Enjoy my friends, all of their products have been enhanced. Bravo Prevx.:thumb:
Prevx Edge (http://www.prevx.com/prevxedge.asp)

A special thanks goes out to all of the beta testers who dedicated a LOT of their time to help us solve some really intricate issues. If anyone has any problems/questions/concerns, please let me know.

There are a couple outstanding issues at the moment, and a couple minor features currently not included, but they will be added very soon (for instance, Windows Security Center integration)!

Note: the product explains the trial version, but if interested: the trial is time-unlimited but will not block the malware it sees during the trial (so you can essentially use it like an ondemand scanner which works in realtime).

congrats to all Prevx folk for an exceptional job! the Edge is outstanding in everyway, light, stable as a rock, and unfazed by anything i could find to throw at it.

PrevxHelp, you are truly exceptional...thank-you!


Mike

Theyyyyy're baaaaack!

Congratulations!

I hope Prevx Edge will become a BIG winner, and fully expect that it will. :thumb: :thumb: :thumb:

-{ Quote: "A special thanks goes out to all of the beta testers who dedicated a LOT of their time to help us solve some really intricate issues. If anyone has any problems/questions/concerns, please let me know." }-

Another special thanks goes to everyone who has trusted and supported Prevx and our work always during these years ;)

is this like a HIPS program or more of a behaviour blocker like mamutu?

-{ Quote: "is this like a HIPS program or more of a behaviour blocker like mamutu?" }-

Edge is a combination of a few different types of technology. At the heart of it lies our community database, where behaviors from our HIPS component are collected and analyzed. Along with these behaviors, we analyze incoming files against a whitelist and adaptive blacklist as well as a group of heuristics and various metrics to interpret its behavior and determine if it should be trusted or not.

It is not, however, a standard behavior blocker. For instance, while you can't configure it to explicitly block certain disk writes, it will analyze the overall behavior of applications to make its own determination, guided by your settings in the Edge Settings > Heuristics Settings screen.

Hope that helps :)

-{ Quote: "congrats to all Prevx folk for an exceptional job! the Edge is outstanding in everyway, light, stable as a rock, and unfazed by anything i could find to throw at it.

PrevxHelp, you are truly exceptional...thank-you!" }-

Thank you for all of your testing and support as well ;D Please let us know if do happen to break anything. Even though it is out of beta and completely released now, we will be constantly upgrading it with smarter/faster scanning and protection.

hmm sounds sorta like an ultimate suite, a HIPS, behaviour blocker and typical AV all in one :D

System Requirements ???
Can not find on website.

-{ Quote: "System Requirements ???
Can not find on website." }-

That's a very good point. We're still finishing up the website and will continue improving it over the next week.

The install is only about 900kb and requires no extra downloads (it scans using our online database of many million signatures).

To be safe, we recommend 10mb of free harddisk space, as well as 128mb of RAM. We also recommend at least a P4 processor, but it can run on very low requirements as it is quite light when running (and it can also scale up to 32+ core machines with multi-gb of RAM).

It requires a 32bit processor (currently, we will support 64bit in the coming weeks), and Windows 2000 SP4, XP SP2, 2003, or Vista.

-{ Quote: "hmm sounds sorta like an ultimate suite, a HIPS, behaviour blocker and typical AV all in one :D" }-

Yes, rather than requiring users to download a number of separate products, we have welded together a number of different technologies into one integrated database. :)

However, if you do prefer using other products or having a multilayer security setup, Edge will work alongside virtually any security setup (I say virtually because there are billions of combinations and we couldn't possibly test all of them, but we have done extensive testing against major security products).

ill give this new program a shot and see if i like it ;D maybe if i like it enuff ill replace my Mamutu with it.

1 question, does edge cover the same protection areas as Mamutu would?

-{ Quote: "ill give this new program a shot and see if i like it ;D" }-

Great ;D

If you have any questions, please let me know. We are currently in the process of writing a detailed user guide but because of the overwhelming demand to get the actual product and website released, we didn't have time to complete the documentation before the release.

-{ Quote: "ill give this new program a shot and see if i like it ;D maybe if i like it enuff ill replace my Mamutu with it.

1 question, does edge cover the same protection areas as Mamutu would?" }-
more. It is all I use and will use.

k ty, i was only curious cuz if i did choose to switch to prevx then i wanted to make sure that it wuld cover at LEAST all the same areas as Mamutu did. thx

**EDIT**

tried this out and so far im loving it, EXTREMELY light and seems like a well rounded app, will continue to test it out though. although i do wish it had a bit more custimization ability with its settings.

So, there's no real-time protection for the trial period?

REALLY?

unfortunetly, no ther is not:(

-{ Quote: "So, there's no real-time protection for the trial period?

REALLY?" }-

The trial period is definitely unique and non-standard. The benefit and reasoning behind making this choice is as follows: instead of severing all chance of any future demoing as soon as the 14 or 30 days ends, regardless of if an infection was found or not, we give the user the ability to try it out for as long as they want.

Many users may not ever encounter an infection in the standard 30 day trial of an AV and after that period, they would generally be unable to try it again - ever. Therefore, we feel that by offering an unlimited period with malware monitoring and reporting without blocking, the user will be able to get a complete feel for it and all of its idiosyncrasies.

-{ Quote: "tried this out and so far im loving it, EXTREMELY light and seems like a well rounded app, will continue to test it out though. although i do wish it had a bit more custimization ability with its settings." }-

What other customization options would you be interested in having us add? We are definitely willing to make any changes requested.

...So you will be actually able to see how your system get infected, great decision and quite unique, may I say ::)
to see how program functions I must be infected, UNBELIEVABLE

-{ Quote: "...So you will be actually able to see how your system get infected, great decision and quite unique, may I say ::)" }-

You would receive the same results when using an ondemand scanner. Services like Kaspersky's, TrendMicro's, etc. online scanners are offered to show users the detection rates of their products and to identify infections. Then, users identify the benefits of those products and purchase them.

Although it may seem non-standard, it essentially acts as a realtime ondemand scanner. Rather than needing to run a scan every day to detect malware, you are able to identify malware immediately which would have bypassed the other pieces of your security setup (or you can use the ondemand scanner provided within it if wanted :)).

If you don't ever encounter an infection when trialing another antivirus product with the standard trial cutoff, you would have wasted your one and only shot at seeing if that antivirus product would be beneficial to you. This way, you will be able to see the benefits immediately and continue to see benefits by utilizing the ondemand scanner whenever wanted.

-{ Quote: "You would receive the same results when using an ondemand scanner. Services like Kaspersky's, TrendMicro's, etc. online scanners are offered to show users the detection rates of their products and to identify infections. Then, users identify the benefits of those products and purchase them.

Although it may seem non-standard, it essentially acts as a realtime ondemand scanner. Rather than needing to run a scan every day to detect malware, you are able to identify malware immediately which would have bypassed the other pieces of your security setup (or you can use the ondemand scanner provided within it if wanted :)).

If you don't ever encounter an infection when trialing another antivirus product with the standard trial cutoff, you would have wasted your one and only shot at seeing if that antivirus product would be beneficial to you. This way, you will be able to see the benefits immediately and continue to see benefits by utilizing the ondemand scanner whenever wanted." }-

It would be great if in range of 30 day trial it would be able to catch malware in real-time and then after with RED WARNING be informed that we going in "frustration endless" mode while you can see how your credit card details departure from you or how your HD going to be useless piece of junk or similar malware behavior ...

-{ Quote: "It would be great if in range of 30 day trial it would be able to catch malware in real-time and then after with RED WARNING be informed that we going in "frustration endless" mode while you can see how your credit card details departure from you or how your HD going to be useless peace of junk or similar malware behavior ..." }-

I agree with your logic. As long as we make it perfectly obvious when the real protection trial period is ending and the diluted trial is beginning, I think this may be a better solution as it gives users the ability to try out both aspects of the product.

I will ensure that we discuss this topic in the morning and I will let everyone here know what our decision is.

-{ Quote: "I agree with your logic. As long as we make it perfectly obvious when the real protection trial period is ending and the diluted trial is beginning, I think this may be a better solution as it gives users the ability to try out both aspects of the product.

I will ensure that we discuss this topic in the morning and I will let everyone here know what our decision is." }-
Manny thanks, I will try it then... :)

that actually sounds like a very good idea, 30 days trial WITH real-time then after the 30 days or however many days u chose, it goes to the on-demand version which is unlimited. that would be extremely helpful for testing.

-{ Quote: "that actually sounds like a very good idea, 30 days trial WITH real-time then after the 30 days or however many days u chose, it goes to the on-demand version which is unlimited. that would be extremely helpful for testing." }-

I've sent an email to the license/database developers saying almost exactly this and we should have an answer by the afternoon, UK time. :)

-{ Quote: "I agree with your logic. As long as we make it perfectly obvious when the real protection trial period is ending and the diluted trial is beginning, I think this may be a better solution as it gives users the ability to try out both aspects of the product.

I will ensure that we discuss this topic in the morning and I will let everyone here know what our decision is." }-

It makes sense to make the product fully functional during the trial. Although average users may not encounter malware during the trial period there are more advanced users who will intentionally throw malware at Prevx Edge to test it's performance. That will make it easy to review and should produce a lot of good PR for the product.

If I understand you correctly, the Behavior Blocker is not activated in the trial that I have on my pc.
If that's the case, then I'm suspending TF's protection and will not have active blocking protection?
Also, from what I read above, I'm not able to make 'adjustments' for any single program. Rather, I would need to adjust the slider to make an adjustment that will affect all programs one way or another?
It's nice and light and very fast. It's also easy enough for me to use. But even for my skill level I'm not sure of the benefits.
All in all a very nice job.
Hugger

-{ Quote: "If I understand you correctly, the Behavior Blocker is not activated in the trial that I have on my pc.
If that's the case, then I'm suspending TF's protection and will not have active blocking protection?
Also, from what I read above, I'm not able to make 'adjustments' for any single program. Rather, I would need to adjust the slider to make an adjustment that will affect all programs one way or another?
It's nice and light and very fast. It's also easy enough for me to use. But even for my skill level I'm not sure of the benefits.
All in all a very nice job.
Hugger" }-

Malware blocking is not active in the trial, however, malware reporting is. So, if you were to get an infection, it would report it but it could still infect you.

You can, however, leave TF enabled - we have not experienced any incompatibilities between Edge and TF, so, I don't think there would be any problems.

To make program-level adjustments, you can use the Detection Overrides feature (found under Tools and Settings) which will allow you to mark certain programs as "Detect" and certain programs as "Ignore".

The benefits are much more apparent with the full version as it will actually prevent the threats which it detects, unlike the trial which passively reports them (but, to give users an accurate measure of the performance, both the free and paid have exactly the same system impact).

Hi,

I hardly dare to ask this because I have never used PrevX...

Am I understanding it right that it depends on input from users (like is a file OK or not)?

Is it possible to configure it in a way that I have my own private database of files without sharing it to others (like I do with my file-integrity-checkers)? I'm only interested whether a file has been changed (changed, deleted, new added).

-{ Quote: "It makes sense to make the product fully functional during the trial. Although average users may not encounter malware during the trial period there are more advanced users who will intentionally throw malware at Prevx Edge to test it's performance. That will make it easy to review and should produce a lot of good PR for the product." }-

Yes, I think this is the logical oversight we have. While normal users will be content with the trial as-is, testing is where the trial licensing model breaks down as it is currently not possible to test Edge's realtime protection without a license (unless you really enjoy getting infected ;D).

-{ Quote: "
Am I understanding it right that it depends on input from users (like is a file OK or not)?

Is it possible to configure it in a way that I have my own private database of files without sharing it to others (like I do with my file-integrity-checkers)? I'm only interested whether a file has been changed (changed, deleted, new added)." }-

This is a good point to bring up. Although we do coin our protection as Community based, it is not based on a community of users, rather, it is based on the user's computers. We do take consideration into when a user clicks Allow or Deny, however, that sends the file into a deeper level of analysis server-side and may require a manual decision in the end.

However, all malware detection is automated. Every user's computer gathers behaviors from suspicious programs (anonymously and the behaviors are mere binary strings, nothing private ;D) and then the centralized database analyzes the behavior of all programs as a whole, rather than relying on static analysis or more reactive forms of malware analysis.

Therefore, rather than saying that our products are based on the opinion of a community (like other products do currently), we use the community to improve our view on what a program does as many pieces of malware behave significantly differently depending on their environment.

