I have not yet tried any of Prevx's products but I just ran across this favorable review of Prevx 3.0:

http://www.pcmag.com/article2/0,2817,2346861,00.asp

Is Prevx 3.0 the same as Prevx Edge? I did not see any mention on Prevx's website of Prevx Edge?

At some point in the future I may give Prevx a try.

Are Prevx's products Windows 7 RC1 compatible?

Thank you.

Hi,

Prevx 3.0 is now the "flagship" offering from us.

We previously had 2 products - Prevx CSI which was malware detection and removal, with Prevx Edge being CSI plus realtime protection. These 2 products have now been combined to form Prevx 3.0.

Prevx 3.0 is fully compatible with Windows 7, and should also run happily alongside any existing security products on your PC.

You can download our free trial (http://info.prevx.com/downloadcsi.asp), which is basically time-unlimited and runs in "detection-only" mode. This means it'll sit there and inform you either via scans or realtime alerts whether it is detecting malware on your PC, but you would then require a license in order to enable the removal or protection capabilities.

Hope this helps, but if you have any other queries don't hesitate to ask :)

-{ Quote: "Hi,

You can download our free trial (http://info.prevx.com/downloadcsi.asp), which is basically time-unlimited and runs in "detection-only" mode. " }-

The Link is bad.

-{ Quote: "The Link is bad." }-

It just has a ) off the end of it :) I'll have him change it in the morning but the link is:

http://info.prevx.com/downloadcsi.asp

-{ Quote: "It just has a ) off the end of it :) I'll have him change it in the morning but the link is:

http://info.prevx.com/downloadcsi.asp" }-

Doh! Those pesky brackets ;)

That's an informative review.

A very positive review (http://www.pcmag.com/article2/0,2817,2346861,00.asp) of Prevx 3.0 has been published by PC Magazine.

I am somewhat surprised, however, at the size of the performance difference between the cloud-based approach of Prevx and that of signature-based tools in detecting threats (e.g., Prevx at 94%, Norton 360 at 92%) and in detecting keyloggers and rootkits (e.g., Prevx and Webroot both at 89%) on infected systems. On a clean system, Prevx detected 97% of malware (in contrast to 94% by Webroot, e.g.).

Nonetheless, congratulations are in order for Prevx being selected as “PCMag's new Editors Choice for antispyware.” :thumb:

When companies compete, users win. I hope that the efforts of Prevx will accelerate improvements among all anti-malware vendors.

Already posted here:

http://www.wilderssecurity.com/showthread.php?t=242152

Anyway, nice review and very good results for PREVX 3.0 :thumb:

Fax

Prevx deserves the recognition for all the effort put in to an excellent product. Good to see the article link (PDF) is now on the main prevx site. :thumb:

An excellent review for a truly excellent product! 8)

A well deserved score for Prevx! :thumb:

An excellent review, way to go guys.:thumb:

I say it again. The proof is now out there about 3.0. It is all I use on all 3 computers. There is no valid reason for 95 percent of users to even need anything else. And there are still, a few BIG surprises coming.;)

Let me add, I have not been posting here as much, and I know why. I put Prevx on and basically got away from changing my security app on a daily basis. ::)

I just now feel I have found the app that will do what I want without impacting my system. I really forgot about this stuff for a week.:blink:

Does Prevx also contain an anti-Virus or is it basically anti-Spyware, thank you.

Acadia

-{ Quote: "Does Prevx also contain an anti-Virus or is it basically anti-Spyware, thank you.

Acadia" }-

AV, AS , Anti-Malware all in one! :thumb:

TH

Let me clear something up. There isnt, nor was there ever, a catagory for anti-virus and anti-spyware. That is something that was rammed down our throats by vendors to distinquish their products over others. It also gave them an excuse to say why their product did not catch something.

There are nasties, plain and simple. And Prevx is better then Avira in my viewpoint and catching them. Right now, there aint nothing better.;)

-{ Quote: "Right now, there aint nothing better." }-
Trjam, we’re still in the early stages of the transition to cloud-based antivirus approaches, and so the small (e.g., 2% to 3%) advantage exhibited by Prevx to some competitors may not necessarily be maintained as these companies retool their products. For example, Symantec has been working on a competitive solution for about two years (see here (https://forums2.symantec.com/t5/blogs/blogarticlepage/blog-id/emerging/article-id/112)) and, by leveraging its massive installed base and substantial resources, may be able to easily close or surpass the performance difference with Prevx. Of course, Panda Security and McAfee are also emerging with their own cloud-based approaches, too, which were not compared by PC Magazine to Prevx. It will be interesting to watch these developments, and - by the end of 2009 - the competitive ranking of antivirus vendors may be quite different.

point taken, but if you look at my post about 5 or 6 up, you will see my reference to things to come. I know of 2 that are very near and both are going to close gaps I see in Prevx 3.0 and make their ability to keep you safe even stronger. You cant get to the top and stay complacent as some have. You have to keep working at improving.;)

But even if others close the gaps, I wonder if they will close the gap or struggle on areas such as being so low on resources, easy to install (less than 1MB), and easy to use.

Now THAT would be something to see: Norton and McAfee installing in less than 1MB. ;D

Acadia

One major difference I see (and support) is Prevx willingness to bet the company on their security model. Can't see McAfee or Norton telling potential users that if they won't provide access to their system data they can go use something else. But treating the users as collection and evaluation nodes communicating over the internet to the data centers and sending the results back to the users as needed sure looks like the way to get rapid agile anti-malware out to the community.

