavior - we stagger scheduler execution times so it could be delayed by up to an hour (intentionally). This is generally to keep load on a network down. For instance, if a company has 10,000 PCs and they all are scheduled to scan at 8am when the work day starts.... that would spell some bad trouble for the network throughput. So, we stagger randomly which could cause it to happen up to one hour later than the configured time.

Hope that helps! :)

Another clear answer.

Thank you.

(Apologies for unreasonably massive window capture - can't seem to shrink image using vista snip...)

philby

Does Prevx Edge audit the expansion ROM in memory?
Possibly comparing against a list of known good ROMs.

-{ Quote: "Hello,

please check again :) It should be now fixed :)

Thank you for your help :)" }-

Fixed indeed. :)

-{ Quote: "Does Prevx Edge audit the expansion ROM in memory?
Possibly comparing against a list of known good ROMs." }-

No it does not, however, if you happen to come across any piece of malware which hides itself in there, please let me know ;D Edge does, however, analyze the boot sector and master boot record to find malware or any obfuscation in the bootstrapping code.

Is it possible to get the Expansion ROM code loaded into system memory or from the card itself?

"The (Expansion) ROM can be retrieved from system memory, or from the card itself. In order to carry out an audit,"

Would it then be possible to do a checksum of the loaded Expansion ROM code that is now in physical RAM comparing to a community checksum data base of manufacturer checksums?

"Having obtained the ROMs from system memory and the card itself, these should be compared to known good ROMs obtained from vendor websites."

By the two Q&A's above, Could Prevx be designed to carry out this memory check of Expansion ROM code for verification?

"After enumerating the PCI bus and copying expansion ROMs to memory, the system"

"The author determined that by hooking interrupt 10h via an expansion ROM,"

"If a Legacy card’s option ROM code hooks INT 19h during its initialization call it controls the boot process."

"With modifications to the base code, or by supplying alternate base code altogether, it is possible to subvert PXE in order to carry out a pre-boot update of a rootkit."
Detecting PCI Rootkits-Heasman

Is Prevx Edge able to detect the hooking of interrupt 10h or 19h or does the Prevx Edge detector load later?

-{ Quote: "Is it possible to get the Expansion ROM code loaded into system memory or from the card itself?

"The (Expansion) ROM can be retrieved from system memory, or from the card itself. In order to carry out an audit,"

Would it then be possible to do a checksum of the loaded Expansion ROM code that is now in physical RAM comparing to a community checksum data base of manufacturer checksums?

"Having obtained the ROMs from system memory and the card itself, these should be compared to known good ROMs obtained from vendor websites."

By the two Q&A's above, Could Prevx be designed to carry out this memory check of Expansion ROM code for verification?
" }-

This is possible, however, as mentioned in the article, hardware vendors do not have an established database of legitimate ROM code so it would be inexact to detect and possibly cause more trouble than it's worth. Frankly, if something is loading that early in the system it would have absolute control over everything which happens and even if we were to be able to detect it, they would be able to just block our software from running in the first place.

And, it is also a theoretical rootkit rather than a real one - the difficulty of producing a functioning example would be so immense that it would be completely hardware+OS dependent and probably not work far outside the test environment.

I'd honestly be more afraid of someone coming into my house and destroying my computer with a sledgehammer (and unfortunately we don't have any software to prevent that ;D)

-{ Quote: "I haven't seen this, but by any chance is your system status "Infected"? If so, the GUI will open by default on bootup to prompt the user with any problems that were identified.

If not, let me know and we'll try and investigate further :)" }-
Hi Joe

No, I am fairly certain that it was not infected. I ran a scan with SAS, MBAM, KIS & CureIt...all turned up negative.

As I said, the only thing that was different from the system that I have ben running Edge on since it was released is the MS Update for IE7. Weird or what.???

So I guess I have a better chance of finding a rogue win3.1 install than an Expansion ROM compromise.

-{ Quote: "So I guess I have a better chance of finding a rogue win3.1 install than an Expansion ROM compromise." }-

I agree ;D However, if you do find malware actually exploiting the Expansion ROM successfully, please let me know and I'll make sure we do a detailed public analysis of it notify the other vendors as well :)

-{ Quote: "Hi Joe

No, I am fairly certain that it was not infected. I ran a scan with SAS, MBAM, KIS & CureIt...all turned up negative.

As I said, the only thing that was different from the system that I have ben running Edge on since it was released is the MS Update for IE7. Weird or what.???" }-

That is quite odd... really not sure what would cause it. By any chance had you made a shortcut anywhere on the system to Edge?

These do not make me feel at ease.
Moved to here- http://www.wilderssecurity.com/showthread.php?p=1370646#post1370646

-{ Quote: "That is quite odd... really not sure what would cause it. By any chance had you made a shortcut anywhere on the system to Edge?" }-
Hi Joe

Nope...no shortcut that I can find. Have yet to reapply the MS Update. As soon as I do I will post back with the result. Will probably be when I am on holiday over the festive break.

If there is anything that you would like me to try/information you require do not hesitate to either post back on this subject or PM me. I will assist if I can.

Cheers



Baldrick;)

On boot today, the Edge icon is not in the system tray - although there are 2 Prevx processes running.

I suppose it's working? ???

-{ Quote: "On boot today, the Edge icon is not in the system tray - although there are 2 Prevx processes running.

I suppose it's working? ???" }-

Just to throw out a guess, I'd tend to think that it could be that the Edge GUI tried to load before Explorer loaded so there was no place to put the icon. I'll be sure that we anticipate this in the next release :)

-{ Quote: "Just to throw out a guess, I'd tend to think that it could be that the Edge GUI tried to load before Explorer loaded so there was no place to put the icon. I'll be sure that we anticipate this in the next release :)" }-

Thanks. :)

-{ Quote: "On boot today, the Edge icon is not in the system tray - although there are 2 Prevx processes running.

I suppose it's working? ???" }-
Yup, had the same here too a couple of times recently. Seems to be working though and corrects itself on next reboot.:D

-{ Quote: "We are also in the process of being tested by various independent organizations, so, feel free to just wait until they release their reviews if you want :)" }-

i know it's only been a little more than a month since Edges' release, but do you have a status on any of these professional independent test?


Mike

-{ Quote: "i know it's only been a little more than a month since Edges' release, but do you have a status on any of these professional independent test?" }-

I haven't heard anything back thus far, but as soon as I do, I'll make a post here :)

Hi,

i have few questions about PrevX Edge.
If i have SAS PRO running in realtime, then could i replace them by PrevX Edge? does Prevx E. have spyware scaner?

second question - if my one-year license for PrevX Edge will the end then what happens if i will not renew them?