We do not have a full system whitelisting approach like you are describing, but, every file is tested extensively against our database of white/black files and then signatures from programs are sent up along with behaviors to get an in-depth view at what the file is truly up to. This provides more granular insight into what a program actually does and produces far fewer false positives than a plain whitelisting solution.

Hi,

Nice to hear that Prevx has once again risen from hibernation. During these sans-prevx period. some amazing products have gained some strong ground, to name few; manutu (a squared AM),threatfire etc.

With this Edge, what actually does it bring about ? Is it actually better than any others ? Can some sum up few ? I think , on this section, we are allowed to make comments such as A vs B. Any one ?

-{ Quote: "Hi,

Nice to hear that Prevx has once again risen from hibernation. During these sans-prevx period. some amazing products have gained some strong ground, to name few; manutu (a squared AM),threatfire etc.

With this Edge, what actually does it bring about ? Is it actually better than any others ? Can some sum up few ? I think , on this section, we are allowed to make comments such as A vs B. Any one ?" }-

After seeing many threads burn to the ground, I'll recommend staying away from A vs B, however, I'll give a conceptual comparison between certain product classes.

Edge's primary detection/prevention benefit is its ability to block new and fast spreading malware unlike other products. With our newly enhanced community view, we are able to track infections as they propagate and as behaviors are gathered, allowing us to block an infection heuristically even if it has only been seen by one user, unlike other antivirus products which require a certain threshold to make an economically beneficial signature.

Other products do have their benefits - behavior blockers, for instance, block behaviors. Edge, however, does not block behaviors and does not intend to. To illustrate an example: if a program adds a run key to HKLM\...\run, Edge would see the change and log it, however, that act in itself is NOT malicious. Behavior blockers may quickly jump on an action like that and report it as malicious, thereby stopping the "infection". However, if a legitimate program comes along and makes the same entry, most behavior blockers will identify the same behavior (as that is their purpose).

Therefore, Edge bridges the gap to try and make behavioral protection available to the masses. Rather than prompting on every behavior, Edge will analyze behaviors in the background, processing and interpreting them and spitting out an easily digestible, easy to understand answer of "No you should not run this" or "Yes, you can run this".

We needed to retool our product set because an extreme vast majority of users outside of Wilders/other security forums have no idea whatsoever of how to configure an antivirus product to work properly and when to answer Allow or Block to a prompt. Behavior blockers in the conventional sense for the conventional user are not a good match - as famously depicted by Vista's UAC.

Rather than relying on the user who unfortunately makes the incorrect decision more often than not, we have automated the entire process from behavioral gathering to program determination and are now providing HIPS/behavior monitoring/blacklist/whitelist protection to all users regardless of their computer savvy.

And, for the techies in all of us, we don't force you to stop using your existing programs. If you want to use Mamutu alongside Edge, feel free to do so. A number of our testers used Edge alongside popular behavior blocking programs without any problems.

I hope that answers your questions. If not, please let me know and I'll clarify :)

Does PrevX Edge sort out issues with Vista UAC ??
Or do I still need to install it with UAC disabled ?

-{ Quote: "Does PrevX Edge sort out issues with Vista UAC ??
Or do I still need to install it with UAC disabled ?" }-

Edge does work completely with UAC and on limited user accounts.

Also, before it gets asked: Edge does not work on x64 yet - it is only 32bit for now.

-{ Quote: "Edge does work completely with UAC and on limited user accounts.

Also, before it gets asked: Edge does not work on x64 yet - it is only 32bit for now." }-
That's Great :thumb: I had a slight grudge against Prevx 2.0 due to the UAC thing.

I think you replied earlier in the thread, itself that 64-bit is not supported. But a new version for x64 will arrive soon :D
I'll try it out on my Vista 32-bit PC, but would really like the slim protection also on my x64 servers ;)

----EDIT----
Can you also tell me how PrevX Edge 3.0 compares with PrevX 2.0 HIPS ??

Hi there,
I'm using Nod32 v3 with OA free (with HIPS enabled) for a while now and also have Prevx CSI installed.
Would Prevx Edge be a "necessary" layer with this resident security setup? Or would it be too much?
Would you recommand Prevx Edge or CSI when already using Nod with OA free + HIPS?

Congrats on the release!!!!!!!! Good work by everyone on the Prevx team!!!! After doing plenty of testing over the last little while with it....hope I am allowed to admit to the world I was one of the beta testers :o .... I feel safe running just Edge on its own.

-{ Quote: "I've sent an email to the license/database developers saying almost exactly this and we should have an answer by the afternoon, UK time. :)" }-
I have to agree that a active trial period is really needed, otherwise you shoot yourself in the foot.;)

-{ Quote: "Congrats on the release!!!!!!!! Good work by everyone on the Prevx team!!!! After doing plenty of testing over the last little while with it....hope I am allowed to admit to the world I was one of the beta testers :o .... I feel safe running just Edge on its own." }-
me to threedog, after all the testing it was apparent it does the work of all other apps I was using. Well,,,, all but FD-ISR.:)

Uses low resources, seems to be very stable and there are no slowdowns. So far so good.

Tried it on a few recent 'known' malicious files/programs and they have been KO'd. :)

Scanners aren't really my type of security but decided to give it a run against 30 different malwares of which are mainly installers for rogue apps.

203966

Great work putting this out.

I know i'll show dumb but i prefer to ask anyway two questions:

1) Edge free version (or trial if you prefer): you don't have realtime cleanup, but you have unlimited REALTIME detection (no block, i understood, but realtime and not on demand for detection). Is this correct?

2) Any known incompatibilities between Edge and PrevX2 and Edge and Online Armor 3(licensed version) ?

Thanks in advance

Not bad Franklin. I'd expect a very good AV to get a similar result.

Most users could use it as the resident application. I'd have confidence in installing this on mine, or say my parent/friend's system as the only application. While those who download a lot of unknown content could benefit from using it alongside their AV.

But as it's so light, using a layered approach with say firewall, HIPS and so on, Prevx should do nicely.

Sorry for being a bit late on the scene this morning, a bit late getting to bed here in the UK last night after waiting for the release ;D
My thanks to Prevx Help for the privilege of being included in the beta testing, it didn't last long but the fact that the final release came so soon shows how stable it is. The real work had already been done before we got our hands on it.
I tried it alongside GeSWall, DefenseWall, and several others including HIPS with no sign of any conflict at all.
As trjam has already said, you really do not need anything else. I now have just PrevxEdge, RollBack Rx ,Windows XP firewall and a router, thats it :)

-{ Quote: "Scanners aren't really my type of security but decided to give it a run against 30 different malwares of which are mainly installers for rogue apps.

203966" }-

If you want, just send me the 6 samples undetected along with the Edge log and I'll take care of adding them immediately :)

-{ Quote: "Great work putting this out.

I know i'll show dumb but i prefer to ask anyway two questions:

1) Edge free version (or trial if you prefer): you don't have realtime cleanup, but you have unlimited REALTIME detection (no block, i understood, but realtime and not on demand for detection). Is this correct?

2) Any known incompatibilities between Edge and PrevX2 and Edge and Online Armor 3(licensed version) ?

Thanks in advance" }-

1) Yes, correct :)

2) We aren't aware of any kind of incompatibily between such sofwares :)

Ok, i don't quite understand it but is it like this:

Prevx Edge does not detect malware in real-time
Prevx Edge detects malware during on-demand scans but does not rmeove it
Prevx Edge never expires

-{ Quote: "Ok, i don't quite understand it but is it like this:

Prevx Edge does not detect malware in real-time
Prevx Edge detects malware during on-demand scans but does not rmeove it
Prevx Edge never expires" }-

This is for the trial not the fully licensed version:

Prevx Edge does detect malware in real-time but does not block it. It only notifies you.
Prevx Edge detects malware during on-demand scans
Prevx Edge never expires

Aha, so it's more like a second opinion tool than system cleaning one. Unless you buy it of course. Thats not that bad i guess.

-{ Quote: "Ok, i don't quite understand it but is it like this:

Prevx Edge does not detect malware in real-time
Prevx Edge detects malware during on-demand scans but does not rmeove it
Prevx Edge never expires" }-

Prevx detects malware in real-time, but it won't block them, it just reports to the user that a malware has been detected in real time :)

-{ Quote: "Aha, so it's more like a second opinion tool than system cleaning one. Unless you buy it of course. Thats not that bad i guess." }-

Well put it this way. If one of my security arsenal didn't pick up a virus in real-time from a suspicious program, and Prevx Edge did. I would like something that would be able to deal with it, because I know I am being infected, but removing it is another problem in it's self. So buying Prevx Edge is very worthwhile as it not only has found that their is something malicious, but it will also be able to remove it and keep me safe. If I bought it before the infection Prevx Edge would have even blocked it before I could get infected.

From my understanding, PrevxHelp mentioned he will return to the forum later on to let people know about the possibility of a 30 day trial (then if not purchased, program continues to work as detection only).

Currently the trial version is exactly the same as the full version, except for lack of block/removal.

-{ Quote: "From my understanding, PrevxHelp mentioned he will return to the forum later on to let people know about the possibility of a 30 day trial (then if not purchased, program continues to work as detection only)." }-

Yes, we are talking about this :)

@EraserHW
How does Prevx Edge react when you copy a malware on your PC? Does it jump right away or do you have to execute the malware first before it jumps up?

anyone using it wif avira? i wan to try it wif avira.;D

-{ Quote: "anyone using it wif avira? i wan to try it wif avira.;D" }-

Yep, and Norton IS 2009, along with A2, PRSC. No problems with Avira or any of the others :)

Wow that gd...got to try it now.:thumb:

Bah. Useless. Doesn't even work under 64bit Vista.
I hate it when 64bit users are treated like we're using some obscure version of unix or something... First ThreatFire, now Prevx Edge. What's next? ::)

I tried it with so many I lost count. Funny thing, in most cases it wa Edge that alerts first.

-{ Quote: "anyone using it wif avira? i wan to try it wif avira.;D" }-

It does work without any kind of incompatibilty :)

-{ Quote: "Bah. Useless. Doesn't even work under 64bit Vista.
I hate it when 64bit users are treated like we're using some obscure version of unix or something... First ThreatFire, now Prevx Edge. What's next? ::)" }-
why dont you take the time to ask. They said it was very close. Damn it kills me how people assume stuff. Geez RejZoR, they know the importance of 64 bit, and it is very soon. I agree with what you are saying, but just ask them before you think you in some obsure group of users.

-{ Quote: "Bah. Useless. Doesn't even work under 64bit Vista.
I hate it when 64bit users are treated like we're using some obscure version of unix or something... First ThreatFire, now Prevx Edge. What's next? ::)" }-

Support for 64bit will be added during next weeks :)

I'm a 64bit user too ;) (on one of my PC)

-{ Quote: "why dont you take the time to ask. They said it was very close. Damn it kills me how people assume stuff. Geez RejZoR, they know the importance of 64 bit, and it is very soon. I agree with what you are saying, but just ask them before you think you in some obsure group of users." }-

Assume? I'm waiting for 64bit ThreatFire since um was it around may 2008? And they keep on promising it and posponing it and now i'm sure even they don't know it. And then there was Symantec acquisition in between...

So i really hope 64bit version of Prevx will appear sooner than ThreatFire's...

-{ Quote: "I tried it with so many I lost count. Funny thing, in most cases it wa Edge that alerts first." }-

Do you mean that edge will warn 1st and only after we ans it thn other Av will warn u.

OR

u mean edge will warn 1st and the other av warning will come up shortly? ???

Edge will warn first, with some products. But the list it was tested with is very long.

RejZoR, I agree with your viewpoint, and Edge aint Threatfire. Give these folks a chance and you will see 64 bit offered very soon. I have yet to see them promise, offer, or say something they did not follow through on. I am pretty sure the other beta testers will say it also.

But I hear you and agree.

-{ Quote: "1) Yes, correct :)

2) We aren't aware of any kind of incompatibily between such sofwares :)" }-


grazie mille (many thanks)

:D
I'll surely try it

-{ Quote: "grazie mille (many thanks)

:D
I'll surely try it" }-

You're welcome :) If you detect any kind incompatibility, just report it to me or PrevxHelp :)

btw: are you italian? ;D

-{ Quote: "@EraserHW
How does Prevx Edge react when you copy a malware on your PC? Does it jump right away or do you have to execute the malware first before it jumps up?" }-

I would like to know the answer to this also :)

RejZor and Tony, I'm no expert but I'll explain what I see. When programs are run for the first time, a small popup appears which shows prevx edge is 'authenticating files'. An infected program can be blocked and removed right then and there.