-{ Quote: "

There are nasties, plain and simple. And Prevx is better then Avira in my viewpoint and catching them. Right now, there aint nothing better.;)" }-

Any figures to support your viewpoint?

-{ Quote: "Any figures to support your viewpoint?" }-While I do respect the question, let's not even start down that road and simply stick to the thread topic regarding Prevx 3.0: PC Magazine Review Please.

Bubba

So first time trying Prevx again for a long time. I've hit a bump in the road that is quite irritating. I currently use the default installation of Stardock's Objectdock. The current strata of the minor Prevx scanning warnings means they are semi-hidden behind the dock on the desktop :P

Hmm, I didn't see that mentioned in the review. ;)

-{ Quote: "Hmm, I didn't see that mentioned in the review. ;)" }-

Nor did they mention the fact that if you download and run malware to a virtual drive with the free version, then reboot so the drive is reset, it will keep spamming you to buy the product to clean it every reboot even though the file no longer exists the in the specified directory! Tss!

Wow,PCMAG must throw a party since this must be their first review not being bashed up here....
even i don't know why? maybe it confers to liking of people here.
I have always found their reviews fair and dependab;e........
Disclaimer:I am not working for PCMag or their affiliates....

-{ Quote: "Right now, there aint nothing better." }-
"Right now" being until you change your set up again. ;)

I know the product has improved dramatically, and there are a lot of staff working at prevx, but one guy, to me, deserves a huge chunk of the credit.

And that's Joe (PrevxHelp). His assistance and overall professionalism are 10/10. His service and the product are the reason many are trialling, buying and recommending prevx. :thumb:

Note - the other staff (Eraser, Web Designer etc) are great too. :)

The product and the company that produces it are top notch. There is no BS and a lot of support is offered to customers. A big :thumb:

-{ Quote: "The product and the company that produces it are top notch. There is no BS and a lot of support is offered to customers. A big :thumb:" }-
Isnt that the whole point. Up to now, it has been Joe and Marcos along with PWD, working to present this product from its birthing. They did it in a way that was receptive to constructive feedback and made you honestly feel you had a hand in its development. Which most did.

Now the product has been tested at Malware.Com and PC Mag. Are they the cream of the crop? Who knows and who really is.:dry: But it is the start of legitimate proof that this product does what it says. And with what they have planned, it will look vastly different probaly this time next year. They approached this in a prefect way to make it a sucess. And in the end, it was a win-win situation for all.:thumb:

Indeed, the forum support is like a premium service. :)

Hello all,
Thank you very much for your kind words and continued support :) As trjam has said, we appreciate all forms of input and we honestly consider every suggestion made. We're constantly upgrading our products and introducing new technologies behind the scenes, but in a year's time, Prevx will indeed most likely not look anything like it does today because threats won't look anything like they do today. Being dynamic is how we have been able to cope with the new threats and with the changes we are currently working on, we will be able to continue to push the line further. Although the PC Magazine review only showed a small % improvement over standard AVs, that's because the sample set was extremely small just because of the constraints in resources to actually put all of the products through the tests.

I know many people have asked for third party reviews in the past, so I thought it might be useful mentioning another accreditation which we have received from the analyst group Gartner in case no one has come across it yet: http://www.prnewswire.co.uk/newsindex.shtml?/cgi/news/release?id=256969

Thank you again for all of your interest - as always, let me know if you have any questions ;D

Just so I know, where exactly is a good place to get support with my 2 issues? I'd rather not spam this thread anymore ;D

-{ Quote: "Just so I know, where exactly is a good place to get support with my 2 issues? I'd rather not spam this thread anymore ;D" }-

Feel free to message me via PM or use the "Introducing" thread, but for a quick answer: a virtual re-setting drive is a bit of a non-standard situation and it should return back to a "Secure" status if you run another scan showing that the malware is gone once the drive is reset and regarding ObjectDock - we've seen this as well and are going to make the scanning dialog movable/customizable so that you can put it somewhere else :)

-{ Quote: "Now THAT would be something to see: Norton and McAfee installing in less than 1MB. ;D

Acadia" }-

Agreed!!

-{ Quote: "Let me clear something up. There isnt, nor was there ever, a catagory for anti-virus and anti-spyware. That is something that was rammed down our throats by vendors to distinquish their products over others. It also gave them an excuse to say why their product did not catch something.

There are nasties, plain and simple. And Prevx is better then Avira in my viewpoint and catching them. Right now, there aint nothing better.;)" }-

Hi. I have run many tests on Prevx, Avira, A2, MBAM, Comodo, F-Secure, etc over the last 3-4 months.

These have been on systems with live malware infections (all malware < 3 days old, with between 4-8 live infections on the system), Live infected system tests with older malware (some of which is old and may not be in the wild) and on demand tests with samples of up to 1000 current and old malware.

My findings have been that A2 and Avira are consistantly very good at catching new malware and will probably get 99-100% of older stuff. These two are by far and away better than any other signature based AMs.

Prevx is very good at detecting new malware as well and has, on occasion, with some samples, beaten A2 and Avira by some significant margin (particuarly on live infections). This said however, ot is not as consistant as A2 and Avira. Sometimes it catches fewer nasties. Overall, Prevx seems to be getting better at catching new malware. Which is the best at catching new malware? - cant say at the moment. A2 and Avira are more reliable possible, but I think its technology like Prevx that will serve us better in the future.