With the eval version sometimes (better say regularly) after booting:

XP SP3 full updated
NOD32
Norton Antibot
Online Armor free

The Prevx Edge icon is there, but with a black dot in the middle, instead of the usual green one. It stays that color, unless I right click the icon and select 'Scan my computer'.
It then does a scan and after that the dot in the icon goes green, like it should be. (off course only when your system is clean! ;D ).

Now with the paid version it happened again one time in the last four or five days I'm using it as a paid version.

I'm not sure but I have a feeling it has something to do with interacting with NOD32 starting up and possibly the Wifi in this Notebook (Acer TravelMate 6465WLMi): I never use the Wifi and off course it's turned off with the notebooks hardware switch on the front panel. While booting Windows always comes up with a balloon 'Wifi not available, blah blah blah'. (as if I didn't know that, I switched the bloody thing off myself because I don't need that.)

This Wifi crap always delays the booting process, NOD32 is another one (only a very very slight delay while it is updating during the boot process of Windows), so these could potentially interact or clash somewhere, fighting which each other who comes first. Just my thoughts, I could be completely wrong of course...

The icon problem of Prevx Edge is not a big deal for me, but nevertheless I would like to see it not happening. When it doesn't happen, during boot somewhere in the process Prevx Edge displays a nice little balloon in the right hand corner stating it did its work. (nice BTW)

Weird IMO.

I just disabled the Wifi in The Network Connections window for now, so it doesn't get started when I boot up. I'll see how it behaves now for a couple of days.

-{ Quote: "I just disabled the Wifi in The Network Connections window for now, so it doesn't get started when I boot up. I'll see how it behaves now for a couple of days." }-

I think this is related to the issue which Biscuit described, but its hard to say - I've personally never seen this happen, but we're working on testing to see if we can reproduce any of it.

FWIW: Self protection is not enabled. (If I enable that I get other problems with Prevx from which I've read about in this thread.)

Until now all is well. I'll keep an eye (or two ;D ) on it and report back the moment it misbehaves itself. Albeit I have full trust in it now.

-{ Quote: "Hi,

i have few questions about PrevX Edge.
If i have SAS PRO running in realtime, then could i replace them by PrevX Edge? does Prevx E. have spyware scaner?

second question - if my one-year license for PrevX Edge will the end then what happens if i will not renew them?" }-

You can always use both programs - Edge is compatible with SAS (although Edge does have an advanced spyware scanner built in, but it's always useful to layer security :))

We do not automatically re-charge after your license expires so after Edge expires, it will revert to just scanning your system (not protecting).

-{ Quote: "Morning Joe,
Clicked on Help & FAQ's under Tools & Settings last night and got this pop-up:

Is this a known problem or confined to my particular machine? This is reproducible every time I click on Help & FAQ's.
Prevx restarts on its own about 30 secs or so later leaving two icons in the system tray." }-

Two weeks down the line, any news on this conflict between Edge and GeSWall. Has this been resolved or is it still being looked at?

Edit: Didn't realise the screenshot wouldn't show up.
See post's 1095, 1099, and 1101 - 1106 for reference.

Hello,

I've been trying to use the Advanced Scanning in Tools and Settings but it isn't working. It progresses time wise but no file progress (%0) for 5 min. Clicking cancel it changes to Abort from Scanning and time progresses for 5 min. Then, I click close and the whole computer freezes, nothing accessible via input devices. No ctl+alt+del, no mouse, nothing. I have tried the right click on tray icon and that freezes the computer also.

-{ Quote: "Hello,

I've been trying to use the Advanced Scanning in Tools and Settings but it isn't working. It progresses time wise but no file progress (%0) for 5 min. Clicking cancel it changes to Abort from Scanning and time progresses for 5 min. Then, I click close and the whole computer freezes, nothing accessible via input devices. No ctl+alt+del, no mouse, nothing. I have tried the right click on tray icon and that freezes the computer also." }-

Hi,

thank you for your report :) We're already working to fix this issue.

Indeed, this will be fixed in the next release that will come along with a number of improvements too. It'll be released soon.

-{ Quote: "Two weeks down the line, any news on this conflict between Edge and GeSWall. Has this been resolved or is it still being looked at?

Edit: Didn't realise the screenshot wouldn't show up.
See post's 1095, 1099, and 1101 - 1106 for reference." }-

Hello,
(Sorry I missed your post) This is an unavoidable problem from our end. The other product which I'm aware of which is causing this is Pareto AntiSpyware. When Edge tries to open up the browser window, it has a long querystring (of ~200+ characters). This is overflowing the buffer of the injected DLL from the other security software and therefore causing it to look like Edge is the crashing program.

There isn't a whole lot we can do at the moment to prevent this, however, we have put in some small measures to shrink the querystring a bit to hopefully stay within their buffer but this new version is not released yet.

-{ Quote: "Hello,
(Sorry I missed your post) This is an unavoidable problem from our end. The other product which I'm aware of which is causing this is Pareto AntiSpyware. When Edge tries to open up the browser window, it has a long querystring (of ~200+ characters). This is overflowing the buffer of the injected DLL from the other security software and therefore causing it to look like Edge is the crashing program.

There isn't a whole lot we can do at the moment to prevent this, however, we have put in some small measures to shrink the querystring a bit to hopefully stay within their buffer but this new version is not released yet." }-

Joe,
Thanks for your answer, I assume that the way in which GeSWall isolates processes etc. has some bearing on this behaviour? However as long as there is no impact on the protection that Edge provides I am OK with this as I can always open the help file when it is finished from the Prevx home page instead of the Edge GUI.
Also, I have seen it mentioned in another thread here at Wilders that Edge is to incorporate an undo/rollback process. (Wasn't this available in Prevx 2.0) Is this already a part of Edge or still to be implemented?

I hear there are some neat things coming.;) Where will it end.8)

-{ Quote: "Joe,
Thanks for your answer, I assume that the way in which GeSWall isolates processes etc. has some bearing on this behaviour? However as long as there is no impact on the protection that Edge provides I am OK with this as I can always open the help file when it is finished from the Prevx home page instead of the Edge GUI.
Also, I have seen it mentioned in another thread here at Wilders that Edge is to incorporate an undo/rollback process. (Wasn't this available in Prevx 2.0) Is this already a part of Edge or still to be implemented?" }-

Hello,
We have confirmed that the GeSWall incompatibility will not affect Edge's protection at all (just a bit of usability for visiting the help file/homepage).