While at other times, and while I perform other tasks, it will actively scan the system (outside of a scheduled scan) and detect the malicious files (although already known to me). So it seems to always be 'alert' and 'scanning' for problem files.

-{ Quote: "@EraserHW
How does Prevx Edge react when you copy a malware on your PC? Does it jump right away or do you have to execute the malware first before it jumps up?" }-

In beta testing I found that some were detected as soon as the download finished before being executed, others were detected when I tried to run them. But, before or after, none were allowed to run.

If you want to see how it works, go here (http://www.zemana.com/list/list.asp?ktgr_id=413)

Everyone else did.

Thanks for the answers :thumb:

I see PrevX 2.0 HIPS is still available on the site. So is PrevX Edge 3.0 better than it ? Could some one tell me the exact differences ....
Thanks :thumb:

-{ Quote: "You're welcome :) If you detect any kind incompatibility, just report it to me or PrevxHelp :)

btw: are you italian? ;D" }-

Yes, i am.

The nick i choose will be hardly a one chosen by foreign people (i had an hard time trying them to guess how to say it, thanks god a youtube video cameto help me, lol).

Anyway:

i tried it on a fully updated Vista Business machine with Kasperky AV 2009, windows firewall.
It's a clean install ,so there are no problems related to previous installed / uninstalled software.

So far it's doing good with two exceptions:

- enabling self-protection and saving the changes brings, after a few moments, a threatening warning and red light on the eye, "monitoring is disabled". A reboot fixes it and keeps thesetting but still, if this behaviour is expected (having to reboot) i'd prefer a message stating that. If not expected then it's something you should look to.

- When booting, after first install and on every reboot, there is a short period after login, let's say 20 - 30 seconds, where everything seems loaded, Edge included, judging by the tray bar icons, but the system is unresponsive.......i tried right clicking on edge, on the start button, ctrl-alt-canc.......

After that everything, not that i tried many things, seems to work well.

Since task manager can't be started i can't see what going on........i only seethat there is no HD activity.

Hope it helps

Best Regards

I left enabling self protection unchecked and found it a tad more stable. Also my heuristics settings to high.

-{ Quote: "@EraserHW
How does Prevx Edge react when you copy a malware on your PC? Does it jump right away or do you have to execute the malware first before it jumps up?" }-

I'll steal this question from Marco :) Scanning happens primarily when the program/file is loaded rather than when it is copied. This provides substantially faster/lighter performance with no loss in real protection.

However, on Vista protection is slightly different and in some cases it will warn quicker, but, the primary intention is to scan the files when they're loading code.

-{ Quote: "Assume? I'm waiting for 64bit ThreatFire since um was it around may 2008? And they keep on promising it and posponing it and now i'm sure even they don't know it. And then there was Symantec acquisition in between...

So i really hope 64bit version of Prevx will appear sooner than ThreatFire's..." }-

64bit is significantly different from 32bit and is more difficult to develop.
Currently there is still such a low adoption rate of 64bit computers, it is hard to justify dedicating the time immediately for it.

However, as soon as we've finished the next round of upgrades to the actual protection, we will continue working on 64bit compatibility.

-{ Quote: "Do you mean that edge will warn 1st and only after we ans it thn other Av will warn u.

OR

u mean edge will warn 1st and the other av warning will come up shortly? ???" }-

In order to be compatible with other AVs, we've taken the approach of blocking programs in a different way. Rather than locking the program from the kernel and possibly causing BSODs when it is trying to be read by another AV during the scan, we leave it open.

This does not allow the file to open for any kind of exploitation or possibility to infect, but, it immediately allows us to be compatible with other security solutions.

It is really a guessing game to see which AV will find the file first.

So, in summary, just because Edge doesn't show a block warning when your AV does, doesn't mean that it didn't find it.

Also, if Edge doesn't find a file on a right-click scan or another scan, that doesn't mean it wouldn't block it under realtime protection as well, as heuristics and behavior analysis work much more swiftly under realtime protection.

-{ Quote: "In beta testing I found that some were detected as soon as the download finished before being executed, others were detected when I tried to run them. But, before or after, none were allowed to run." }-

Yes, this is precisely the behavior. It is a bit of a guessing game on how the OS will load the files. We discovered that Vista has a somewhat un-optimal way of handling files when saved/browsed which causes some areas of them to be loaded into memory, so, Edge will grab them immediately.

However, regardless of the OS and regardless of where the file came from, Edge will block it from infecting or loading any bit of code into memory.

-{ Quote: "I see PrevX 2.0 HIPS is still available on the site. So is PrevX Edge 3.0 better than it ? Could some one tell me the exact differences ....
Thanks :thumb:" }-

Prevx2 is still available on the site because some of our more advanced users still use some features of it which are not present in Edge.

For instance, if you use the advanced features found in the Expert mode of Prevx2, you may want to continue using it as it does give you more granularity over the protection aspects. However, Edge's protection "out of the box" far surpasses Prevx2's protection thanks to our new advanced heuristics and behavioral analysis techniques.

Edge is also lighter and more cross-compatible with other AVs. Note: if you want, Edge is also compatible with Prevx2, so, if you want to use Prevx2 for more of a behavior blocker and Edge as a realtime antimalware product, they won't interfere :)

Hope that helps!

-{ Quote: "Yes, i am.

The nick i choose will be hardly a one chosen by foreign people (i had an hard time trying them to guess how to say it, thanks god a youtube video cameto help me, lol).

Anyway:

i tried it on a fully updated Vista Business machine with Kasperky AV 2009, windows firewall.
It's a clean install ,so there are no problems related to previous installed / uninstalled software.

So far it's doing good with two exceptions:

- enabling self-protection and saving the changes brings, after a few moments, a threatening warning and red light on the eye, "monitoring is disabled". A reboot fixes it and keeps thesetting but still, if this behaviour is expected (having to reboot) i'd prefer a message stating that. If not expected then it's something you should look to.

- When booting, after first install and on every reboot, there is a short period after login, let's say 20 - 30 seconds, where everything seems loaded, Edge included, judging by the tray bar icons, but the system is unresponsive.......i tried right clicking on edge, on the start button, ctrl-alt-canc.......

After that everything, not that i tried many things, seems to work well.

Since task manager can't be started i can't see what going on........i only seethat there is no HD activity.

Hope it helps

Best Regards" }-

Thank you for your information. While we didn't reproduce any incompatibilities with Kaspersky in our internal testing, we will take another look at it. What I suspect is happening is that the self protection is fundamentally interfering with Kaspersky's memory protection.

Our self protection runs at a very low level and is not enabled by default as it could cause incompatibilities with other AVs that also use self protection (Bit of an unfair point - two AVs can't run on the same system if they both want to protect themselves).

The "Monitoring Disabled" warning comes when Edge self-tests its protection once every few seconds. After enabling self protection, Edge's protection has to be "rebooted", so, somewhere along the line of having it reload it is being interfered with.

-{ Quote: "Hi there,
I'm using Nod32 v3 with OA free (with HIPS enabled) for a while now and also have Prevx CSI installed.
Would Prevx Edge be a "necessary" layer with this resident security setup? Or would it be too much?
Would you recommand Prevx Edge or CSI when already using Nod with OA free + HIPS?" }-

I would recommend using Prevx Edge.

Edge duplicates all of the functionality of CSI (you can actually use both interchangeably if you put an Edge license key into CSI v3.0.0.172 :)) and does not have any known issues running alongside NOD32/OA.

Please let us know if you do run into any problems, but I suspect you won't :)

Ok, now I can go eating something ;D

-{ Quote: "Congrats on the release!!!!!!!! Good work by everyone on the Prevx team!!!! After doing plenty of testing over the last little while with it....hope I am allowed to admit to the world I was one of the beta testers :o .... I feel safe running just Edge on its own." }-

Of course you are!! :) And we are extremely thankful for all of the input you've given us :)

I am just more willing to spend my money on a product when I am I able to try the product without restrictions.

I hope Prevx considers this as I am very interested in Edge.

Well, considering 4GB of RAM is becoming a mainstream, usage of 64bit OS makes sense. Well, a need in fact, unles you want to waste available performance/resources for nothing.
Looking forward for 64bit version though.

-{ Quote: "Well, considering 4GB of RAM is becoming a mainstream, usage of 64bit OS makes sense. Well, a need in fact, unles you want to waste available performance/resources for nothing.
Looking forward for 64bit version though." }-

Yes, I agree. Currently I don't have an ETA on the 64bit version, but, I think the priority will be moved up once we get a better feel of how many Edge users are requesting it.

Just another question, sorry if i'm so annoying:

i put all heuristic settings to maximum.

I didn't notice bad side effects but.........is this to be cosidered too much?

Thanks in advance

-{ Quote: "Just another question, sorry if i'm so annoying:

i put all heuristic settings to maximum.

I didn't notice bad side effects but.........is this to be cosidered too much?

Thanks in advance" }-

No, that should be fine. The heuristics should still generate a minimal number of false positives, even on maximum.

However, if you do experience false positives on max. please let us know and we can adjust the rules accordingly :)

will surely do......thanks again.

you're so quick to answer that this is more a chat that a forum

:D

To all:
The jury is still out as to what our license model will be changed into. If any users want to test it out temporarily, I've been given authorization to hand out one-week full license keys for now. I know it isn't optimal, but it may help tide people over while we decide on what we'll be officially doing.

Drop me a PM if you're interested :)

Nice work fellows :thumb:

I installed it alongside Online Armor Free (Vista) and, while it appeared to work fine at first, it slowed my sytem to a crawl once I opened a folder full of programs. I had to reset and remove it in safe mode.

-{ Quote: "I installed it alongside Online Armor Free (Vista) and, while it appeared to work fine at first, it slowed my sytem to a crawl once I opened a folder full of programs. I had to reset and remove it in safe mode." }-

While it was loading the folder, it has to scan every file. If you noticed, there should have been an 'Authenticating New Programs' popup in the bottom right corner near the clock - this will indicate the progress of the scan. Because Vista loads programs into memory when they're browsed to, many AVs need to scan them if they haven't encountered those files before.

Generally shortly after installation it will optimize away the need to do this on its own, but it may take a minute or two after first loading.

In normal use, this wouldn't happen, as the folder would be scanned and monitored for changes immediately after it is encountered the first time, so, if you do decide to go back to Edge for another test, could you try waiting a minute or two after opening the folder?

Decided to give this a try.FP after 1st scan with Babylon .exe 7.0.3(r24).Added the file to trust after i launched it.I What's the best way to deal with this.Should i send u the log or....?

1 other question.I don't know exactly what override means in my language.If i know that babylon.exe is safe what do i choose:remove or add override?

-{ Quote: "Decided to give this a try.FP after 1st scan with Babylon .exe 7.0.3(r24).Added the file to trust after i launched it.I What's the best way to deal with this.Should i send u the log or....?" }-

You can send the single line from the log which references the file, or the entire log, or you can send the file if you want. I'll get it sorted immediately :)

False positive fixed :)

-{ Quote: "Decided to give this a try.FP after 1st scan with Babylon .exe 7.0.3(r24).Added the file to trust after i launched it.I What's the best way to deal with this.Should i send u the log or....?

1 other question.I don't know exactly what override means in my language.If i know that babylon.exe is safe what do i choose:remove or add override?" }-

Missed the second half of the message :)
If you know that babylon.exe is safe, you click "Add Override", browse to the file, and then click the 'Add Override' button on the next screen. Then, in the popup box, click the down arrow and click "Ignore File" or "Trust Always" (depending on your license).

If you have any questions, let me know. We are still working on a detailed feature-by-feature user guide, so, the process should be much easier to understand soon.

-{ Quote: "Yes, I agree. Currently I don't have an ETA on the 64bit version, but, I think the priority will be moved up once we get a better feel of how many Edge users are requesting it." }-

I dont care what existing Edge users think about 64, im licensed to Px 2 and wish to upgrade. I haven't seen the option on your website.

The My Area is a cool thing - it reports alot of history on PX's use n stats.

I know u said not so long ago, that Px 2 64 beta isnt actually beta but i disagree - i installed it today and after reboot it would fast scan in endless loops - would hardly call that stable so please either update it or give us 64 bit for Edge or CSI. I dont mind waiting a bit but the more i read on these last few pages the more i get the sense that 64 bit support is on the bottom of the TODO list. Vista 64 has been out long enough and has enough users due to the mem limit of 32 bits - add support and im 100% sure ull get many more customers but please do not put us type of users aside just because we belong to the minority. Go go Rejzor!