Overall A2 and Avira beat Prevx and everything else - based on large samples - including some which are very old. What does this mean? I feel A2 and Avira will detect anything sent to them. Prevx only detects what is a real threat. Joe confirmed this with one of my old samples - some of the sample were exploits that dont work as MS has patched them, some were hardly malware at all - slightly risky batch files etc. Prev can tell how many times these have been seen in reality by their 5 million users - some of my zero daay samples were seen by me and one other (probably joe!) - so went missed. If these had been seeen my a few more, Prevx would have found them.

On my system, I have Prevx and Zemana. I haave run literally THOUSANDS of new malware samples on my system and none of them have ever passed Prevx and Zemana. Zemana has got everything Prevx missed.

If you were to ask me which is the single best AM at the moment - the answer would be Avira, followed by A2. The level of malware out there is going through the roof and most of it is behaving differently now so not so obvious its infected a system. My money would be on Prevx as being the best option for the future, for real world protection.

-{ Quote: "Hi. I have run many tests on Prevx, Avira, A2, MBAM, Comodo, F-Secure, etc over the last 3-4 months.

These have been on systems with live malware infections (all malware < 3 days old, with between 4-8 live infections on the system), Live infected system tests with older malware (some of which is old and may not be in the wild) and on demand tests with samples of up to 1000 current and old malware.

My findings have been that A2 and Avira are consistantly very good at catching new malware and will probably get 99-100% of older stuff. These two are by far and away better than any other signature based AMs.

Prevx is very good at detecting new malware as well and has, on occasion, with some samples, beaten A2 and Avira by some significant margin (particuarly on live infections). This said however, ot is not as consistant as A2 and Avira. Sometimes it catches fewer nasties. Overall, Prevx seems to be getting better at catching new malware. Which is the best at catching new malware? - cant say at the moment. A2 and Avira are more reliable possible, but I think its technology like Prevx that will serve us better in the future.

Overall A2 and Avira beat Prevx and everything else - based on large samples - including some which are very old. What does this mean? I feel A2 and Avira will detect anything sent to them. Prevx only detects what is a real threat. Joe confirmed this with one of my old samples - some of the sample were exploits that dont work as MS has patched them, some were hardly malware at all - slightly risky batch files etc. Prev can tell how many times these have been seen in reality by their 5 million users - some of my zero daay samples were seen by me and one other (probably joe!) - so went missed. If these had been seeen my a few more, Prevx would have found them.

On my system, I have Prevx and Zemana. I haave run literally THOUSANDS of new malware samples on my system and none of them have ever passed Prevx and Zemana. Zemana has got everything Prevx missed.

If you were to ask me which is the single best AM at the moment - the answer would be Avira, followed by A2. The level of malware out there is going through the roof and most of it is behaving differently now so not so obvious its infected a system. My money would be on Prevx as being the best option for the future, for real world protection." }-

Thanks, an informative post at last. I also think that this new "in the cloud" technology is the future, hopefully the near future, meaning that we should be able to connect to the internet anywhere. All of the infections that I have experienced in the last 3 years (more than 100, caught by Nod32 first, and Avira now) were exclusively introduced by USB flash drives plugged into my laptops when disconnected from the internet. It is true though that most computers are always connected to internet when operational.

-{ Quote: "Hope this helps, but if you have any other queries don't hesitate to ask :)" }-

OK, I'll ask.

About a month ago, I first heard of Prevx.
I have the following questions at this time.

1. How do programs get chosen for inclusion in your database?

2. How long after a program is listed as "CURRENTLY BEING REVIEWED" is a determination made as to whether the program is actually malware?

3. How do you determine whether a program is malware?

4. Do you try to contact, if known, the program's author?

-{ Quote: "OK, I'll ask.

About a month ago, I first heard of Prevx.
I have the following questions at this time.

1. How do programs get chosen for inclusion in your database?

2. How long after a program is listed as "CURRENTLY BEING REVIEWED" is a determination made as to whether the program is actually malware?

3. How do you determine whether a program is malware?

4. Do you try to contact, if known, the program's author?" }-

Hello :)
1) Our goal is to classify every file in every program. We add > 250,000 new programs a day automatically from our users.

2) The results on the filenames pages are inexact as they only come by filename. For example, there are many infections with the name "svchost.exe" but that name is also shared with the legitimate Windows component. The time it takes to certify that a program is legitimate is much longer than the time it takes to detect it as malicious (the latter is normally a matter of hours, depending on how widespread the program is).

3) We collect behavioral data using Prevx 3.0 on the user's PC which allows us to classify the program and determine its intent. If that isn't enough, we have an extensive server-side sandboxing system which determines tens of thousands of new executables every day as malicious or clean.

4) We generally will not contact the program's author because (no offense intended) the author can't be trusted :) Malware Incorporated is always looking to throw us off the trail of a new infection so we tend not to trust the companies that suspicious programs supposedly come from :) Digital signatures do help to alleviate these concerns but many suspicious programs contain nothing more than standard version data which can't be trusted.

Hope that helps!

Hi :)

I´ve got one question regarding the settings "Apply before / Apply after Age/Popularity detection".
Which one shall I choose to reach maximum protection? I´m not afraid about any false positives. All three heuristic level were set to maximum.

Thanks in advance!

Regards,
Nightwatch

-{ Quote: "Hi :)

I´ve got one question regarding the settings "Apply before / Apply after Age/Popularity detection".
Which one shall I choose to reach maximum protection? I´m not afraid about any false positives. All three heuristic level were set to maximum.

Thanks in advance!