Edge can rollback files which it cleans up, but it still does not have the feature to rollback all changes made by a certain program. This is in the making still but will not make the next update, but I'll post when it finally is finished :)

-{ Quote: "I ear there are some neat things coming.;) Where will it end.8)" }-

It won't end for quite some time ;D The changes in the next release aren't very visibly interesting but we've been doing a boatload of under-the-hood improvements and optimizations.

We've also been adding compatibility for some very old OS's to CSI (Edge support to come soon after). The next release of CSI will support NT4, 98, ME, 2000, XP, 2003, Vista, 2008, and we've had positive early reports about compatibility with Win7 as well ;D

(However, support is still limited to 32bit OSs but 64bit is coming soon :))

I've just uploaded Shodown 5 which tests PrevX Edge, Rising and Kaspersky.

http://www.youtube.com/watch?v=kI-ouSutFlI&fmt=18

~interact

-{ Quote: "I've just uploaded Shodown 5 which tests PrevX Edge, Rising and Kaspersky.

http://www.youtube.com/watch?v=kI-ouSutFlI&fmt=18

~interact" }-

Hello,
Could you please send me the 4 undetected samples? I will see why they were not found.

However, testing Edge with the internet off is a completely flawed test as Edge depends on the internet to detect new threats (by removing the internet you are essentially testing a standard AV with no heuristics or definition bases... which doesn't leave any product with much ;D)

Can't wait for the new update :thumb:

-{ Quote: "I've just uploaded Shodown 5 which tests PrevX Edge, Rising and Kaspersky.

http://www.youtube.com/watch?v=kI-ouSutFlI&fmt=18

~interact" }-

Sorry to say this, but I watched your shodown 1 through 5 and your tests are bad. You show no configuration settings, you test products like WinPatrol and Defensewall like anti-virus software, yet these products work totally different. And you test certain products, like Prevx, in a wrong way. Prevx makes use of in-the-cloud technology, so all the scanning and detecting is done at the Prevx servers and not at your local computer, so cutting of the internet connection for anti-malware programs that fully use in-the-cloud technology is really not fair.

The tester knew what he was doing. That's why he tested Prevx Edge without internet access, knowing in advance what the outcome would be. Viewers without knowledge of Prevx architecture would come away with a negative impression.
No one would call Winpatrol or Defensewall an anti-virus.

-{ Quote: "The tester knew what he was doing. That's why he tested Prevx Edge without internet access, knowing in advance what the outcome would be. Viewers without knowledge of Prevx architecture would come away with a negative impression.
" }-

Exactly, and I don't think that's fair to Prevx. It's like testing what the fastest and safest webbrower would be.... on a computer with no internet connection...

And he never showed his heuristics settings before the test. How do we know he didn't purposely dial them down low before the tests. But as has been pointed out. He did the test against Defensewall without even adding the samples to "untrusted" and he ran the same test against Winpatrol, which isn't even an antimalware detector so I echo Ilya's rating of his tests....0.

I have used Edge since it was in Beta. I am more than happy with the job it has been doing for me. Often stopping stuff that just breezes by antivirus and antimalware detectors. It is one piece of security software that I just won't run my computer without.

I to stick up for edge..:thumb:

I agree.. I think the new Prevx + CIS will be the ultimate security for a low price.

I have a couple more questions about Prevx:

1) Does it have some kind of attacks signature database? Kind of like an IDS?

2) Does it whitelist government spyware? I'm not in any kind of trouble, but this is something I like to know if possible.

-{ Quote: "I have a couple more questions about Prevx:

1) Does it have some kind of attacks signature database? Kind of like an IDS?

2) Does it whitelist government spyware? I'm not in any kind of trouble, but this is something I like to know if possible." }-

Hello,
We use many millions of signatures online as well as thousands of heuristic signatures, global analytical rules, and dozens of other analytical techniques all employed on our servers to analyze programs and their behavior. While we don't directly function like a network IDS, we look for exploit signatures similarly to an IDS within programs to identify malicious software.

As far as I can tell, we do not whitelist government spyware. Actually, if the government was to try and use a targeted spyware attack against a small group of users, Edge would block it completely heuristically just because of it being a unique program with suspicious behavior appearing on a small number of systems ;D

-{ Quote: "Exactly, and I don't think that's fair to Prevx. It's like testing what the fastest and safest webbrower would be.... on a computer with no internet connection..." }-

I agree :) There have been many tests which try and show our effectiveness when offline.... but that is conceptually not going to work with Prevx. Frankly, in probably 6 months, it won't work for any other antivirus product either - I wager that most products will be offering a majority of their protection from the cloud. It simply is not a viable option to try and have every single customer PC update once every 5 seconds to catch the newest malware.

AVs currently pushing out updates at ~15 minute intervals are essentially requiring a constant internet connection as we do. Our whitelist is huge so you do not need a constant internet stream as we only have to scan unknown programs and a vast majority of all programs on every user's PC are known good and trusted.

I think this tester is confusing Edge with an offline HIPS product. Sure, Edge could throw up a big "Block" popup every time a user tried to run a program or open a file.... but is that security? And, at what point do overly active HIPS products lose any benefit of security which they offer?

-{ Quote: "Sure, Edge could throw up a big "Block" popup every time a user tried to run a program or open a file.... but is that security? " }-
there are alot of softwares that do exactly this, they block everything, show warnings for everything, detect everything and people call it proper protection and security.

People look at these softwares, see that it detects and shows pop ups on their tests and then claim its the best,

..... its a shame. ::)

that first line, says it perfectly... its almost word for word what drweb told me many many months ago when looking into the HIPS market.

which is why edge is sooo much better, its more automatic, and how it should be, although im sure there is room for improvement. :D

-{ Quote: "there are alot of softwares that do exactly this, they block everything, show warnings for everything, detect everything and people call it proper protection and security.

People look at these softwares, see that it detects and shows pop ups on their tests and then claim its the best,

..... its a shame. ::)

that first line, says it perfectly... its almost word for word what drweb told me many many months ago when looking into the HIPS market." }-

This is exactly what we realized as well. We had been focusing very extensively on classical client-side HIPS technology for the first products we developed but we have learned that this technique is a bit of a "dead end". Yes you can block 100% of malware, but also 100% of updates of good software, 100% of system components, and conveniently prevent 100% of usability in the system ;D

A standard AV is very silent compared to a HIPS product which is what makes it a viable component of security for the average user. However, every AV is conceptually flawed in the fact that it is reactive to new threats and immediately outdated the instant it updates. The challenge is then to find the happy medium between blocking every single program in the world and allowing every single program in the world to run without prompt. The average user (and by average I mean 99% of users) does not want to learn about security. The reason we have computers is to make our lives easier, not to create a steep learning curve where everyone has to learn what "dll injection" is to just stay safe! ;D

Tests like this latest one definitely do not help user education because they portray an ideal security product as one which can protect with no access to the internet and no updates.