Congrats with the new current situation, i havent been on this forum but i noticed yesterday the changes on your website - was a real surprise for me, went to install it right away but :'( Anyways future for you seems excellent now just let us minorities enjoy along will ya :lurking:

-{ Quote: "I dont care what existing Edge users think about 64, im licensed to Px 2 and wish to upgrade. I haven't seen the option on your website.

The My Area is a cool thing - it reports alot of history on PX's use n stats.

I know u said not so long ago, that Px 2 64 beta isnt actually beta but i disagree - i installed it today and after reboot it would fast scan in endless loops - would hardly call that stable so please either update it or give us 64 bit for Edge or CSI. I dont mind waiting a bit but the more i read on these last few pages the more i get the sense that 64 bit support is on the bottom of the TODO list. Vista 64 has been out long enough and has enough users due to the mem limit of 32 bits - add support and im 100% sure ull get many more customers but please do not put us type of users aside just because we belong to the minority. Go go Rejzor!

Congrats with the new current situation, i havent been on this forum but i noticed yesterday the changes on your website - was a real surprise for me, went to install it right away but :'( Anyways future for you seems excellent now just let us minorities enjoy along will ya :lurking:" }-

We are in the process of writing up a way to convert Prevx2 licenses into Edge licenses :) Should be done shortly.

Regarding 64bit, it is not at the bottom of the todo list, but it isn't very high in the todo list. The problem is that, contrary to popular belief, only ~2% of our users use 64bit, which means it immediately gets pushed behind changes that would benefit the other 98%.

We are definitely going to address it, but there are currently a handful of important advancements sitting in-front of 64bit support, and, 64bit support is nontrivial as it requires fundamental changes to the software and driver.

I fully understand but can you imagine if you were in my position - it smells!

Ok, so 2 weeks and Edge will run on mine?

btw is Edge the succesor to Px 2.0? Right now theres csi 3.0, edge 3.0 and px 2.0 - whats the roadmap? n please b as clear as u can

Very exciting times these r: Dr.web v5, Sana's beta and Edge

-{ Quote: "While it was loading the folder, it has to scan every file. If you noticed, there should have been an 'Authenticating New Programs' popup in the bottom right corner near the clock - this will indicate the progress of the scan. Because Vista loads programs into memory when they're browsed to, many AVs need to scan them if they haven't encountered those files before.

Generally shortly after installation it will optimize away the need to do this on its own, but it may take a minute or two after first loading.

In normal use, this wouldn't happen, as the folder would be scanned and monitored for changes immediately after it is encountered the first time, so, if you do decide to go back to Edge for another test, could you try waiting a minute or two after opening the folder?" }-

I left it for ~15 minutes, trying to gain control of the mouse and open the task manager (which I couldn't open). The whole system was jerky and unresponsive so I had to reset.

I thought it scanned the entire drive after installation, so it seemed unusual that it had to scan this folder in the root of my drive (my "Utils" folder).

-{ Quote: "I fully understand but can you imagine if you were in my position - it smells!

Ok, so 2 weeks and Edge will run on mine?

btw is Edge the succesor to Px 2.0? Right now theres csi 3.0, edge 3.0 and px 2.0 - whats the roadmap? n please b as clear as u can

Very exciting times these r: Dr.web v5, Sana's beta and Edge" }-

Yes, I do understand your position :) However, it will definitely take longer than two weeks.

Prevx 2 is a completely different product. If you want the granular control of being to block specific behaviors, that is where Prevx 2 falls in. However, if you want everything to be automated with minimal interaction and improved detection, that's where Edge lies.

-{ Quote: "I left it for ~15 minutes, trying to gain control of the mouse and open the task manager (which I couldn't open). The whole system was jerky and unresponsive so I had to reset.

I thought it scanned the entire drive after installation, so it seemed unusual that it had to scan this folder in the root of my drive (my "Utils" folder)." }-

Hmm.... this is quite odd, and definitely hints of some more fundamental interaction issue. We will install the security applications you have to try and reproduce the hanging, as we have not seen it in any test.

Out of interest: do you happen to have any desktop search applications installed (other than the default Vista one)?

-{ Quote: "it will definitely take longer than two weeks." }-

Dang, how long do you expect it to take?

Is Px 3 still in the making?

What i want is to have the newest tech instead of being 2 steps behind on the rest of the world of wilders, poor me

-{ Quote: "Dang, how long do you expect it to take?

Is Px 3 still in the making?

What i want is to have the newest tech instead of being 2 steps behind on the rest of the world of wilders, poor me" }-

Not sure on the exact timeline at the moment, but Edge is "completed" (still always constantly changing of course ;D) for 32bit - still in very early development for 64bit.

Due to the overwhelmingly positive response for Edge, we've decided to make it a <free> upgrade from Prevx2. If you are a current Prevx2 user, you can input your license key on this page:

http://info.prevx.com/licenseswap.asp

and as long as your license was purchased before Nov. 13, 2008 (and is a non-server Prevx2 registered license) you will be able to get Edge in place of it for the remaining duration of your license :)

Please let me know if you run into any problems using this feature as it is a new addition to our licensing structure!

now thats nice.;)

-{ Quote: "
Please let me know if you run into any problems using this feature as it is a new addition to our licensing structure!" }-

No, no problems, but certainly a surprising price per seat lisence structure

-{ Quote: "No, no problems, but certainly a surprising price per seat lisence structure" }-

I just spent the last ~15 minutes investigating that with some of the other team members and it appears to be completely intentional ??? . I'm guessing there is some deeply complex mathematical operation behind it... however, I could not begin to tell you what that may be ;D

I cannot find any info as to what the renewal price would be.

Is there a discount when renewing as other software companies give?

-{ Quote: "I cannot find any info as to what the renewal price would be.

Is there a discount when renewing as other software companies give?" }-

We offer a 10% discount when renewing your license over the original license price.

Thanks for the swift reply :)

It looks like it has been one long day for you today

-{ Quote: "Thanks for the swift reply :)

It looks like it has been one long day for you today" }-

Has been? ;D I've got a while to go still before I fall asleep at the keyboard ;D

-{ Quote: "Thanks for the swift reply :)

It looks like it has been one long day for you today" }-
oh, he is paid well. lol

Just no over sleeping in the morning.;)

Interesting note.
qmc.exe is not a worm. It's a calendar.
Edge disagrees with me. The steps to take to change the detection are easy but too many for such a simple thing.
Hugger

-{ Quote: "Interesting note.
qmc.exe is not a worm. It's a calendar.
Edge disagrees with me. The steps to take to change the detection are easy but too many for such a simple thing.
Hugger" }-

When you receive the warning, you should just be able to click Trust on the prompt and it will not warn you again.

Could you send me a scan log (Tools and Settings > Save Scan Results) so I can correct the false positive?

-{ Quote: "Due to the overwhelmingly positive response for Edge, we've decided to make it a <free> upgrade from Prevx2. If you are a current Prevx2 user, you can input your license key on this page:

http://info.prevx.com/licenseswap.asp

and as long as your license was purchased before Nov. 13, 2008 (and is a non-server Prevx2 registered license) you will be able to get Edge in place of it for the remaining duration of your license :)

Please let me know if you run into any problems using this feature as it is a new addition to our licensing structure!" }-
I emailed support last night, with that question and today got home from work and had a new license key for Prevx Edge for my 3-4 months remaining time. So just want to say Thank you PREVX ! ! !

-{ Quote: "I emailed support last night, with that question and today got home from work and had a new license key for Prevx Edge for my 3-4 months remaining time. So just want to say Thank you PREVX ! ! !" }-

You are very welcome ;D

After more testings I am quite impressed with Prevx Edge and even though I doubt I need to run it on my setups I will be recommending it to others that find my sandboxing/virtual setups too hard to use.:)

A couple of the malware installers that Prevx Edge missed it did pick up when installing.

Sorry to ask...

Any special Wilders coupon code or competitive upgrade offered? :argh:

-{ Quote: "Sorry to ask...

Any special Wilders coupon code or competitive upgrade offered? :argh:" }-

We are considering adding a competitive upgrade offer, but it hasn't been finalized just yet ;D

We have made some decisions on the licensing scheme and we will begin offering a standard trial period for Edge starting late next week.

-{ Quote: "After more testings I am quite impressed with Prevx Edge and even though I doubt I need to run it on my setups I will be recommending it to others that find my sandboxing/virtual setups too hard to use.:)

A couple of the malware installers that Prevx Edge missed it did pick up when installing." }-

This is definitely possible: The ondemand scanning (via right click or by "Scan Now") can't find threats as well as the behavior monitoring which applies a whole class of special heuristics on files which are being loaded.

That is why Edge is somewhat difficult to test - it looks at the behavior of a program and temporarily sandboxes its data while being analyzed to gather signatures, so, the best way to test Edge is to fire up a virtual machine and actually run the nasty buggars to see if they are blocked ;D

I installed Prevx Edge and I have two issues

1st - It detected some files considered malware but at least two of them are FP. Using the context menu in each line I send the information it is not malware but unfortunately I can't select all the lines I want, only one at a time and after the first selection it begins immediatlly a new scan without notice.

2nd - In the first reboot after the install, Prevx loads and the icon appears in tray but after a few seconds it enters in the state of disabled.

I tried to enabled it but I have to reboot again, what I did but then it disables again.

Anything I made wrong here?

-{ Quote: "We are considering adding a competitive upgrade offer, but it hasn't been finalized just yet ;D

We have made some decisions on the licensing scheme and we will begin offering a standard trial period for Edge starting late next week." }-
this is a very very good news

-{ Quote: "I installed Prevx Edge and I have two issues

1st - It detected some files considered malware but at least two of them are FP. Using the context menu in each line I send the information it is not malware but unfortunately I can't select all the lines I want, only one at a time and after the first selection it begins immediatlly a new scan without notice.

2nd - In the first reboot after the install, Prevx loads and the icon appears in tray but after a few seconds it enters in the state of disabled.

I tried to enabled it but I have to reboot again, what I did but then it disables again.

Anything I made wrong here?" }-

Hello,
Regarding the false positives: Please save a scan log and send it to me (Tools and Settings > Save Scan Results) and I'll fix the false positives for you as soon as possible.

Regarding the disabled state - that could mean that Edge is having a problem communicating with the driver. Do you have any other antivirus product installed (and, what operating system are you using)? It may be easier for one of our engineers to work with you off-list to solve the problem if you want.

Thank you for your report. We definitely would like to investigate both of these issues further and fix them so that Edge will work properly on your system!

disable enable self protection under basic configuration if you have it checked then reboot. I cant get PH to beleive me on this one. Had same issue with no other protection and mine disabled itself on each reboot. This fixed it.

-{ Quote: "Hello,
Regarding the false positives: Please save a scan log and send it to me (Tools and Settings > Save Scan Results) and I'll fix the false positives for you as soon as possible.

Regarding the disabled state - that could mean that Edge is having a problem communicating with the driver. Do you have any other antivirus product installed (and, what operating system are you using)? It may be easier for one of our engineers to work with you off-list to solve the problem if you want.

Thank you for your report. We definitely would like to investigate both of these issues further and fix them so that Edge will work properly on your system!" }-

I have NIS 2009 and my system is Windows XP SP3

Meanwhile I PM you the log.

You talk about the driver. Where is installed the driver?

In the Program Files folder I only have Prevx.exe is this correct? Since I was thinking of a possible faulty installation.

-{ Quote: "disable enable self protection under basic configuration if you have it checked then reboot. I cant get PH to beleive me on this one. Had same issue with no other protection and mine disabled itself on each reboot. This fixed it." }-

I'll do some retesting on this. I haven't seen this happen, but if it does work for you, then it's definitely worth a try.

-{ Quote: "I have NIS 2009 and my system is Windows XP SP3

Meanwhile I PM you the log.

You talk about the driver. Where is installed the driver?

In the Program Files folder I only have Prevx.exe is this correct? Since I was thinking of a possible faulty installation." }-

I have corrected the false positives for you - thanks for that report! The driver is installed to C:\Windows\System32\Drivers\pxark.sys

Can you run a command - click Start > Run > type cmd.exe
Then in the following DOS command prompt, type:
sc query pxark

can you PM me or message what it says. After that, can you run the command:
sc start pxark

and send me that output as well?

Thanks again ;D

-{ Quote: "disable enable self protection under basic configuration if you have it checked then reboot. I cant get PH to beleive me on this one. Had same issue with no other protection and mine disabled itself on each reboot. This fixed it." }-

Right I did that and no more disabled state.


-{ Quote: "I have corrected the false positives for you - thanks for that report! The driver is installed to C:\Windows\System32\Drivers\pxark.sys

Can you run a command - click Start > Run > type cmd.exe
Then in the following DOS command prompt, type:
sc query pxark

can you PM me or message what it says. After that, can you run the command:
sc start pxark

and send me that output as well?