Regards,
Nightwatch" }-

The default setting of "Apply before" improves detection. This says that regardless of the age of the file, Prevx should apply the additional heuristics. "Apply after", however, says that only relatively new files (based on the slider bars below) should have heuristics applied to them. Let me know if you want any further clarification! :)

-{ Quote: "Let me know if you want any further clarification! :)" }-
Hi!
Thanks a lot for your fast response!
I´m using Prevx 3.0 since 4 days now. It´s a very impressive and light software offering strong detection rates and excellent removal instructions. Well done!!

There´s only one thing I would like to know: Is Prevx (full version) able to detect pdf-exploits while exploiting the application?

Regards,
Nightwatch

-{ Quote: "
There´s only one thing I would like to know: Is Prevx (full version) able to detect pdf-exploits while exploiting the application?" }-

Thanks! ;D

Yes it is, however, they're constantly updating the infections and techniques but we're rolling out new technology soon behind-the-scenes which will block them easier using smarter proactive methods :)

-{ Quote: "Thanks! ;D

Yes it is, however, [...]" }-
Fine! Thanks again :) !

Keep up the good work :thumb:

Best regards,
Nightwatch

@PrevxHelp

I probably asked this question before, but it bothers me...

Does Prevx still detect malware even if your PC is Offline?
Or do you have to stay connected to the Internet to be protected?

-{ Quote: "@PrevxHelp

I probably asked this question before, but it bothers me...

Does Prevx still detect malware even if your PC is Offline?
Or do you have to stay connected to the Internet to be protected?" }-

The chance of getting infected with new threats is significantly reduced when offline, unless you install malware via manually inserting a USB key. Prevx blocks known threats (ones you've encountered before) and mutations of them but to block new threats you do need to be online... for now ;) We are adding adding functionality to block malware when offline/clean a system from a boot disk via a miniature copy of our database and we're adding functionality to heuristically block USB infections.

I never trust PCMag's reviews.
Not as comprehensive as the other comparative reviews, like AV-Comparatives.com.


@PrevxHelp

Thanks for the clarification.

-{ Quote: "We are adding adding functionality to block malware when offline/clean a system from a boot disk via a miniature copy of our database and we're adding functionality to heuristically block USB infections." }-

Will this be in the next release along with Secure Browsing/Sandboxing? :)
And how far are we away from the next release now :shifty:

Patience. Let them get it right before leaking it out.;) My question is how Marcos is going keep his promise if he cant keep it small. But seriously, it is really nice to find one light app that works and secures my surfing habits enough to not have to worry about this stuff. I really like Prevx and really encourage others to give it a shot. It is all I use, last week, this week, and next week.:blink:

The week after that is reserved for something else. ::)

-{ Quote: "The week after that is reserved for something else. ::)" }-
A wise man told me once, you can only half control a week ahead in life. After that your odds diminish.;)

We will be releasing all of the new functionality at once and it will still be some weeks until its all completed :) Sadly, we can't just press a button to make it write itself... that's later on in the roadmap ;D

Hi Joe,

Can you tell us anything? That could possible affect any decisions on getting any other security software that we might be looking at?

TIA,

TH

If you don't mind me asking, how does the scanning work? From what I understand, it needs to be connected to an online database to scan the file and new files are added to the prevx database as more prevx users come into contact with them. I'm wondering what exactly is scanned here. For example, if I have a series of photos, word documents, pdf files etc. on my computer are those uploaded to the prevex database? Or does it only scan the program that is used to open them? Lets say in a dental office, would a patients confidential information located in a word file or in some of the imaging software used be uploaded to the prevx servers? How does this work?

-{ Quote: "I really like Prevx and really encourage others to give it a shot. It is all I use, last week, this week, and next week." }-
I'm giving it a shot. I ran the initial scan with all heuristic settings on default LOW. Then MEDIUM, then HIGH, then MAXIMUM... System Status Clean each time. So my question for you, trjam, or for other users, is what level do you like to set the heuristics at?

Another question I have concerns real-time protection. I thought after reading the product comparison chart that the paid version was the only one offering real-time protection, but I see "Realtime Infection Monitoring" listed (with a green checkmark next to it) on the Status window of the free version.

-{ Quote: " I thought after reading the product comparison chart that the paid version was the only one offering real-time protection, but I see "Realtime Infection Monitoring" listed (with a green checkmark next to it) on the Status window of the free version." }-

You are correct - the free version contains monitoring which doesn't block threats but will identify them as they enter, essentially a realtime on-demand scanner and therefore, the free version also has identical system impact to the full version.

PrevxHelp

What is the answer to the question of Anth-Unit ?

I have confidential information located in a word file. Is this file uploaded to the prevx servers?

-{ Quote: "If you don't mind me asking, how does the scanning work? From what I understand, it needs to be connected to an online database to scan the file and new files are added to the prevx database as more prevx users come into contact with them. I'm wondering what exactly is scanned here. For example, if I have a series of photos, word documents, pdf files etc. on my computer are those uploaded to the prevex database? Or does it only scan the program that is used to open them? Lets say in a dental office, would a patients confidential information located in a word file or in some of the imaging software used be uploaded to the prevx servers? How does this work?" }-

Hello,
The centralized scanning focuses ONLY on programs and completely ignores documents or anything which can contain private information (those are analyzed locally). You may notice filenames of non-executable files being scanned because we still read the files to ensure they are clean and not an executable file masqueraded as a legitimate file. We only rarely upload executables and primarily are only looking at behavior of the files on the system (as uploading takes up a large amount of resources on both the client PCs and the server).

-{ Quote: "PrevxHelp

What is the answer to the question of Anth-Unit ?

I have confidential information located in a word file. Is this file uploaded to the prevx servers?" }-

Never :) (I've responded to the post now as well with a more thorough explanation).