Without a community based solution, I honestly don't see how tackling today's threats can be done. Even us at Prevx, being AFAIK the first player in the "community" protection world working on our protection for ~8 years, have only just now started to really nail down all of the aspects of it and get a viable solution out that can be used by the masses.

I think the road ahead will become quite rocky for many companies that are forced to stick to the status quo.

Talking about beeing offline... Imagine: Visiting a friend, plugging in his infected usb-drive and your notebook has no internet access...

So here is an idea: Add an option, that Edge blocks (or queries) the execution of any locally unknown executable while the internet is unavailable.

That would keep me always safe, and I'm not left alone by my favorite security application.

What do you think about that?

-{ Quote: "Talking about beeing offline... Imagine: Visiting a friend, plugging in his infected usb-drive and your notebook has no internet access...

So here is an idea: Add an option, that Edge blocks (or queries) the execution of any locally unknown executable while the internet is unavailable.

That would keep me always safe, and I'm not left alone by my favorite security application.

What do you think about that?" }-

Hello,
We are working on something very similar to this :) We will be locking down various areas of the system when offline and showing a not-so-threatening prompt when opening a program.

As Windows doesn't give you a prompt to not run a program when inserting a USB key, we think this would be a useful addition when offline.

It's sad really that Prevx has been 'shown' to be poor on the basis of flawed testing methodology for as long as it's existed.To quantify it without taking into consideration its most important facet,the community/cloud-based protection is frankly meaningless and reflects badly upon the so-called tester.::)

Watching B-Rated movies like that, one would think would be above the intelligence or curiousity level, of most here. It isnt about just Prevx. Take DefenseWall. He tested it totally incorrectly for what the program was intended.

Are we that hungry for positive and/or negative results on products we like and dislike. How can you rate a person like that, over some of the most astute people in the field of security that are members here.

I dont know. I guess that is just the way it is.

-{ Quote: "Hello,
We are working on something very similar to this :) We will be locking down various areas of the system when offline and showing a not-so-threatening prompt when opening a program.

As Windows doesn't give you a prompt to not run a program when inserting a USB key, we think this would be a useful addition when offline." }-
That's good. :thumb:

Finally have Prevx Edge installed. Running some tests here with Avira v9 beta.
First impression is great. Running smooth together

Just renewed my PX 2 license, file verifying after a full scan is kinda long n the noise coming from my silent samsung hd during the scan wasnt pleasant but considering the techno. n support am a happy camper.

I got a Edge 20% discount code, am i allowed to share it amongst friends?

-{ Quote: "Just renewed my PX 2 license, file verifying after a full scan is kinda long n the noise coming from my silent samsung hd during the scan wasnt pleasant but considering the techno. n support am a happy camper.

I got a Edge 20% discount code, am i allowed to share it amongst friends?" }-

It depends where you got the discount code from but in most cases, I don't think we're going to intentionally prevent you from using it :)

Also, if interested, you can upgrade from Prevx2 to Edge for free :)

-{ Quote: "-{ Quote: "It depends where you got the discount code from" }-

From Prevx Support ;D

-{ Quote: "but in most cases, I don't think we're going to intentionally prevent you from using it :)" }-

Uhhh duhh, Yall gave it to me to use it not have a look at it n say Syke! ;)

-{ Quote: "Also, if interested, you can upgrade from Prevx2 to Edge for free :)" }-

I am, as soon as Edge is compatible with my OS i will upgrade

Ok bugnote, after the verifying has been done PX will for some reason unleash a process scan in an endless loop. Ive reported this in before! >:(

Ok finally GameSpyArcade wich was being wrongfully (imo) being flagged has been removed from your database :thumb:

-{ Quote: "-{ Quote: "

From Prevx Support ;D



Uhhh duhh, Yall gave it to me to use it not have a look at it n say Syke! ;)



I am, as soon as Edge is compatible with my OS i will upgrade

Ok bugnote, after the verifying has been done PX will for some reason unleash a process scan in an endless loop. Ive reported this in before! >:(

Ok finally GameSpyArcade wich was being wrongfully (imo) being flagged has been removed from your database :thumb:" }-

The Prevx2 process scan is a known issue which happens on "some" computers... on a majority of computers it works fine, but in a small subset of users it does loop for quite a while.

We are still working on 64bit support :) Don't worry - It is coming shortly :)

-{ Quote: "

-{ Quote: "The Prevx2 process scan is a known issue which happens on "some" computers... on a majority of computers it works fine, but in a small subset of users it does loop for quite a while" }-.

Then how about you come and investigate my computer on remote acces like youv done with many others and track down the lil bugger for me and those "few" others out there?

Note the endless loop wasnt that endless cus it just ended by itself but it shouldnt have run in the first place so there is somethingh that is causing to trigger it even when not needed so extra resources are being used for squat <--- def sumtin that should be looked at

-{ Quote: "We are still working on 64bit support :) Don't worry - It is coming shortly :)
" }-

I believe you, thats y i went ahead with the renewal even though i never renewed anythingh b4 :P

-{ Quote: "
Then how about you come and investigate my computer on remote acces like youv done with many others and track down the lil bugger for me and those "few" others out there?
" }-

It's a relatively intricate issue and at this point we're recommending that anyone with the problem just upgrade to Edge (however in your case that isn't exactly possible at the moment).

IMO it might be best if you just try uninstalling and reinstalling fresh again - that tends to work for most users who come across this issue.

-{ Quote: "It's a relatively intricate issue and at this point we're recommending that anyone with the problem just upgrade to Edge (however in your case that isn't exactly possible at the moment).

IMO it might be best if you just try uninstalling and reinstalling fresh again - that tends to work for most users who come across this issue." }-

Upgrading or reinstalling isnt exactely the way to professionaly deal with bugs, just my 2 cents

Havtn run PX in w while but it's fun coming back to be a low priority user again ;)

-{ Quote: "
I got a Edge 20% discount code, am i allowed to share it amongst friends?" }-

You actually mean you have some.;)

Prevx 2 is dead. Move up man, move up.:)

As a software developer of a product that has been scanned and found to be clean by every service which has tested it, I have to wonder on what basis prevx-csi labels it as possible malware? Is there, in fact, some actual testing you have done which has shown it to be malware, or do you just label everything/anything you're not sure of as possible malware?

If the former, please contact me and let me know what tests were run. If the latter, shame on you.

Berry Taylor
NoteFrog.com

-{ Quote: "As a software developer of a product that has been scanned and found to be clean by every service which has tested it, I have to wonder on what basis prevx-csi labels it as possible malware? Is there, in fact, some actual testing you have done which has shown it to be malware, or do you just label everything/anything you're not sure of as possible malware?