Thanks again ;D" }-

I have some problem at my system when I execute the

sc query pxark

I receive an error

DOS/32A environment variable is not setup properly. You need to reinstall DOS/32 Advanced DOS Extender on this computer

-{ Quote: "Right I did that and no more disabled state." }-

Aha! In that case, disregard the latter messages ;D

Had you enabled self protection manually before after installing? trjam definitely hit the nail on the head with this one :thumb:

-{ Quote: "When you receive the warning, you should just be able to click Trust on the prompt and it will not warn you again.

Could you send me a scan log (Tools and Settings > Save Scan Results) so I can correct the false positive?" }-

The warning came during the initial scan. I've since corrected it.
If I find the logs I'll send them.
By the way, Edge would be more user friendly if my 'back' arrow on my mouse worked with your program.
Hugger

Gotta keep Trjam happy or he will change his avatar again. ;D

Thanks for coming up with the licence swap from V2 to V3. After using Edge I just can't go back to V2 as much as I liked it.

-{ Quote: "Gotta keep Trjam happy or he will change his avatar again. ;D

Thanks for coming up with the licence swap from V2 to V3. After using Edge I just can't go back to V2 as much as I liked it." }-

No problem :) As a side note, you CAN use both together if you really do want to use the unique features of v2 :)

-{ Quote: "The warning came during the initial scan. I've since corrected it.
If I find the logs I'll send them.
By the way, Edge would be more user friendly if my 'back' arrow on my mouse worked with your program.
Hugger" }-

Ah ok - in that case it would be more difficult to trust the file. You would have to either right click on the file or use the Detection Overrides feature in Tools and Settings.

I've made a note to integrate the screens with quick buttons on the mouse :) Thank you for your suggestion!

Hmmmmm one quick thing I noticed. On a reboot there are two icons in the tray for a few secs then one disappears. That never happened with any of the betas.

-{ Quote: "Hmmmmm one quick thing I noticed. On a reboot there are two icons in the tray for a few secs then one disappears. That never happened with any of the betas." }-

Yes, I've seen that, as well as some other users. This will be one of the first issues we address in the first update (due out sometime late next week).

If you move your mouse over the icons, one will disappear immediately. It is due to a caveat in Windows' tray icon management - when a program closes, icons are not automatically removed and to ensure that we work properly with fast user switching, we have to close the user instance of Edge quickly, possibly too fast for it to realize we're requesting it to remove the icon.

This will be fixed shortly, however :)

Ahhhh thanks PH. I just did a clean install on a clean image and with hardly sleeping the past couple days thought I might have screwed something up.

You're rolling PrevxHelp! :thumb: :thumb: :thumb: I like when vendors are up to the minute. What a comeback!!

-{ Quote: "You're rolling PrevxHelp! :thumb: :thumb: :thumb: I like when vendors are up to the minute. What a comeback!!" }-

Thanks ;D We definitely want to make Edge as big of a success as we can as we've all worked countless hours to build it up to where it is now :)

I have the feeling that Edge will be super successfull once more word gets out about it.

-{ Quote: "I have the feeling that Edge will be super successfull once more word gets out about it." }-

I hope so :) We are still keeping it "relatively" quiet (no press release yet) as we're waiting to finish the licensing changes, but as soon as we're satisfied, we're going to spread it far and wide :)

Thanks for the update Franklin. It's good to know Prevx Edge picked up a couple more of those installers once they were being executed.

A simple 'AV' test would have said prevx missed the rest, but that was not the case. :)

Enjoying this program. :thumb:

AV Test...now there is a good joke.

Eventually there will be a specific spot where John Q Public will be able to go and report a suspected false positive but one step at a time. ;)

Considerations to a similar location to upload suspect files and other various PrevX related questions,Im sure Help will inform all when said spot is prepared. :)

Cheers,

NotPrevxHelp

-{ Quote: "disable enable self protection under basic configuration if you have it checked then reboot. I cant get PH to beleive me on this one. Had same issue with no other protection and mine disabled itself on each reboot. This fixed it." }-

Running Edge on my XP Pro SP3 machine along with AntiVir Premium and ZAP 8. I can confirm both the disabled state upon initial reboot as well as the fix by not enabling self protection.

-{ Quote: "Running Edge on my XP Pro SP3 machine along with AntiVir Premium and ZAP 8. I can confirm both the disabled state upon initial reboot as well as the fix by not enabling self protection." }-

Ok, I got curious and created a new system image to test clean and hopefully unbiased.

I was able to reproduce the issue as well - there is definitely an incompatibility in self protection and Edge at the fundamental level. We will get this sorted this weekend, but the bugfix may have to be held off until early next week just to stay in line with our license changes.

Thank you everyone for reporting the issue and trjam for connecting the dots ;D

-{ Quote: "Prevx2 is still available on the site because some of our more advanced users still use some features of it which are not present in Edge.

For instance, if you use the advanced features found in the Expert mode of Prevx2, you may want to continue using it as it does give you more granularity over the protection aspects. However, Edge's protection "out of the box" far surpasses Prevx2's protection thanks to our new advanced heuristics and behavioral analysis techniques.

Edge is also lighter and more cross-compatible with other AVs. Note: if you want, Edge is also compatible with Prevx2, so, if you want to use Prevx2 for more of a behavior blocker and Edge as a realtime antimalware product, they won't interfere :)

Hope that helps!" }-

Thanks for the info. Since powerful HIPS for Vista are not abundant, I just wanted to know know how much of Prevx 2.0 HIPS is encapsulated in Edge 3.0.

Sorry guys if this is redundant but I need to have a few things answered if you wouldn't mind.

1. Does Edge expire? There have been posts about this here and the answer seems to have been no. But the license duration on the site says '1 year. It sure would be nice is Edge adopted the Malwarebytes approach with MBAM; a one-time fee.

2. How long is a standard scan supposed to take (roughly)? I scanned everything in 50 seconds. How can something be thorough and yet that fast? NOD32 2.x was good and fast but this is crazy fast.

Also, as a side note, Edge does pass all ATP termination attempts.

n8chavez, prevx edge can run unlimited as a 'detection' only product, allowing you to scan and be alerted to any suspect files.

If you pay for a one year licence however, prevx edge will detect and block/remove (cleanup) all items.

One licence is $29.95 for a year.
Two licences are $40.15 for a year and so on.
(there is lower renewal fee which will be worked out soon)

Regarding the lifetime licence idea, I've found smaller companies offer this incentive but the larger more well-known companies might not view the incentive as worthwhile in providing needed funds (staff, development, customer service costs) for the long-term.

For example, I was able to contact a prevx support person, and within minutes I was communicating live with a staff member, who then analysed my setup, and worked away (while I watched - great job they did too) on my computer until the problem was resolved.

This kind of service is beneficial for the average joe or mum and dad who have paid for a licence and are experiencing computer problems, such as possible malicious activity.

For a high level of service, and to continue providing that service, personally, I think a yearly fee (for any program) is acceptable. :)

-{ Quote: "It sure would be nice is Edge adopted the Malwarebytes approach with MBAM; a one-time fee." }-

Two entirely different concepts in program alone,no way to compare.

The idea itself is not feesable to any company that likes housing and food. ;)

-{ Quote: "Hmm.... this is quite odd, and definitely hints of some more fundamental interaction issue. We will install the security applications you have to try and reproduce the hanging, as we have not seen it in any test.

Out of interest: do you happen to have any desktop search applications installed (other than the default Vista one)?" }-

Avafind (http://www.think-less-do-more.com/avafind/) (does not index file contents). I also have Acronis TrueImage 2009 and MSTDefrag installed.

I keep the task manager minimized to my tray so I can view cpu usage and there was no increased cpu usage during this period of unresponsiveness.

It is certanly higher,and m0re advanced anti malware progS* 0ut there!
Look towards the Dark Side...

Alpha Draconia

_.::/\@/\::._

Nice to see Prevx! I had the Prevx2 betas for a long time (until I got Vista and wanted to use UAC) and it was a great non intrusive app.
Looking forward to the Vista 64bit version.

Could someone let me know if there is any real need / benefit in raising the heuristic level from standard? If the level is raised, what impact / slowdown results?

So far, running very smoothly alongside Avira Pro and A-squared 4.

MZ

as with all, your chances are greater for FPs. I have mine set to the max becaue it is all I use and want to find any FPs so PH can fix them. With your current setup, leave it where it is.

-{ Quote: "Sorry guys if this is redundant but I need to have a few things answered if you wouldn't mind.

1. Does Edge expire? There have been posts about this here and the answer seems to have been no. But the license duration on the site says '1 year. It sure would be nice is Edge adopted the Malwarebytes approach with MBAM; a one-time fee.

2. How long is a standard scan supposed to take (roughly)? I scanned everything in 50 seconds. How can something be thorough and yet that fast? NOD32 2.x was good and fast but this is crazy fast.

Also, as a side note, Edge does pass all ATP termination attempts." }-

Hello,

1) Edge doesn't expire in the trial mode. It's a time-unlimited version which does only detect but it doesn't block infections. If you buy your Edge license, your Edge is able to detect, block and cleanup the infections. The license expires after 1 year, after that your Edge comes back to a time-unlimited trial version.

On a side note: these informations could change, because we're working on some idea about licensing scheme.

2) Prevx Edge's standard scan is a high-tuned scan that allow you to have a complete look at your pc's status usually in a less than a minute or two. Standard scan doesn't scan whole PC, but it's covering all the most important zones of the hard disk, registry, processes in an advanced cross-view so that it's able to get a complete view of the PC and it's able to get rid of all infections - if present.

About ATP, during Edge development we've investigated a lot about every way our software could have been terminated and we've implemented a number of self-defence techniques.

-{ Quote: "Could someone let me know if there is any real need / benefit in raising the heuristic level from standard? If the level is raised, what impact / slowdown results?

So far, running very smoothly alongside Avira Pro and A-squared 4.

MZ" }-

Of course raising the heuristic level will improve heuristic detection, but there are higher chances to get false positives. While during our internal tests we've not encountered any problem even with heuristic set at the maximum level, we've tuned the engine so that at standard level it's giving the better performance with a minimum number of false positives.

No, if you increase heuristic level you shouldn't get any major slowdown on your PC :)

-{ Quote: "It is certanly higher,and m0re advanced anti malware progS* 0ut there!
Look towards the Dark Side...

Alpha Draconia

_.::/\@/\::._" }-

Sure, we are always monitoring dark side :) That's our job :)

What you think of this licensing scheme: 1 year (full price ofc), 2 years (small discount), 3 years (bigger discount), Premium (much bigger discount,5 years,first acces to beta's), VIP (Lifetime license, first acces to beta's) - somethingh like this would be really cool although this is just a rough idea wich could be done better.

-{ Quote: "Sure, we are always monitoring dark side :) That's our job :)" }-

I DO hope U D0 th@t. Never forget the GREY ZIDE !

-Localhozt-


Alpha-Draconia

-{ Quote: "What you think of this licensing scheme: 1 year (full price ofc), 2 years (small discount), 3 years (bigger discount), Premium (much bigger discount,5 years,first acces to beta's), VIP (Lifetime license, first acces to beta's) - somethingh like this would be really cool although this is just a rough idea wich could be done better." }-

We'll take care of every idea you all are giving us :)

From what I know, atm some major licensing scheme changes are already scheduled.

Thank you all :)

Marco

Booted pc just now.
Edge was running last night.
Now, no.
Started Edge by doing another scan.
Enabled protection monitoring. Was told to reboot. Did.
Wound up with 2 Edges running then one went away and the remaining Edge was not monitoring. Enabled monitoring, was told to reboot.
Good bye, Edge.
Hugger

-{ Quote: "Hello,
1) Edge doesn't expire in the trial mode. It's a time-unlimited version which does only detect but it doesn't block infections. If you buy your Edge license, your Edge is able to detect, block and cleanup the infections." }-
Well thank goodness for that!!:-[

I would cry my eyes out if it deleted all my lovely malware samples.;D

Actually when you think about it, this app could be a bit too dangerous if run in paid mode and you lose all ya malware samples, eh. LOL

-{ Quote: "Hello,

About ATP, during Edge development we've investigated a lot about every way our software could have been terminated and we've implemented a number of self-defence techniques." }-

Hmm... about that. Looking through Edge's "Basic Settings", there's a self-protection option, though it's off by default and clearly says that it's optional. How does it make a difference and does Edge still have some sort of self-defence even if this option is off?