-{ Quote: "You are correct - the free version contains monitoring which doesn't block threats but will identify them as they enter, essentially a realtime on-demand scanner and therefore, the free version also has identical system impact to the full version." }-
If you don't mind me asking would Prevx consider it ethically wrong to recommend the free version on websites?

I have another Prevx question, this one involving updating.

Basic Configuration has a box to be checked (or not) that says, "Automatically download and apply updates". Being a user who prefers manually updating over auto-updating, I unchecked that box and saved changes.

Then I went to the Settings main page and clicked on "Check for Updates". The resulting pop up dialog states, "Prevx 3.0 detection is constantly kept up to date by using the Online Prevx Community Database and it is not necessary to download new definition updates".

So my question is, if it is not necessary to download new definition updates, what is happening when a user selects the option that says, "automatically download and apply updates"?

-{ Quote: "I have another Prevx question, this one involving updating.

Basic Configuration has a box to be checked (or not) that says, "Automatically download and apply updates". Being a user who prefers manually updating over auto-updating, I unchecked that box and saved changes.

Then I went to the Settings main page and clicked on "Check for Updates". The resulting pop up dialog states, "Prevx 3.0 detection is constantly kept up to date by using the Online Prevx Community Database and it is not necessary to download new definition updates".

So my question is, if it is not necessary to download new definition updates, what is happening when a user selects the option that says, "automatically download and apply updates"?" }-

This box applies to software updates (bug fixes, new engine technology, etc.) - you can uncheck it to prevent new software updates from being installed but this is generally not recommended. Prevx fundamentally doesn't require non-software updates to be downloaded as they are always up-to-date via the centralized database.

-{ Quote: "If you don't mind me asking would Prevx consider it ethically wrong to recommend the free version on websites?" }-

No we wouldn't :)

-{ Quote: "This box applies to software updates (bug fixes, new engine technology, etc.) - you can uncheck it to prevent new software updates from being installed but this is generally not recommended. Prevx fundamentally doesn't require non-software updates to be downloaded as they are always up-to-date via the centralized database." }-
Then what is the purpose of the "Check for Updates" link in the lower right area of the main GUI?

-{ Quote: "Then what is the purpose of the "Check for Updates" link in the lower right area of the main GUI?" }-

If the user disables automatic updates it would be impossible to get a new update without the link. And additionally, automatic updates are only checked once per day so anxious users can click the button :)

-{ Quote: "If the user disables automatic updates it would be impossible to get a new update without the link. And additionally, automatic updates are only checked once per day so anxious users can click the button :)" }-
In my opinion, the two are a bit contradictory. When I click on "Check updates" and see, "Prevx 3.0 detection is constantly kept up to date by using the Online Prevx Community Database and it is not necessary to download new definition updates", I'm confused. Maybe it's just me... certainly it wouldn't be the first time! :)

So if I'm hearing you right, the manual updating message I am seeing is only appearing because there are no updates to be had? If I leave auto updating disabled and keep checking manually, eventually I'll receive updates?

If that is the case, I would recommend a message that says no updates are available.

-{ Quote: "
So if I'm hearing you right, the manual updating message I am seeing is only appearing because there are no updates to be had? If I leave auto updating disabled and keep checking manually, eventually I'll receive updates?

If that is the case, I would recommend a message that says no updates are available." }-

Yes, this is true... and we do have this message :)

"You are currently using the newest Prevx 3.0 software.

Prevx 3.0 detection is constantly kept up to date by using the Online Prevx Community Database and it is not necessary to download new definition updates"

-{ Quote: "Yes, this is true... and we do have this message :)

"You are currently using the newest Prevx 3.0 software.

Prevx 3.0 detection is constantly kept up to date by using the Online Prevx Community Database and it is not necessary to download new definition updates"" }-
Okay, I understand now. I was focusing too much on the second part of the message and disregarding the first part. Thanks for the assistance with that. ;)

-{ Quote: "We will be releasing all of the new functionality at once and it will still be some weeks until its all completed :) Sadly, we can't just press a button to make it write itself... that's later on in the roadmap ;D" }-

Actually... it's very probable that because COMODO DID release versions packed with all new features at once, it became a bugging ***. I'm just not sure this is the smartest move to make. :o We all know how different security software and maybe also regular software works on different systems. :-\

-{ Quote: "Actually... it's very probable that because COMODO DID release versions packed with all new features at once, it became a bugging ***. I'm just not sure this is the smartest move to make. :o We all know how different security software and maybe also regular software works on different systems. :-\" }-

The difference between the features we're adding and the features other vendors have added in bulk is that all of ours are interrelated - i.e. the secure browser functionality is built directly on top of the new behavior monitoring engine which is built on top of the current protection engine. There won't be any additional system impact (most likely less impact actually) but stability and ease of use are always our top concern :)

-{ Quote: "So PrevX are releasing a Behaviour Blocker component? Sounds interesting!" }-

Not necessarily a conventional behavior blocker but a new way of analyzing and collecting behaviors which allows us to see more data without more overhead :)

Good day,

I just started using the free scanner. I have several questions:
1) If prevx 3.0 does detect a malware during on-demand scan and also during real time scanning, do I have to be present every second during the scan(since it takes over 10mins to scan in my PC) to know it detected a malware or will it let you know of this after the scan(would be better if it did)-like having a pop-up stay their until you close it since you can't be in front of the PC all the time.

2) Also many say that the scan is from 1-2 mins only but in my PC it takes 10+mins- is this speed dependent on the speed of the Processor?(mine is a slow and old Duron 750)

3) If offline, will the real time scanner detect malware? or is it still operating in the background, and if it is, is it still useful?