If the former, please contact me and let me know what tests were run. If the latter, shame on you.

Berry Taylor
NoteFrog.com" }-

We obviously analyze samples before reporting them as bad, otherwise we would have some million very unhappy customers :) Chances are, your software has some characteristic which is similar to known malware and this is what is causing it to be flagged.

Please send me a PM with a download link to your software and I will get it sorted immediately.

(Also, if its any consolation, every revision of our software which we put out gets flagged by a half dozen AVs - false positives are an unavoidable consequence to heuristic analysis)

Thanks for the quick response.

PM sent.

Will let you all know the findings.

Thanks again.

cheers

-{ Quote: "Thanks for the quick response.

PM sent.

Will let you all know the findings.

Thanks again.

cheers" }-

Hello,
I've corrected the false positive - this may happen from time to time on brand new software. When you ran this program, you were literally the first person to ever use it in the Prevx Community which is a very suspicious act for software. In cases like this, we generally recommend that software developers send us a link to download their release software and we will get it whitelisted immediately, or, our database will almost always whitelist it automatically as soon as it gets enough data about the program from a handful of users (size varies depending on the file of course).

Please let me know if you have any further questions or if you have any future version which you would like whitelisted :)

Been following with interest this thread: particularly the recent test from interact for which there has been some partially correct blowtorching.

The major defeciencies in some of the tests not withstanding, there are some legitimate unanswered questions: why did Edge miss those 4 viruses when connected ??.
Why did CSi detect only 1. ?

At least 2 of The much criticised black list scanners got 10 !! ::)

-{ Quote: "Could you please send me the 4 undetected samples? I will see why they were not found" }- ?? ?? Any comments yet.
What about the apparent gross failure of CSI ??

While I agree with most of the general comments re Hips and pop-ups, I have done some of my own testing with OA and PX2 with a blacklist scanner backup and find their solution to be more reassuring than an invisible process.
I guess the same would apply to GESWall.

Try not to punch people out who might find some issues to address, rather work together.

@Eraser & PrevX Help
Is this consistent with no HIPS functions in Edge unless connected to www, or in fact none at all, rather a cloud based database scanner??
Hope your servers are nice and robust ;)

I dont want to start a flame war but this smells a bit of PrevX's previous issues where marketing hype did not always equate to test results.

Has prevx paid for any independent testers to give the evolving Edge a run yet??
Roll on AVC, cant be that hard to get them to do a test and release the results can it, Andreas always looking for a bfew extra $$
Have to be transparent mind ;D .-{ Quote: "Prevx 2 is dead" }-Not just yet baby, not yet.:)
Regards.

-{ Quote: "Hello,
I've corrected the false positive - this may happen from time to time on brand new software. When you ran this program, you were literally the first person to ever use it in the Prevx Community which is a very suspicious act for software. In cases like this, we generally recommend that software developers send us a link to download their release software and we will get it whitelisted immediately, or, our database will almost always whitelist it automatically as soon as it gets enough data about the program from a handful of users (size varies depending on the file of course).

Please let me know if you have any further questions or if you have any future version which you would like whitelisted :)" }-

Many thanks for your assistance. I'm not exactly sure what you mean by "When you ran this program, you were literally the first person to ever use it in the Prevx Community" since I have never run it in the Prevx community, but was merely inquiring as to the online report which reported -

NOTEFROG.EXE has been seen to perform the following behavior:

Can communicate with other computer systems using HTTP protocols - it has the ability to access the site for online help.
Can Send email using SMTP protocols - No
This Process sends MIME Email - No
Creates system tray popups, messages, errors and security warnings - No
NOTEFROG.EXE has been the subject of the following behavior:

Created as a process on disk - it's an executable program downloaded and installed
Executed as a Process - it's an executable
Has code inserted into its Virtual Memory space by other programs - not to my knowledge
Deleted as a process from disk - not to my knowledge

None of which is a true and valid assessment of it's behavior.

cheers

Berry Taylor
NoteFrog/ClipGuru developer

Hello Longboard,
interact has yet to respond to me or send me the missed samples so its hard to judge at this point, but 4 samples doesn't exactly define a product ;D

interact mentioned that the samples were modified so the jury is still out on whether they are actually malicious still. Many scanners find corrupted samples, we choose not to. We detect real threats rather than go after garbage, corrupted, or non-malicious samples.

CSI and Edge use the same back end database so honestly I'm not sure why CSI would miss them... hate to say it, but it was most likely a flaw in testing methodology which caused CSI to miss them. CSI doesn't scan your entire system as every single file in your system is not a threat to your system. How can we be certain that interact's samples actually infected the system? We cannot. The other AVs merely warned that the program was going to start - not much of a test at all really, especially of an ondemand scanner. CSI was developed to give a very fast opinion on a system, not to painstakingly waste the time of the user by scanning 500,000 files, of which 99.9999% are completely clean. We have a great deal of highly tuned algorithms which analyze the disk, registry, and memory for rootkits and then subsequently scan the registry and "threatening" programs for malware.

Our servers are completely redundant and highly fault tolerant. Granted, nothing is infallible but we've got a boatload of architecture behind us.

We haven't paid independent testers to give Edge a run yet and personally I don't think that AVC/AVT are going to be a correct test for Edge at all due to the conceptual divide between their test methodology and our technology.

As for OA making you feel more secure - that's definitely a possibility for some users. Frankly, I much prefer silent security but there are some users (many here ;D) which do prefer notifications on every system event and we do not offer that anymore. Requiring users to decide is a technologically flawed concept and that is why we require the database back end, which contains information from millions of customers (anonymously ;D) and can make a much MUCH better informed decision than a single user clicking 'Block' or 'Allow' can.

Hate to say it, but we all make mistakes and based on the sheer number of decisions created by HIPS products, users tend to make statistically more mistakes when prompted with more popups to act upon :)

If you can teach my mom what dll injection is then I will be a firm believer that HIPS are for the masses.