Also a little curious why "Last Scan" says 14 hours ago when I've the software set to default settings, which includes scheduler ticking "Scan automatically after bootup". Is there some threshold like ignoring this option till a number of days without scanning has passed?

Hugger, were you running it with DefenseWall and ThreatFire on? Might be some sort of conflict. One of the guys from prevx should be able to help you out.

Today, this morning when booting, Prevx Edge crashed.

Faulting application prevx.exe, version 3.0.0.172, faulting module , version 0.0.0.0, fault address 0x00000000.

Even running it again the service seems to be active but no icon in the tray.

I think Edge has bugs that make it somehow instable.

I also put in override some of the applications it detected as FP's

-{ Quote: "Booted pc just now.
Edge was running last night.
Now, no.
Started Edge by doing another scan.
Enabled protection monitoring. Was told to reboot. Did.
Wound up with 2 Edges running then one went away and the remaining Edge was not monitoring. Enabled monitoring, was told to reboot.
Good bye, Edge.
Hugger" }-

Hello,

well, as you could read, that's not a common behavior. Could you please privately contact me or PrevxHelp writing what configuration do you have on your PC and eventually security software installed?

Thank you for your support :)

-{ Quote: "Today, this morning when booting, Prevx Edge crashed.

Faulting application prevx.exe, version 3.0.0.172, faulting module , version 0.0.0.0, fault address 0x00000000.

Even running it again the service seems to be active but no icon in the tray.

I think Edge has bugs that make it somehow instable.

I also put in override some of the applications it detected as FP's" }-

Hello :)

Read my previous post :) The same for you :)

About false positives: could you please send me (or to PrevxHelp) an Edge log (if you have it before it crashed) or the samples wrongly detected?

Thank you for you support :)

-{ Quote: "Well thank goodness for that!!:-[

I would cry my eyes out if it deleted all my lovely malware samples.;D

Actually when you think about it, this app could be a bit too dangerous if run in paid mode and you lose all ya malware samples, eh. LOL" }-

;D

Well, even if it would be more than good seeing Edge removing all the samples you've (that would mean Prevx Edge is working well and is detecting everything ;D), in paid mode you can choose if automatically remove blocked files or just block them from execution :)

-{ Quote: "Hello :)

Read my previous post :) The same for you :)

About false positives: could you please send me (or to PrevxHelp) an Edge log (if you have it before it crashed) or the samples wrongly detected?

Thank you for you support :)" }-

I sent you privately the log yesterday and also the sample of the file you think is malicious to the mail address you sent me.

Meanwhile I discovered that Prevx didn't kept my overrrides and when I tried to do it again it crashed.

I also wrote here yesterday that I have NIS 2009 in a Windows XP SP3

-{ Quote: "I sent you privately the log yesterday and also the sample of the file you think is malicious to the mail address you sent me.

Meanwhile I discovered that Prevx didn't kept my overrrides and when I tried to do it again it crashed.

I also wrote here yesterday that I have NIS 2009 in a Windows XP SP3" }-

Oh sorry, I didn't see that :wacko: Maybe PrevxHelp was handling your problem?

If so, he'll be online in a bit :)

Keep in mind, with different setups, not every program will work. Might require some patience to get things to work. (eg. had problems getting programs to work with ThreatFire, but after some time, these were sorted out by developers)

***Edit - Just installed the latest firefox. Crashed on me and now refuses to load (even after killing off all processes)! :P

Forgive me if this is a stupid question, but, but could you use Prevx Edge as your only protection - eg, is is effectively an AV, AM and HIPS all in one?

-{ Quote: "Oh sorry, I didn't see that :wacko: Maybe PrevxHelp was handling your problem?

If so, he'll be online in a bit :)" }-

Sorry EraserHW didn't know that you were not inside with last posts of PrevxHelp yesterday.

I sent the PM to PrevxHelp not to you. I make some confusion with both of you guys.

-{ Quote: "Forgive me if this is a stupid question, but, but could you use Prevx Edge as your only protection - eg, is is effectively an AV, AM and HIPS all in one?" }-
At the moment in it's devolpment I would say yes as it seems to be far better than traditional blacklist AV scanners.

But I would still employ MalwareByte's Antimalware and Superantispyware as second/third opinions as on demand?

personally, im glad to finally get back to prevx without using a beta and turning off uac.

loving the new version, and finally back to my preferred setup of drweb and prevx.

Hi, Have been trying out PrevX Edge .... And I must say the detection is quite good. Esp, since most test tools are also labeled virus. Which are not are caught in realtime. Plus it caught everything my limited malware sample set, no FP till now !!!

But the best part is the low scan time and resource usage. Its almost perfect for my file servers.... almost.
I have 2 doubts in that regard:
1) If I understand correctly, Prevx uses its online community database to check if a file is malicious. But in my network, some nodes (like file servers) are isolated from internet. So is there a way to have a local db ? or any other solution ??
2) Has anyone tested this with WINE on Linux ? I want to run it on my Samba file server, but since its our backbone I don't want to risk it now. I don't have linux on me, right now at home (sad :(). So thanks to anyone who might have tested this.

Just to clarify, I have both Windows and Linux file servers.

-{ Quote: "-{ Quote: "About ATP, during Edge development we've investigated a lot about every way our software could have been terminated and we've implemented a number of self-defence techniques." }-
Hmm... about that. Looking through Edge's "Basic Settings", there's a self-protection option, though it's off by default and clearly says that it's optional. How does it make a difference and does Edge still have some sort of self-defence even if this option is off?" }-As a test, and using SSM as an example tool, I see that I can easily kill all Prevx Edge's processes & stop pxark driver, and desable it to autostarting with windows.

It doesn't make any difference if its self-protection option is switched ON or OFF.

EDIT: I am using Px Edge fully activated (with the 1-week key provided) if it can help.

i would use prevx on its own, but seeing as im such as drweb fanboi lol, and prevx states it can be used in conjunction with others, ive always used both, and while it may add a few seconds to boot, general system performance is the same. :)

Hi I am Dave and I come to admit I am a powerless software whore and the temptation of this thread and the up coming new drweb has drawn me back to the software whore club.So I kicked the linux to the curb for the time being and through on vista once again.God grant me the serenity to accept the things I can Not change and to accept the things I can, My OS and software.

-{ Quote: "As a test, and using SSM as an example tool, I see that I can easily kill all Prevx Edge's processes & stop pxark driver, and desable it to autostarting with windows.

It doesn't make any difference if its self-protection option is switched ON or OFF.

EDIT: I am using Px Edge fully activated (with the 1-week key provided) if it can help." }-

Who did u get the 1-week key?
i also wan. ;D

-{ Quote: "I sent you privately the log yesterday and also the sample of the file you think is malicious to the mail address you sent me.

Meanwhile I discovered that Prevx didn't kept my overrrides and when I tried to do it again it crashed.

I also wrote here yesterday that I have NIS 2009 in a Windows XP SP3" }-

Hello,
When you uninstall it doesn't keep your overrides, however, I did correct your false positives, so, if you scan again they shouldn't be found.

We're investigating a possible incompatibility with NIS 2009, but your crash (at offset 0x00000000) is not helpful :) Essentially says it crashes "nowhere" ;D

We're going to be working on a new version which corrects some issues - right now, please disable self protection as there is an incompatibility between it and the protection.

-{ Quote: "Hmm... about that. Looking through Edge's "Basic Settings", there's a self-protection option, though it's off by default and clearly says that it's optional. How does it make a difference and does Edge still have some sort of self-defence even if this option is off?

Also a little curious why "Last Scan" says 14 hours ago when I've the software set to default settings, which includes scheduler ticking "Scan automatically after bootup". Is there some threshold like ignoring this option till a number of days without scanning has passed?" }-

Right now, self protection has a flaw which is why we've had it disabled by default. Also, self protection can be incompatible with other AV solutions, so, we recommend not using it if you have another AV which doesn't allow you to turn off their self protection.

Scanning automatically after bootup does have a threshold and will only scan depending on a handful of metrics including system load and time of the last scan.

-{ Quote: "Avafind (http://www.think-less-do-more.com/avafind/) (does not index file contents). I also have Acronis TrueImage 2009 and MSTDefrag installed.

I keep the task manager minimized to my tray so I can view cpu usage and there was no increased cpu usage during this period of unresponsiveness." }-

Hello,
It seems that there may be an incompatibility or at least a bit of an inconsistency with these programs installed and Edge running. We will run some tests and let you know what we find :)

-{ Quote: "Thanks for the info. Since powerful HIPS for Vista are not abundant, I just wanted to know know how much of Prevx 2.0 HIPS is encapsulated in Edge 3.0." }-

All of Prevx 2's protection is implemented into Edge, however, some of the more techie features like being able to block specific behaviors are not. Edge automates a lot of the decision making to keep the user experience simple.

Hope that helps clear it up :)

I installed it on my XP SP3 machine that had PC Tools FW and Threatfire on it and upon installation, the PC restarted on it's on and all of my FW settings were lost.

-{ Quote: "Forgive me if this is a stupid question, but, but could you use Prevx Edge as your only protection - eg, is is effectively an AV, AM and HIPS all in one?" }-

Not a stupid question at all :) You can use Edge as your only protection (as it has AV/AM/HIPS/Heuristics combined) and you can also use it in a layered defense approach if you want.

Edge is compatible with all other AVs (except for minor potential glitches posted by a couple users here :)) and will work on top of them, adding extra protection.

-{ Quote: "Hi, Have been trying out PrevX Edge .... And I must say the detection is quite good. Esp, since most test tools are also labeled virus. Which are not are caught in realtime. Plus it caught everything my limited malware sample set, no FP till now !!!

But the best part is the low scan time and resource usage. Its almost perfect for my file servers.... almost.
I have 2 doubts in that regard:
1) If I understand correctly, Prevx uses its online community database to check if a file is malicious. But in my network, some nodes (like file servers) are isolated from internet. So is there a way to have a local db ? or any other solution ??
2) Has anyone tested this with WINE on Linux ? I want to run it on my Samba file server, but since its our backbone I don't want to risk it now. I don't have linux on me, right now at home (sad :(). So thanks to anyone who might have tested this.

Just to clarify, I have both Windows and Linux file servers." }-

I'm afraid your doubts may be fundamental problems.

1) It does require internet access, however, you can use CSI Enterprise which centralizes the scanning on one computer in your network. I believe that would be a better approach for you. We are working on "Edge Enterprise" but it is going to take a bit to get everything fully implemented.

2) We have not tested on WINE, but CSI may work better than Edge under WINE as Edge runs primarily from a system driver, which WINE won't emulate properly.

Please let me know if you do have problems with CSI on WINE (if you try it) as we may be able to work around them by using less of the Windows API.

-{ Quote: "I installed it on my XP SP3 machine that had PC Tools FW and Threatfire on it and upon installation, the PC restarted on it's on and all of my FW settings were lost." }-

Not quite sure what would cause firewall settings to be lost.... Edge doesn't have any firewall components and its driver doesn't integrate anywhere that a firewall would integrate.

Could you give us some more information as to what was lost?

-{ Quote: "As a test, and using SSM as an example tool, I see that I can easily kill all Prevx Edge's processes & stop pxark driver, and desable it to autostarting with windows.

It doesn't make any difference if its self-protection option is switched ON or OFF.

EDIT: I am using Px Edge fully activated (with the 1-week key provided) if it can help." }-

Hello,
SSM contains hundreds of system hooks which will most likely undo Edge's self protection when installed. Also, the self protection option is currently broken so, please wait before testing as we need to repair it ;D

-{ Quote: "I'm afraid your doubts may be fundamental problems.

1) It does require internet access, however, you can use CSI Enterprise which centralizes the scanning on one computer in your network. I believe that would be a better approach for you. We are working on "Edge Enterprise" but it is going to take a bit to get everything fully implemented.

2) We have not tested on WINE, but CSI may work better than Edge under WINE as Edge runs primarily from a system driver, which WINE won't emulate properly.

Please let me know if you do have problems with CSI on WINE (if you try it) as we may be able to work around them by using less of the Windows API." }-prevx people test wine,becarefull dont get drunk;D

congrats PrevxHelp. I see your name is now that beautiful Wilders orange.;)

I am running Prevx Edge along side Online Armour,Thus far it seems to be getting along.Question does Prevx have actual Hips or Behavior blocker in the likes of Threatfire or mamutu.I can Disable Hips in OA but then I could not run my browsers in Safer Mode.So is it redundent to have OA Hips and Prevx.