-{ Quote: "Good day,

I just started using the free scanner. I have several questions:
1) If prevx 3.0 does detect a malware during on-demand scan and also during real time scanning, do I have to be present every second during the scan(since it takes over 10mins to scan in my PC) to know it detected a malware or will it let you know of this after the scan(would be better if it did)-like having a pop-up stay their until you close it since you can't be in front of the PC all the time.
" }-

The scan results will show up at the end with the warning and detections so you don't have to be sitting there to answer the responses.

-{ Quote: "2) Also many say that the scan is from 1-2 mins only but in my PC it takes 10+mins- is this speed dependent on the speed of the Processor?(mine is a slow and old Duron 750)" }-

It can be dependent on the processor or on the harddisk. I've sent you a PM with my email address to send a scan log to so that I can see if there is anything we can do to optimize the connection as 10 minutes is indeed extremely slow relative to the rest of our users (the system I'm writing this on takes 9 seconds to scan :-\ )

-{ Quote: "3) If offline, will the real time scanner detect malware? or is it still operating in the background, and if it is, is it still useful?" }-

It is still useful - it will protect you against any threats you have encountered in the past and will continue monitoring and collecting behaviors to analyze when the system re-connects. We are going to be adding more offline protection as well, but currently all of the new protection exists in the "cloud".

-{ Quote: "Good day,

Also many say that the scan is from 1-2 mins only but in my PC it takes 10+mins- is this speed dependent on the speed of the Processor?(mine is a slow and old Duron 750)
" }-



-{ Quote: "

It can be dependent on the processor or on the harddisk. I've sent you a PM with my email address to send a scan log to so that I can see if there is anything we can do to optimize the connection as 10 minutes is indeed extremely slow relative to the rest of our users (the system I'm writing this on takes 9 seconds to scan :-\ )

" }-

My rig takes 44 seconds to scan, but I can live with that ;) ;D

This is an "automatic scan" or scan by pushing the button "scan my pc now" on the status screen.

However, when I do a manual scan: advanced scan > custom scan and select my 3 partitions, it takes about 20 minutes to scan my rig.

What is the difference between these 2 scans ? Both are scanning "my pc".

-{ Quote: "My rig takes 44 seconds to scan, but I can live with that ;) ;D" }-

Oh noes - that's a disaster! :o ;D

-{ Quote: "My rig takes 44 seconds to scan, but I can live with that ;) ;D

This is an "automatic scan" or scan by pushing the button "scan my pc now" on the status screen.

However, when I do a manual scan: advanced scan > custom scan and select my 3 partitions, it takes about 20 minutes to scan my rig.

What is the difference between these 2 scans ? Both are scanning "my pc"." }-

The advanced/full scan looks through <every> file on the system, so it will scan programs which are inactive in subfolders on the disk. However, these files can't actually infect your computer so it is largely unnecessary to scan them at all. We look for programs which are loaded in the system, programs which are referenced by the registry, programs in system folders, and anything that may be hidden by a rootkit in memory/registry/on disk.

The full scan feature was implemented because of a large number of requests from users who are used to using conventional AVs which have to scan through the entire system. Our approach allows us to look for real threats rather than files sitting idle that aren't harmful :)

-{ Quote: "The advanced/full scan looks through <every> file on the system, so it will scan programs which are inactive in subfolders on the disk. However, these files can't actually infect your computer so it is largely unnecessary to scan them at all. We look for programs which are loaded in the system, programs which are referenced by the registry, programs in system folders, and anything that may be hidden by a rootkit in memory/registry/on disk.

The full scan feature was implemented because of a large number of requests from users who are used to using conventional AVs which have to scan through the entire system. Our approach allows us to look for real threats rather than files sitting idle that aren't harmful :)" }-

Do I understand this correctly? It is possible that there can be a "nasty" in a program as long as this program is inactive. If this program becomes active Prevx comes to the rescue.

-{ Quote: "Do I understand this correctly? It is possible that there can be a "nasty" in a program as long as this program is inactive. If this program becomes active Prevx comes to the rescue." }-

Correct - scanning files on-demand with Prevx won't really see what Prevx would block, and in many cases, if you have a folder like C:\backup\somefiles\fileswhicharentactive\, Prevx wouldn't scan it unless something actually tried to run from there or if something was registered to run from there.

Prevx will protect you when something actually tries to attack your system :)

Thanks PrevxHelp for the response. Somehow I got a feeling your product is a great one and even gonna get better in the future thats why I'm gonna give it my trust and try it out.:thumb:

However, what do you mean by this:
Originally Posted by PrevxHelp

[I]It can be dependent on the processor or on the harddisk. I've sent you a PM with my email address to send a scan log to so that I can see if there is anything we can do to optimize the connection as 10 minutes is indeed extremely slow relative to the rest of our users (the system I'm writing this on takes 9 seconds to scan )

Where did u send the PM?(sorry but I don't get what PM means)and how do I make a scan log?

You know 10 mins is just great enough for me. If I can wait for AVG to scan for more than 3 hrs how much more can I wait for Prevx to scan for 10 mins?;D

-{ Quote: "Thanks PrevxHelp for the response. Somehow I got a feeling your product is a great one and even gonna get better in the future thats why I'm gonna give it my trust and try it out.:thumb: " }-

Great ;D As always, let me know if you need anything :)

-{ Quote: "Where did u send the PM?(sorry but I don't get what PM means)and how do I make a scan log?" }-

You can view your Private Messages by clicking "Private Messages" in the top right corner of the Wilders website:

"Welcome, PrevxHelp.
You last visited: Today at 04:13 AM
Private Messages:"

From there, you should see a new message from me with more detailed instructions on how to get a scan log to me. Let me know if you find them!