-{ Quote: "Many thanks for your assistance. I'm not exactly sure what you mean by "When you ran this program, you were literally the first person to ever use it in the Prevx Community" since I have never run it in the Prevx community, but was merely inquiring as to the online report which reported -

NOTEFROG.EXE has been seen to perform the following behavior:

Can communicate with other computer systems using HTTP protocols - it has the ability to access the site for online help.
Can Send email using SMTP protocols - No
This Process sends MIME Email - No
Creates system tray popups, messages, errors and security warnings - No
NOTEFROG.EXE has been the subject of the following behavior:

Created as a process on disk - it's an executable program downloaded and installed
Executed as a Process - it's an executable
Has code inserted into its Virtual Memory space by other programs - not to my knowledge
Deleted as a process from disk - not to my knowledge

None of which is a true and valid assessment of it's behavior.

cheers

Berry Taylor
NoteFrog/ClipGuru developer" }-

Ah ok, I misunderstood what version you meant. It's going to take me a bit to find the copy of the program within our database to change that page but I'll get it sorted :)

-{ Quote: "Many thanks for your assistance. I'm not exactly sure what you mean by "When you ran this program, you were literally the first person to ever use it in the Prevx Community" since I have never run it in the Prevx community, but was merely inquiring as to the online report which reported -
" }-

There - it should be corrected now :) Sorry about that. It now says "Currently Being Reviewed" rather than malicious - it looks like we detected a copy of your software which was infected with an executable file infector and then we correlated it back to the filename notefrog.exe and therefore made it look like it was your software to blame :(

Again, my apologies for the false positive - filenames aren't a very reliable way to search for a file but average users aren't very adept at memorizing 128+ bit mathematical hashes so this will have to do for now ;D

-{ Quote: "@Eraser & PrevX Help
Is this consistent with no HIPS functions in Edge unless connected to www, or in fact none at all, rather a cloud based database scanner??" }-
thanks for response
Did i miss the answer to the above?

-{ Quote: "thanks for response
Did i miss the answer to the above?" }-

The HIPS components in Edge report the behaviors to the database where the database then analyze the behaviors and return the response (as well as all of the other pieces of information, etc. etc. :))

It is a HIPS in the sense that it uses the same data as a HIPS does but it is different in the sense that it doesn't let the user then act on each individual piece of data.

Ta:thumb:

Found a review of Prevx Edge : (german)
http://www.pcwelt.de/start/sicherheit/antivirus/tests/190271/prevx_edge/

I think they haven't got a clue what Prevx Edge does and what it is for, and what it is NOT for. :thumbd:

These guys need to be cleared up if you ask me.

here is the translation

here (http://translate.google.com/translate?u=http%3A%2F%2Fwww.pcwelt.de%2Fstart%2Fsicherheit%2Fantivirus%2Ftests%2F190271%2Fprevx_edge%2F&sl=de&tl=en&hl=EN&ie=UTF-8)

clearly shows just how much mr marx knows...... ::)

and seriously, what kind of review is this... ive seen more informative reviews on top10reviews

and he says he tested it?.. how? against what?.... the only thing he mentions is the wildlist, which is completely BS!

-{ Quote: "clearly shows just how much mr marx knows...... ::)

and seriously, what kind of review is this... ive seen more informative reviews on top10reviews

and he says he tested it?.. how? against what?.... the only thing he mentions is the wildlist, which is completely BS!" }-

It's also interesting that no one let us know about this review and no one sent us any samples which we missed - something that they do for every other AV test (the testers send the samples to the companies to let them know what they've missed).

As we have data on every sample, it would be very interesting to see how "wild" the often-criticized wildlist samples really are ::)

-{ Quote: "It's also interesting that no one let us know about this review and no one sent us any samples which we missed - something that they do for every other AV test (the testers send the samples to the companies to let them know what they've missed).

As we have data on every sample, it would be very interesting to see how "wild" the often-criticized wildlist samples really are ::)" }-

And, moreover, there isn't *any* technical description about how they have run the test and how the heuristic detection has been tested and, still, which program settings have been used. As far as I know anyone of us received any email from Andreas Marx.

Now this is really interesting.

There seems sto be some links missing on that article.
::) AM does in fact have some cred
Maybe have to subscribe to get the links to the "notes"

-{ Quote: "And, moreover, there isn't *any* technical description about how they have run the test and how the heuristic detection has been tested and, still, which program settings have been used. As far as I know anyone of us received any email from Andreas Marx.

Now this is really interesting." }-

You must feel like you're banging your head against a brick wall with these 'tests'.::)

-{ Quote: "You must feel like you're banging your head against a brick wall with these 'tests'.::)" }-

Luckily EraserHW has some brain cells to spare ;D

Andreas Marx is one of the foremost AV testers, which is why this is so jarring and surprising to us :-\

-{ Quote: "Luckily EraserHW has some brain cells to spare ;D

Andreas Marx is one of the foremost AV testers, which is why this is so jarring and surprising to us :-\" }-
Not entirely true. There are plenty here that feel placing the label,"foremost AV testers" is totally inaccurate. The validity of his testing methods have been debated here for years.

Not going to stop me from using it.

The reality is, until their is quite a bit of testing done by numeous whatevers, you will not be able to draw a conclusive pattern for the ability of Edge. Some will show it low, some high. The key over time will be to see where the consistent level is. I have seen Avira ranked poorly at one testing site, , but I knew it was crap because the concensus of all put together, showed it to be great.

So it is good the testing has begun, but really, it will take quite a few more to start showing a distinctive pattern. I know it is good, and in the end, that is really all that matters.

Yep, and it isn't going to stop me from using it either. ;D They would have to gun me down and take it from me.

-{ Quote: "Not entirely true. There are plenty here that feel placing the label,"foremost AV testers" is totally inaccurate. The validity of his testing methods have been debated here for years." }-
I agree since surely it's a pre-requisite for any meaningful test of an application that the test is performed in as close to a real world scenario as possible.

I sincerely thank all of you for your kind words and objective opinions to look past a test :)

Regardless of what testing organizations say about Edge, we are confident it will be a success and we are going to continue working adamantly on it, constantly rolling out new technology and improving performance.

If one of these tests does find a legitimate flaw or mistake or missed detection in Edge, I will be the first person to admit it here and we will immediately take the appropriate measures to fix it promptly.

The flaw with a lot of current AV testing is that it assumes that the priority of every AV company is to find the infamous WildList samples. Frankly, those samples are old, outdated, and hardly Wild compared to the threats which are ACTUALLY affecting users. With thousands of new threats coming out every day, how can a two-month-old list of 378 samples, which are conveniently distributed to the AV vendors, accurately assess the security of the products being tested :-\

I'm also fairly sure, based on user complaints and forum posts, that XP Antivirus and the other rogue AVs are "relatively popular" infections (affecting literally hundreds of thousands or millions of users) with thousands of variants each... where are those samples in the latest WildList? ???

The other flaw is the flaw in on-demand testing. Granted, some organizations are working on improving this and discussing the possibility of performing tests more akin to today's protection but most testing still consists of right clicking on the folder and selecting 'Scan', which doesn't include any actual protection, realtime analysis, etc.