-{ Quote: "I am running Prevx Edge along side Online Armour,Thus far it seems to be getting along.Question does Prevx have actual Hips or Behavior blocker in the likes of Threatfire or mamutu.I can Disable Hips in OA but then I could not run my browsers in Safer Mode.So is it redundent to have OA Hips and Prevx." }-

I have only briefly used those products, and they do seem to have some additional functionality over what Edge provides, if you are a technical enough user to understand the prompts which they say when certain behaviors are performed.

As they are free (correct me if I'm wrong ;D), I don't see any reason why not to use them. If they do get along fine for you, it is always worth having a multi-layer security approach. I know a number of our users do use Online Armour with Edge and we have not seen any problems.

-{ Quote: "I have only briefly used those products, and they do seem to have some additional functionality over what Edge provides, if you are a technical enough user to understand the prompts which they say when certain behaviors are performed.

As they are free (correct me if I'm wrong ;D), I don't see any reason why not to use them. If they do get along fine for you, it is always worth having a multi-layer security approach. I know a number of our users do use Online Armour with Edge and we have not seen any problems." }-
Thanks for the fast response and agree the multilayer. I do not see any conflicks yet but any findings I will post back.Thanks again

hey guys, thought id try prevx edge with some new malware i have recieved recently, all types included.

these samples tested, are from aug-nov 2008, so all within the past few months, and have only just been downloaded to my system.

160 detected, 157 remaining, so roughly a 50% detection rate.

however, this is purely on the scan-alone, and none of the behaviour-based technologys have YET to be tested on the undetected samples.

if prevx wish to recieve the ones it missed (before i try the behaviour based detections), id be happy to help.

bored, so playing :)


204010

204011

204012

i do prefer this version, to my old 2.0, and currently enjoying using it.

-{ Quote: "Hugger, were you running it with DefenseWall and ThreatFire on? Might be some sort of conflict. One of the guys from prevx should be able to help you out." }-

Saraceno,
I removed TF and allowed Edge to run as trusted in DW.
Thanks for the effort.
Hugger

-{ Quote: "hey guys, thought id try prevx edge with some new malware i have recieved recently, all types included.

these samples tested, are from aug-nov 2008, so all within the past few months, and have only just been downloaded to my system.

160 detected, 157 remaining, so roughly a 50% detection rate.

however, this is purely on the scan-alone, and none of the behaviour-based technologys have YET to be tested on the undetected samples.

if prevx wish to recieve the ones it missed (before i try the behaviour based detections), id be happy to help.

bored, so playing :)


204010

204011

204012

i do prefer this version, to my old 2.0, and currently enjoying using it." }-
Nice to see the testing already,thanks good work.BTW nice acer wallpaper.

-{ Quote: "hey guys, thought id try prevx edge with some new malware i have recieved recently, all types included.

these samples tested, are from aug-nov 2008, so all within the past few months, and have only just been downloaded to my system.

160 detected, 157 remaining, so roughly a 50% detection rate.

however, this is purely on the scan-alone, and none of the behaviour-based technologys have YET to be tested on the undetected samples.

if prevx wish to recieve the ones it missed (before i try the behaviour based detections), id be happy to help.

bored, so playing :)


204010

204011

204012

i do prefer this version, to my old 2.0, and currently enjoying using it." }-

Hello :)

Yes, sure. We're interested in missed samples :) Even if our new heuristic engine is giving very positive results, it's always useful to add signatures ;)

Contact me by PM so we can talk about how you can send us samples :)

Marco

CSJ, even if you send them, please post what you find on the behavior scan. I think that people would like to know. Good work.:thumb:

The heuristics will probably nail them all. I threw quite a bit of stuff at mine when testing and it caught everything. But....you may have different stuff.

-{ Quote: "Hello,
When you uninstall it doesn't keep your overrides, however, I did correct your false positives, so, if you scan again they shouldn't be found.

We're investigating a possible incompatibility with NIS 2009, but your crash (at offset 0x00000000) is not helpful :) Essentially says it crashes "nowhere" ;D

We're going to be working on a new version which corrects some issues - right now, please disable self protection as there is an incompatibility between it and the protection." }-

Prevx is scanning again but I must say that in my PC I can't do nearly nothing while it scans.

I also lost the tray icon in last reboot.

Ok, I have it up and running, the paid version. When I download the eicar test files I can save them to disk, and also I can scan them using right click. It comes up that no malicious files have been found. I was wondering if it should have caught this or at least recognised them?

Rollers

-{ Quote: "Ok, I have it up and running, the paid version. When I download the eicar test files I can save them to disk, and also I can scan them using right click. It comes up that no malicious files have been found. I was wondering if it should have caught this or at least recognised them?

Rollers" }-

I just tried it now and it found it. Have you extracted the file from the archive? It won't scan in archives (as the files within archives are not actually threats).

You should right click on the eicar.com file itself or a folder containing it and then click Scan with Prevx Edge.

Please let me know what you find :)

-{ Quote: "Prevx is scanning again but I must say that in my PC I can't do nearly nothing while it scans.

I also lost the tray icon in last reboot." }-

This is odd, as we have had no reports of slow scans/interference from other users. Would you be willing to have one of our engineers (or myself) analyze your system remotely? The only case we've seen this happen in is when the system is infected with a rootkit at a low level - might be worth checking it out.

Please PM me if you're interested :)

-{ Quote: "
160 detected, 157 remaining, so roughly a 50% detection rate. " }-

If Marco hasn't responded yet, let me know :) I'll check them out as well :)

Since we've been discussing different trialing ideas, I thought I might as well throw mine in too.

It goes as follows: When you've installed Prevx Edge, you'll get a window saying something like this: "Welcome to Prevx Edge! *blahblahblah* You've the opportunity to activate a trial license which will last for 30 days giving you all the functionality of Edge during this period, protecting you from any threat(s) that it finds. Would you like to activate this trial license now, or later? If you choose to activate it later, you'll find the option in the "License Information" section, or be given the choice if/when Edge has caught something. Optionally you can activate your product with a full license key. Please note, though, that Edge's detection capabilities are available to you for an unlimited time."

Maybe not the best wording, but I think you get the idea. :)

The window will then also contain buttons with something like: "Activate Now", "Activate Later" and "Active Full License".

The great thing about this would be that (1) the user can choose by himself when he/she wants to take advantage of those 30 days of full functionality and (2) when Edge detects something (a threat, something through heuristics, etc.), it'll give the user the choice to activate this through the pop-up and through that way prevent the infection before it can do any harm. How it works is that nothing will proceed till the user has made the choice about the trial license in that pop-up. Either he/she accepts the offer and Edge will take care of it and function completely for 30 days from then, or he/she skips it and let the malicious content go on.



- Something like that ;) ;D

@ raven, n1

Can't see this happening.
This goes to the users advantage.
Prevx is trying to sell a product here.
They're giving the trial up front, as all others do, hoping you like it and will buy it.
Honestly, if you owned prevx, would you allow it?

Found possiable bug in the settings of the heuristics. when I adjusted the slider up or down from the recomended settings with out saving the changes it still held the settings even after reboot.perhaps its on my end not sure though.There was no need fo me to commit with save changes tab.

-{ Quote: "I just tried it now and it found it. Have you extracted the file from the archive? It won't scan in archives (as the files within archives are not actually threats).

You should right click on the eicar.com file itself or a folder containing it and then click Scan with Prevx Edge.

Please let me know what you find :)" }-

Ok thanks that explaination helps re the archives and makes sense. I tried it as you described with the plain eicar test file and it found it, cleaned and rebooted. I am used to the old style anti virus jumping on it when downloading ( http scan ) so need to adapt. I am looking to use this only with no av.
Thanks Rollers

-{ Quote: "Since we've been discussing different trialing ideas, I thought I might as well throw mine in too.

It goes as follows: When you've installed Prevx Edge, you'll get a window saying something like this: "Welcome to Prevx Edge! *blahblahblah* You've the opportunity to activate a trial license which will last for 30 days giving you all the functionality of Edge during this period, protecting you from any threat(s) that it finds. Would you like to activate this trial license now, or later? If you choose to activate it later, you'll find the option in the "License Information" section, or be given the choice if/when Edge has caught something. Optionally you can activate your product with a full license key. Please note, though, that Edge's detection capabilities are available to you for an unlimited time."

Maybe not the best wording, but I think you get the idea. :)

The window will then also contain buttons with something like: "Activate Now", "Activate Later" and "Active Full License".

The great thing about this would be that (1) the user can choose by himself when he/she wants to take advantage of those 30 days of full functionality and (2) when Edge detects something (a threat, something through heuristics, etc.), it'll give the user the choice to activate this through the pop-up and through that way prevent the infection before it can do any harm. How it works is that nothing will proceed till the user has made the choice about the trial license in that pop-up. Either he/she accepts the offer and Edge will take care of it and function completely for 30 days from then, or he/she skips it and let the malicious content go on.



- Something like that ;) ;D" }-
yeah, isnt life amazing.::)

-{ Quote: "Ok thanks that explaination helps re the archives and makes sense. I tried it as you described with the plain eicar test file and it found it, cleaned and rebooted. I am used to the old style anti virus jumping on it when downloading ( http scan ) so need to adapt. I am looking to use this only with no av.
Thanks Rollers" }-

The problem with the old antivirus approach is that it causes a very significant increase in CPU usage and slowness without really improving protection at all.

Sure, you may get warned 2-3 seconds earlier... but is that really worth the added overhead... I don't think so :) That's why we monitor memory and loading code rather than files as they're created (as they'll still just be completely dormant).

-{ Quote: "Since we've been discussing different trialing ideas, I thought I might as well throw mine in too.
" }-

We have thrown around similar ideas in the past, but it comes down to trying to make it as simple as possible.

So far, we have decided that we will go with the standard model of "scan for free" and "protect/clean for 30 days during the trial". While it isn't implemented into the products yet, we are going to be finalizing it next week and releasing it as an update, so, soon everyone will be able to test out Edge completely.

The problem with holding up the malware after it runs is that we completely sever the malware from loading immediately at the kernel level, so, we can't just "hold up" the execution - it would drag the system to a halt if too many infections were loaded at once :)

-{ Quote: "Can't see this happening.
This goes to the users advantage.
Prevx is trying to sell a product here.
They're giving the trial up front, as all others do, hoping you like it and will buy it.
Honestly, if you owned prevx, would you allow it?" }-

I can see what you're saying, but that is pretty much the only way you can show the user what the product is actually capable of. Just flagging stuff won't give you a big idea how effective it's to remove malware and the like. After those 30 days it would go back to only detection mode and the user will miss its protection. It's simply an idea of something it could be, close to it, or a variant - part of the model.

-{ Quote: "Found possiable bug in the settings of the heuristics. when I adjusted the slider up or down from the recomended settings with out saving the changes it still held the settings even after reboot.perhaps its on my end not sure though.There was no need fo me to commit with save changes tab." }-

Yes, this is true. It assumes Save Changes when you navigate out of the screen without clicking Save Changes. I'm not sure if that is actually a bug, it may be, but it could just be dependent on user preference.

In Edge, we tend to assume that if the user made the change, they want to keep it that way rather than removing it when they navigate out.

Any thoughts? :)

-{ Quote: "We have thrown around similar ideas in the past, but it comes down to trying to make it as simple as possible.

So far, we have decided that we will go with the standard model of "scan for free" and "protect/clean for 30 days during the trial". While it isn't implemented into the products yet, we are going to be finalizing it next week and releasing it as an update, so, soon everyone will be able to test out Edge completely.

The problem with holding up the malware after it runs is that we completely sever the malware from loading immediately at the kernel level, so, we can't just "hold up" the execution - it would drag the system to a halt if too many infections were loaded at once :)" }-

Yeah, I'd those complications in my mind too. ;D Good response. Well, it's still only an idea, right? Simple brainstorming. :D

-{ Quote: "Yeah, I'd those complications in my mind too. ;D Good response. Well, it's still only an idea, right? Simple brainstorming. :D" }-

I'm always up for brainstorming. It's too easy for companies to think they're always right without getting opinions from users.

If anyone has any suggestions, we always take every suggestion seriously. While it may not get added in within the next day, it will definitely be tacked onto the infamous ToDo List ;D

Looking at the screenshots at Prevx Edge's homepage, it seems a serious infection/rogue app. like XP Antivirus 2009 is not automatically blocked/removed when it's detected. ???

My understanding was that Edge is supposed to function automatically, according to descriptions and responses and especially in this case with something so serious to be as user-friendly as possible - something in terms with Norton's Auto-Protect. It's understandable that it could prompt you on some more simple adware application, but IMO not this. ::)

-{ Quote: "Looking at the screenshots at Prevx Edge's homepage, it seems a serious infection/rogue app. like XP Antivirus 2009 is not automatically blocked/removed when it's detected. ???