Well after reading all this I took the plunge and installed Prevx 3 on my Vista x64 pc. Later this afternoon I bought a one year license for the full version and along with a few on demand scanners I already had installed I'm happy to use this as my everyday realtime security app.

Very impressed to say the least. Keep up the good work. :thumb:

-{ Quote: "Hello :)
1) Our goal is to classify every file in every program. We add > 250,000 new programs a day automatically from our users." }-

What is the turnaround time for analyzing such programs?
You sure must employ a lot of elves to do this analysis.

-{ Quote: "Hello :)2) The results on the filenames pages are inexact as they only come by filename. For example, there are many infections with the name "svchost.exe" but that name is also shared with the legitimate Windows component. The time it takes to certify that a program is legitimate is much longer than the time it takes to detect it as malicious (the latter is normally a matter of hours, depending on how widespread the program is)." }-

Well, I've seen pages with very erroneous statements about some software.
Your elves need help.

-{ Quote: "Hello :)3) We collect behavioral data using Prevx 3.0 on the user's PC which allows us to classify the program and determine its intent. If that isn't enough, we have an extensive server-side sandboxing system which determines tens of thousands of new executables every day as malicious or clean." }-

A sandbox just protects your production systems,but I do not see how it can detect truely malicious files that, say, plop an innocuous looking file that will later do a misdeed.

-{ Quote: "Hello :)4) We generally will not contact the program's author because (no offense intended) the author can't be trusted :) Malware Incorporated is always looking to throw us off the trail of a new infection so we tend not to trust the companies that suspicious programs supposedly come from :) Digital signatures do help to alleviate these concerns but many suspicious programs contain nothing more than standard version data which can't be trusted." }-

Well, the reason I posted here is that a month or so ago, I found 3 of my own programs listed, with very incorrect info about at least 2 of them.

I contacted you folkes, in April 2009, and the programs were whitelisted in a few hours, tho I have not yet verified this.

However, I was displeased with the lack of co-operation in one case.
Although the program was whitelisted, your old write-up stated that the program had been found with all numeric names at particlar web sites.

I offerred to download those files to determine whether the files were legit, so I asked for the URLs. I got no co-operation.

-{ Quote: "What is the turnaround time for analyzing such programs?
You sure must employ a lot of elves to do this analysis.
" }-

We generally determine about 30,000 new programs as malicious every day and > 50,000 as good every day. The rest take a bit longer as we may not have enough data about them.

-{ Quote: "
Well, I've seen pages with very erroneous statements about some software.
Your elves need help." }-

Filename is not a reliable way of finding out information on a program, however, it is the only way that the average user can understand. For example, http://www.prevx.com/filenames/X637823902852059119-X1/SVCHOST.EXE.html - obviously all instances of svchost.exe are not malicious, but there are quite a lot that are.

-{ Quote: "
A sandbox just protects your production systems,but I do not see how it can detect truely malicious files that, say, plop an innocuous looking file that will later do a misdeed." }-

The other application of a sandbox which we are using online is to analyze every behavior coming from the program and then cataloging/generating reports. Examples of these are CWSandbox, ThreatExpert, etc.

-{ Quote: "
Well, the reason I posted here is that a month or so ago, I found 3 of my own programs listed, with very incorrect info about at least 2 of them.

I contacted you folkes, in April 2009, and the programs were whitelisted in a few hours, tho I have not yet verified this.

However, I was displeased with the lack of co-operation in one case.
Although the program was whitelisted, your old write-up stated that the program had been found with all numeric names at particlar web sites." }-

If you could let me know (via PM or here) what program is still being detected, I will check through our database to see why this is happening.

-{ Quote: "I offerred to download those files to determine whether the files were legit, so I asked for the URLs. I got no co-operation." }-

We don't store the URLs in our database (for privacy reasons) so that may be why we couldn't help you get them. However, feel free to send anything you think is miscategorized to me and I'll be glad to check them out :)

-{ Quote: "We generally determine about 30,000 new programs as malicious every day and > 50,000 as good every day. The rest take a bit longer as we may not have enough data about them.

Filename is not a reliable way of finding out information on a program, however, it is the only way that the average user can understand. For example, http://www.prevx.com/filenames/X637823902852059119-X1/SVCHOST.EXE.html - obviously all instances of svchost.exe are not malicious, but there are quite a lot that are.

The other application of a sandbox which we are using online is to analyze every behavior coming from the program and then cataloging/generating reports. Examples of these are CWSandbox, ThreatExpert, etc.

If you could let me know (via PM or here) what program is still being detected, I will check through our database to see why this is happening." }-

On 18 April 2009, I sent the following to Prevx:

-{ Quote: "I found http://www.prevx.com/filenames/X3235369367988457600-X1/PAGEFILEUSAGEMONITOR.EXE.html today.

I am the author of PagefileUsageMonitor.

It appears that all 3 versions you list, based on the file size, correspond to my versions 1.2.0.0, 1.2.0.4, and 2.0.0.3.
I have never released the file with a name other than PageFileUsageMonitor.exe, so the names 34841129.exe and 29188224.exe may be suspect.

If you tell the URLs for downloading those files, I can compare to the original to determine validity." }-

-{ Quote: "On 18 April 2009, I sent the following to Prevx:" }-

There are many possible causes for this - for instance, a file infector modifying legitimate software could cause warnings and if we see any infected files, we can't mark the entire filename as "known good" being that we would have seen an infection using that name.