And the final flaw in my mini-rant is the flaw in detecting old threats. Large sample collections of 1 million+ samples (most of which are 6+ months old!!) do NOT represent the strength of an AV. Sure, we could go out an write an AV which finds these 1 million old samples but how long does the average infection last and how many of those samples would really be affecting users? The average infection today is lasting a mere handful of hours rather than 6 months. To be fair, infections used to last much longer (and some old ones are still trickling around on newsgroups, etc. but they are well covered) However, antivirus products have gotten better so infections had to get better and malware authors are no longer motivated only by creativity - they want to make $$$ and you do that by being fast and dynamic.

No test of a large collection of antiquated/dead malware will properly assess the effectiveness of today's AV.

*Steps off soapbox* ;D

-{ Quote: "Not entirely true. There are plenty here that feel placing the label,"foremost AV testers" is totally inaccurate." }-"Plenty" you say? Have you taken a poll?

{TR, I have told you a million times -- "Do not exaggerate!" 8)}

-{ Quote: "I sincerely thank all of you for your kind words and objective opinions to look past a test :)

Regardless of what testing organizations say about Edge, we are confident it will be a success and we are going to continue working adamantly on it, constantly rolling out new technology and improving performance.

If one of these tests does find a legitimate flaw or mistake or missed detection in Edge, I will be the first person to admit it here and we will immediately take the appropriate measures to fix it promptly.

The flaw with a lot of current AV testing is that it assumes that the priority of every AV company is to find the infamous WildList samples. Frankly, those samples are old, outdated, and hardly Wild compared to the threats which are ACTUALLY affecting users. With thousands of new threats coming out every day, how can a two-month-old list of 378 samples, which are conveniently distributed to the AV vendors, accurately assess the security of the products being tested :-\

I'm also fairly sure, based on user complaints and forum posts, that XP Antivirus and the other rogue AVs are "relatively popular" infections (affecting literally hundreds of thousands or millions of users) with thousands of variants each... where are those samples in the latest WildList? ???

The other flaw is the flaw in on-demand testing. Granted, some organizations are working on improving this and discussing the possibility of performing tests more akin to today's protection but most testing still consists of right clicking on the folder and selecting 'Scan', which doesn't include any actual protection, realtime analysis, etc.

And the final flaw in my mini-rant is the flaw in detecting old threats. Large sample collections of 1 million+ samples (most of which are 6+ months old!!) do NOT represent the strength of an AV. Sure, we could go out an write an AV which finds these 1 million old samples but how long does the average infection last and how many of those samples would really be affecting users? The average infection today is lasting a mere handful of hours rather than 6 months. To be fair, infections used to last much longer (and some old ones are still trickling around on newsgroups, etc. but they are well covered) However, antivirus products have gotten better so infections had to get better and malware authors are no longer motivated only by creativity - they want to make $$$ and you do that by being fast and dynamic.

No test of a large collection of antiquated/dead malware will properly assess the effectiveness of today's AV.

*Steps off soapbox* ;D" }-

You should get together with Melih at Comodo,he's been saying exactly the same thing for a while.Perhaps between you it'd be possible to create a more realistic testing method.

-{ Quote: "You should get together with Melih at Comodo,he's been saying exactly the same thing for a while.Perhaps between you it'd be possible to create a more realistic testing method." }-Comodo's firewall & HIPS are excellent but its AV is still second tier. Effective AVs test well & remain silent. Those testing poorly ask for "more realistic" tests.

By the way -- I do not consider PCWelt's anecdotal test report of Edge to be unfavorable. Equivocal, yes -- but not unfavorable.

-{ Quote: "Comodo's firewall & HIPS are excellent but its AV is still second tier. Effective AVs test well & remain silent. Those testing poorly ask for "more realistic" tests.

By the way -- I do not consider PCWelt's anecdotal test report of Edge to be unfavorable. Equivocal, yes -- but not unfavorable." }-

In fairness the upcoming new version of CIS should see a huge improvement in the AV performance.As for testing though,surely they should mirror what users will actually face in the real world,rather than an artificial scenario?

Joe, love the post.

You should dig just a little deeper, it won't take you very long to find out just what these Andreas tests are, in short they are a piece of ****,

... Be warned though, no matter what you say, many people take those results as gospel, I hope, like some companys you have the balls to speak the truth, rather than ignore it, even if future results are positive for you.

I wouldn't have expected such a badly researched article at that place.

Some mistakes in short:

- The database does not depend on users' opinions, but on automated analysis.

- The on-demand scanner is intended to find active infections rather than passive malicious files.

- The performance of on-demand scanning says not much about the real-time protection capabilities, that are not based on on-access scanning, but behavior monitoring.

- If the user decides to delete a file, it is not a malicious action.

Right now, still the best out there for protection and ease of use.

Keep in mind folks, this isnt the Plug and Play forum at Wilders.;)

I have juz done a scan with avira and it have found a malware with one of the prevx file.

Anyone here can confirm is this a false postive?? i have sent the sample to avira.

Here's the log :

-{ Quote: "C:\Documents and Settings\All Users\Application Data\PrevxCSI\qc.csi
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\PrevxCSI\qc.csi
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
[WARNING] The file was ignored!


C:\Documents and Settings\All Users\Application Data\PrevxCSI\qc.csi
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\PrevxCSI\qc.csi
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
[WARNING] The file was ignored!" }-

-{ Quote: "I have juz done a scan with avira and it have found a malware with one of the prevx file.

Anyone here can confirm is this a false postive?? i have sent the sample to avira.

Here's the log :" }-

Hello,
This isn't exactly a false positive. That file houses our quarantine and we use a simplistic encoding over the infected files just to disable them but some AVs will still read the file and decrypt it.

For now, you may want to add that file to the ignore list of Avira (and maybe Kaspersky which also seems to find the file depending on the infection).

We will be making a change in the next release which should prevent the AVs from finding it.

Possible false positive:

Location: C:\Windows\WindowsMobile\sv-SE\BakRestr.dll.mui
OS: Windows Vista Ultimate SP1 32-bit Dutch
Prevx Edge: version v3.0.0.199
Category: Malicious Software
Heuristics: High

Virus Total Result:
File BakRestr.dll.mui received on 01.13.2009 20:45:17 (CET)
Current status: finished
Result: 1/38 (2.64%) Prevx1 V2 2009.01.13 Malicious Software

205429

-{ Quote: "Possible false positive:

Location: C:\Windows\WindowsMobile\sv-SE\BakRestr.dll.mui
OS: Windows Vista Ultimate SP1 32-bit Dutch
Prevx Edge: version v3.0.0.199
Category: Malicious Software
Heuristics: High

Virus Total Result:
File BakRestr.dll.mui received on 01.13.2009 20:45:17 (CET)
Current status: finished
Result: 1/38 (2.64%) Prevx1 V2 2009.01.13 Malicious Software

205429" }-

Hello,
Thank you for the report - the file is definitely a false positive (just a somewhat obscure version it looks like).