My understanding was that Edge is supposed to function automatically, according to descriptions and responses and especially in this case with something so serious to be as user-friendly as possible - something in terms with Norton's Auto-Protect. It's understandable that it could prompt you on some more simple adware application, but IMO not this. ::)" }-i think malware blocking only function after you register and not for trial???

-{ Quote: "Looking at the screenshots at Prevx Edge's homepage, it seems a serious infection/rogue app. like XP Antivirus 2009 is not automatically blocked/removed when it's detected. ???

My understanding was that Edge is supposed to function automatically, according to descriptions and responses and especially in this case with something so serious to be as user-friendly as possible - something in terms with Norton's Auto-Protect. It's understandable that it could prompt you on some more simple adware application, but IMO not this. ::)" }-

Edge makes the prompts very simple and straightforward. The obvious choice is to click Block, which will block the malware in the future. Before this prompt is shown, the malware is already dead and blocked and this is just an alert to tell the user that it had been trying to get in.

If the user clicks Block, in all future cases it will block the malware without requiring user interaction (if they see the same threat again).

-{ Quote: "i think malware blocking only function after you register and not for trial???" }-

No, no - not that. :D I mean with it fully functional, even if - as said - the trialing model is still being thought through. For example I get this prompt for Hotbar (even if I don't know how serious that adware infection is considered as, though definitely not as much as e.g. XP Antivirus infection).

-{ Quote: "No, no - not that. :D I mean with it fully functional, even if - as said - the trialing model is still being thought through. For example I get this prompt for Hotbar (even if I don't know how serious that adware infection is considered as, though definitely not as much as e.g. XP Antivirus infection)." }-ok i see;D ?where is that sreenshot?i want to see it.

-{ Quote: "CSJ, even if you send them, please post what you find on the behavior scan. I think that people would like to know. Good work.:thumb:" }-
160 detected on scan
157 remaining

42 files remaining after behaviour-based checks.

so, is that around 87% detection?

which, for malware from the past couple of months, isnt too bad, even better if some of the files remaining turn out to be clean.

even though my test is not professional in any way, i do like to check certain things on my machine myself, so no need to hear "this test is ****, or this test is BS", i did this for myself, and just thought id share it on here.

i'll PM the prevx guys and see what they can do, they may just turn out to be false alarms.

----

id also like to hear their opinion on best possible settings for the heuristics, ive noticed quite a few False Alarms with the settings set to 'high' or 'maximum'

----


chris.

-{ Quote: "Edge makes the prompts very simple and straightforward. The obvious choice is to click Block, which will block the malware in the future. Before this prompt is shown, the malware is already dead and blocked and this is just an alert to tell the user that it had been trying to get in.

If the user clicks Block, in all future cases it will block the malware without requiring user interaction (if they see the same threat again)." }-

Yes, have actually been testing this. ;) Actually, as a fairly advanced user, I really prefer automatic operation for things that are known and serious when it comes to security software operation. Norton being a pretty good example. ::) - And going into the basic-user's mind think this is his preference as well.

-{ Quote: "No, no - not that. :D I mean with it fully functional, even if - as said - the trialing model is still being thought through. For example I get this prompt for Hotbar (even if I don't know how serious that adware infection is considered as, though definitely not as much as e.g. XP Antivirus infection)." }-

Yes, you will still get the prompt regardless of the infection. However, the options are just Block or Options (which will lead to options to trust the infection in the future if you want it to run).

However, hiding the Trust options allows the user to see what option they should (as the only real button is Block).

(Also, if the user hits the X, it assumes they mean Block so it will block the infection.)

-{ Quote: "ok i see;D ?where is that sreenshot?i want to see it." }-

Here you go! :) http://www.prevx.com/prevxedge.asp - screenshot #2

That's good to know PrevxHelp (that trying to close will still block the threat).

With regards to that screenshot, it says in highlighted red 'malicious software infection prevented'. It also says, 'it is highly recommended that you block this threat'.

I think the red alert message gives the user clear direction as to what action to take (block). Giving further options allows you as the user to run a program which is flagged, but that you know is safe. The options also allow you to 'trust' a program 'just once'. I think that's a pretty cool feature, just like a firewall, allowing something just once to continue.

I've tried the block function and it actually removes the file altogether and places it in quarantine.

Don't get me wrong - your method is semi-automatic and a very smart approach though.

-{ Quote: "Here you go! :) http://www.prevx.com/prevxedge.asp - screenshot #2" }-i see it thanks

-{ Quote: "

I've tried the block function and it actually removes the file altogether and places it in quarantine." }-

Correct - this is actually an option which is ticked by default in Edge; if the user choose to block - quarantine it as well. ;)

-{ Quote: "160 detected on scan
157 remaining

42 files remaining after behaviour-based checks.

so, is that around 87% detection?

which, for malware from the past couple of months, isnt too bad, even better if some of the files remaining turn out to be clean.

even though my test is not professional in any way, i do like to check certain things on my machine myself, so no need to hear "this test is ****, or this test is BS", i did this for myself, and just thought id share it on here.

i'll PM the prevx guys and see what they can do, they may just turn out to be false alarms.

----

id also like to hear their opinion on best possible settings for the heuristics, ive noticed quite a few False Alarms with the settings set to 'high' or 'maximum'
" }-

I've PM'd you with an email address to send the files :) I'll check out each one individually to see if there any clean files in there.

I also tend to check out detections personally as the large AV tests are highly skewed towards detecting old malware, which is no where near as useful as detecting new malware for actual users that are looking to be protected.

Could you send me the files causing the false alarms on the higher heuristic settings? It is a bit of a hit and miss, some users experience FPs on high levels while others don't - it really depends the kind of software you use and try. If you are a frequent tester of Beta products, I'd recommend the default settings or lower. If you are a normal user that installs a new product once in a while, the high settings should be fine. If you are a grandma which rarely installs new software, you can set it to maximum without seeing any problems.

If you have any questions (and don't worry, I know you aren't a grandma ;D), please let me know :)

I think maybe my biggest concern is how this approach will work when there's lots of malware in place; many prompts for the user to answer. Quickly taking care of all the severe stuff automatically would seem to solve those things and at the same time speed up the process.

-{ Quote: "I think maybe my biggest concern is how this approach will work when there's lots of malware in place; many prompts for the user to answer. Quickly taking care of all the severe stuff automatically would seem to solve those things and at the same time speed up the process." }-

When there are multiple infections, the dialog changes into a "Multiple Infections have been identified" dialog. You can then check all of the boxes at once to block every file, or act upon each file differently to trust once/trust always/block each one individually :)

Seems like you've really thought this through - haha! ;D :) Oh well, maybe it's just me then. :D I suppose when this dialog shows up that all of the infections are ticked by default? How does it react when more and more infections are being built-up/detected in real-time?

-{ Quote: "Seems like you've really thought this through - haha! ;D :)" }-

We've seen some nightmare situations where users accidentally get DDoS'd by prompts from their AV, preventing them from doing anything at all so we needed to get a solution together for how to prevent it :)

All infections are automatically checked by default as they occur and added into the list as they come in. We've done some nice thrashing tests of it by running 5000 infections constantly for a few hours straight without having anything slip through :)

-{ Quote: "I've PM'd you with an email address to send the files :) I'll check out each one individually to see if there any clean files in there.

I also tend to check out detections personally as the large AV tests are highly skewed towards detecting old malware, which is no where near as useful as detecting new malware for actual users that are looking to be protected.

Could you send me the files causing the false alarms on the higher heuristic settings? It is a bit of a hit and miss, some users experience FPs on high levels while others don't - it really depends the kind of software you use and try. If you are a frequent tester of Beta products, I'd recommend the default settings or lower. If you are a normal user that installs a new product once in a while, the high settings should be fine. If you are a grandma which rarely installs new software, you can set it to maximum without seeing any problems.

If you have any questions (and don't worry, I know you aren't a grandma ;D), please let me know :)" }-
yep, would love to know your findings Joe.

i usually leave my settings on High btw for every software i use or trial, and never use Paranoid (max) settings.

this test is as good as all the rest in my view. Keep in mind folks, this product has only been out of beta for 3 days now. It is completely different then the current run of the mill products and very light. PrevxHelp and Eraser have made it a point that support is going to be a ongoing issue that is dealt with in a timely fashion. Another new approach.;)

There is a release I know of, due for next week, and knowing PrevxHelp, there might be two at the rate they go.

I said this earlier. Dont judge this product, or Prevx, based on the past, but from a fresh start with a whole new way of thinking, from this day forward. It will only get better.;)

Chris, I am running mine at Max on the heuristic, and med/med on the other two. Haven't had any issues doing this. I think Surun was the only one and I just added it to the overide list.

-{ Quote: "yep, would love to know your findings Joe.

i usually leave my settings on High btw for every software i use or trial, and never use Paranoid (max) settings." }-

I'm going through every sample by hand to try and see why we missed them/if they are malicious and a number of them are not malware at all (there are also 5 completely blank, 0 byte files in the test set which I sure hope can't be malicious!! ;D)

I'll get you a complete, itemized report in a little while :)

-{ Quote: "
All infections are automatically checked by default as they occur and added into the list as they come in. We've done some nice thrashing tests of it by running 5000 infections constantly for a few hours straight without having anything slip through :)" }-

5000 eh? Yep, thats more than I threw at it at one time...;D

-{ Quote: "yep, would love to know your findings Joe.

i usually leave my settings on High btw for every software i use or trial, and never use Paranoid (max) settings." }-

Ok, I finished the first pass of the undetected files and weeded out the majority of the garbage:

253, 252, 251, 250, and 249 are all 0 byte files
169/166/168 non-working sample
103 is a little less than half of a script virus
248/104/106 is an html file which downloads the malware, but not malicious by itself

223 and 228 are byte-to-byte identical, so, not exactly fair when counting :)
23_1 and 24_1 are byte-to-byte identical
60 and 85 are identical
258 and 266 are identical

After weeding these out, we're left with 141 undetected files.
I've not yet checked what these remaining files are but I'll be checking them out shortly and reporting back :)

-{ Quote: "I'm going through every sample by hand to try and see why we missed them/if they are malicious and a number of them are not malware at all (there are also 5 completely blank, 0 byte files in the test set which I sure hope can't be malicious!! ;D)

I'll get you a complete, itemized report in a little while :)" }-
yep, i aint an analyst Joe :)

i have about a half million samples from 2008, and i just took a little 'random' chunk for my own little testing, i simply dont have the time to keep sending loads of things in and checking things i know nothing about.

i dont pretend, like some people do, that they know everything and anything, thats what the experts are for :D

I do know however, that most of my samples usually turn out to be malware, due to frequent submissions to my trusty drweb. :)

i should state, these are not VX-collectors packs, each sample is downloaded individually by myself, or sent to me.

and in no way shared with the public or used maliciously. (before anyone asks :) )

its a mixture between, being curious, learning, or file submission, some could even say, a public service *lol* :D

Is 0 bytes the same as "null" bytes? Cause that's a technique that Neil at PCMag is using to create a "modified" sample of malware to see if it passes security software without any fuzz when testing them.

-{ Quote: "
After weeding these out, we're left with 141 undetected files.
I've not yet checked what these remaining files are but I'll be checking them out shortly and reporting back :)" }-
sure, do it. :thumb:

just hope its not wasting your time with junk, maybe prevx got 100% :)

-{ Quote: "yep, i aint an analyst Joe :)

i have about a half million samples from 2008, and i just took a little 'random' chunk for my own little testing, i simply dont have the time to keep sending loads of things in and checking things i know nothing about.

i dont pretend, like some people do, that they know everything and anything, thats what the experts are for :D

I do know however, that most of my samples usually turn out to be malware, due to frequent submissions to my trusty drweb. :)

i should state, these are not VX-collectors packs, each sample is downloaded individually by myself, or sent to me.

and in no way shared with the public or used maliciously. (before anyone asks :) )

its a mixture between, being curious, learning, or file submission, some could even say, a public service *lol* :D" }-

Yes - I completely understand :) Was just giving some preliminary input as to what the files appear to be. We appreciate all samples and can definitely tune our heuristics to grab these bad ones as well :)

One small thing is that these files are now "out of context", meaning, they might not be found as swiftly as other samples which are parts of live infections on user machines (We're able to find more malware because of behavior when its actually running on the machine in context alongside with other infections).

I'll let you know what we find in these samples ASAP :)