Fixed :) Please let me know if you have any further problems!

-{ Quote: "Hello,
Thank you for the report - the file is definitely a false positive (just a somewhat obscure version it looks like).

Fixed :) Please let me know if you have any further problems!
" }-

Your support absolutely amazes me, very quick and very courtious! 8)

I rescanned, and all is good now, thx! :thumb:

i am running a 29 day trial and i want to know what kind of technology prevex is suning for it's software?is it hips?behabiour blocker?or what?thanks

-{ Quote: "i am running a 29 day trial and i want to know what kind of technology prevex is suning for it's software?is it hips?behabiour blocker?or what?thanks" }-

Edge combines behavioral analysis with whitelisting, blacklisting, signature analysis, heuristics, and a view of all of the programs in the Prevx community to make its determinations. It's a combination of a lot of technologies :)

Has anyone got Prevx Edge working successfully with Online Armor 3 under Vista? There seem to be significant conflicts, resulting in CPU hangs, OA not initializing properly, Program Guard vanishing, strange OA Icon behavior, lockups, Task Manager hangs, ... I have tried it with some of the OA betas, most recently the public beta 3.1.0.12, and the conflict level looks like it has increased-it actually seemed to work OK for a brief period earlier, then nevermore. Once I uninstall Prevx Edge, everything goes back to normal.

-{ Quote: "Edge combines behavioral analysis with whitelisting, blacklisting, signature analysis, heuristics, and a view of all of the programs in the Prevx community to make its determinations. It's a combination of a lot of technologies :)" }-cool:thumb:

-{ Quote: "Has anyone got Prevx Edge working successfully with Online Armor 3 under Vista? There seem to be significant conflicts, resulting in CPU hangs, OA not initializing properly, Program Guard vanishing, strange OA Icon behavior, lockups, Task Manager hangs, ... I have tried it with some of the OA betas, most recently the public beta 3.1.0.12, and the conflict level looks like it has increased-it actually seemed to work OK for a brief period earlier, then nevermore. Once I uninstall Prevx Edge, everything goes back to normal." }-

Hello,
I'll get our internal testers working on testing Edge versus 3.1.0.12 today and let you know what we find. Sorry for the inconvenience!

-{ Quote: "Has anyone got Prevx Edge working successfully with Online Armor 3 under Vista? There seem to be significant conflicts, resulting in CPU hangs, OA not initializing properly, Program Guard vanishing, strange OA Icon behavior, lockups, Task Manager hangs, ... I have tried it with some of the OA betas, most recently the public beta 3.1.0.12, and the conflict level looks like it has increased-it actually seemed to work OK for a brief period earlier, then nevermore. Once I uninstall Prevx Edge, everything goes back to normal." }-
You can try the newest beta version of OA 3.1.0.14.

Tried Edge yet again with OA 3.1.0.14 and Vista Ultimate, and seemed to run OK for a while, until I went into sleep mode overnight. When I came out of sleep this morning, Edge problems were back so that's it for this version. Mostly nonresponsive, not direct OA problems. When I tried to ctlaltdel to see what was happening in task manager, I got the "Login Process has failed to create the security options dialog message I saw before with Edge-maybe that will help with the diagnosis. Removed Edge and things ran OK again, but still got the message-although could now get to task manager the other ways. So rebooted and back to normal again. Would still like to try a later version, but .199 has too many issues for me at this point.

Hello,
We still haven't reproduced the issues but we are working on seeing what we can do to eliminate them. We will post back here once we have some conclusive results.

Possible false positives:

Location: C:\Program Files\Conceiva\DownloadStudio\DownloadStudioDBReader.dll
OS: Windows Vista Ultimate SP1 32-bit English
Prevx Edge 3.0.0.199
Category: Malicious Software
Advanced Heuristics - Medium

Virus Total Result:
File DownloadStudioDBReader.dll received on 12.20.2008 00:53:10 (CET)
Current status: finished
Result: 1/38 (2.63%) Prevx1 Malicious Software


Location: C:\Program Files\Conceiva\DownloadStudio\wwwssl.dll
OS: Windows Vista Ultimate SP1 32-bit English
Prevx Edge 3.0.0.199
Category: Malicious Software
Advanced Heuristics - Medium

Virus Total Result:
File wwwssl.dll received on 01.04.2009 08:57:32 (CET)
Current status: finished
Result: 1/37 (2.70%) Prevx1 Malicious Software

Hello,
(I sent you a PM, not sure if you didn't receive it)

Could you save a scan log by going to Tools and Settings > Save Scan Results and then sending me the log via PM?

This will help me track down the FP :)

-{ Quote: "Hello,
(I sent you a PM, not sure if you didn't receive it)

Could you save a scan log by going to Tools and Settings > Save Scan Results and then sending me the log via PM?

This will help me track down the FP :)" }-


PM sent. The problem seems to be fixed already: no more warnings from Edge! Thanks for quick response :thumb:
BTW: Eagerly awaiting the x64 compatible version :D

My prevx edge evaluation runs a scan at bootup every time, even though in the Scan Scheduler settings I un-checked "Scan automatically after bootup" and also un-checked "If my computer is not powered on at the scheduled time, scan at the next bootup". When this did not work, I then un-checked "Enable scheduled scans", so that no scans should run at all. It still scans at bootup. I have enough things happening when the computer turns on, I don't need a scan right then. Any idea why? I'm thinking of buying a license, since the pgm seems to run nice and light, I just don't want this constantly happening.

-{ Quote: "My prevx edge evaluation runs a scan at bootup every time, even though in the Scan Scheduler settings I un-checked "Scan automatically after bootup" and also un-checked "If my computer is not powered on at the scheduled time, scan at the next bootup". When this did not work, I then un-checked "Enable scheduled scans", so that no scans should run at all. It still scans at bootup. I have enough things happening when the computer turns on, I don't need a scan right then. Any idea why? I'm thinking of buying a license, since the pgm seems to run nice and light, I just don't want this constantly happening." }-

Hello,
I'm wondering - do you have Self Protection enabled and is the scan labeled "Protective Scan Initiated"? This would tend to suggest that another program is modifying the system on top of Edge, which is fine, but Edge just runs the scan to ensure nothing has changed any core system areas.

We have, however, made some modifications to this process which will be included in the next update. If you want, I can send you a link to the test version to see if this helps fix your problem :)