The filename page which you've pasted shows that we aren't actually generating a false positive on any of the files so your users shouldn't have any problems with the files. Determining a filename as "always good" is near-impossible to do so we tend to err on the side of saying: "Currently being reviewed" as no software can ever be defined as 100% good :)

Good day,
I'm sorry if I'm adding to this 'thread', I should be posting in a dedicated prevx forum but I can't seem to find it in google(is there a dedicated prevx forum?), so joe I'll just ask it here:

Just last night(about 12 hrs ago) I did an on demand scan using another security product and it caught Trojan.Agent(C:\install.exe). The on access protection AV did not detect this and prevx also did not detect it in real time and on demand-I scanned twice(both scans still 10mins+). I'm really surprised at having this infection cause I don't visit the internet frequently and when I do I usually go to a limited number of sites. Is Trojan.Agent not in your database? and is it possible for me to send you this Trojan.Agent to be added to your database so it could be detected next time? The other product is MBAM.

-{ Quote: "Good day,
I'm sorry if I'm adding to this 'thread', I should be posting in a dedicated prevx forum but I can't seem to find it in google(is there a dedicated prevx forum?), so joe I'll just ask it here:

Just last night(about 12 hrs ago) I did an on demand scan using another security product and it caught Trojan.Agent(C:\install.exe). The on access protection AV did not detect this and prevx also did not detect it in real time and on demand-I scanned twice(both scans still 10mins+). I'm really surprised at having this infection cause I don't visit the internet frequently and when I do I usually go to a limited number of sites. Is Trojan.Agent not in your database? and is it possible for me to send you this Trojan.Agent to be added to your database so it could be detected next time? The other product is MBAM." }-

No product detects 100% of threats, and there are thousands of Trojan.Agent infections but I can see what we missed if you send me a scan log to the address I've PM'd you :)

Also note that some free security products heavily use filename based detections so if you save a file to c:\install.exe, it will get detected, so we may indeed have not actually missed anything and it is just a false positive from the other product.

Hello,
I've checked out the c:\install.exe file and it is indeed legitimate - a component of a Microsoft installer :)

What do u mean legitimate? What should I do? Did I do something wrong by placing it in quarantine?

-{ Quote: "What do u mean legitimate? What should I do? Did I do something wrong by placing it in quarantine?" }-

Yes, the file is not malicious - it was a FP from MBAM and is not a missed detection from Prevx. The file is just a temporary file used by installations, however, so removing it probably won't damage anything.

-{ Quote: "There are many possible causes for this - for instance, a file infector modifying legitimate software could cause warnings and if we see any infected files, we can't mark the entire filename as "known good" being that we would have seen an infection using that name.

The filename page which you've pasted shows that we aren't actually generating a false positive on any of the files so your users shouldn't have any problems with the files. Determining a filename as "always good" is near-impossible to do so we tend to err on the side of saying: "Currently being reviewed" as no software can ever be defined as 100% good :)" }-

That does not answer my question.

I was told that PageFileUsageMonitor was whitelisted on 20 April 2009:

-{ Quote: "Apr 20, 2009 16:59
Subject : RE:PageFileUsageMonitor
Hi
This has now been whitelisted.
Regards
Prevx Support
" }-

I then followed up with:

-{ Quote: "Apr 20, 2009 17:38
Subject : RE:PageFileUsageMonitor

Thanx.
There stil needs to be concern about the files 34841129.exe and 29188224.exe, as I have never released files
with those names.
At what URLs did you find those files?
Also, I am the author of CompareDriveUsingFileContent.exe, which is at htp://www.standards.com
/index.html?CompareDrives.
And, ChangeFileTimes.exe, which is at htp://www.standards.com/index.html?ChangeFileTimes. In particular, the
program does not have system tray popups, and messages are issued when the user does something wrong.
Security warnings would get issued if the user tries to change the times on a file for which they have no axxess
rights. " }-


And, on 21 April, I received the following:

-{ Quote: "Apr 21, 2009 10:14
Subject : RE:PageFileUsageMonitor
Hi
We use our community for the mojority of file information, so it has been seen on someone's computer with a different
name. That does not necessarily mean that they are bad.
I have also whitelisted al of your software.
Regards
Prevx Support" }-

It would have made your task easier, if you folkes had sent me the URLs for, at least the misnamed files, so I could tell you whether they matched any released versions.

Searching in Google, I find a number of web sites that offer obsolete versions of the program.As a result, I put the following at PageFileUsageMonitor (http://www.standards.com/index.html?PageFileUsageMonitor):

-{ Quote: "It has come to my attention that a number of web sites around this planet have copied various versions of PageFileUsageMonitor to their own web sites. Only the latest version should be used, and you can only be assured of getting the latest version by downloading from this web page.
In addition, at least two of those files have all numeric names, which makes them suspect as I have never released such filenames.." }-

-{ Quote: "
It would have made your task easier, if you folkes had sent me the URLs for, at least the misnamed files, so I could tell you whether they matched any released versions." }-

We don't have/store the URLs where programs originate from so it would be impossible for us to provide this information for you. The other filenames could be from a backup program or system imaging utility which renames files, not necessarily that they are hosted somewhere with different filenames.

-{ Quote: "We don't have/store the URLs where programs originate from so it would be impossible for us to provide this information for you. The other filenames could be from a backup program or system imaging utility which renames files, not necessarily that they are hosted somewhere with different filenames." }-

Well, then how do you distinguish among identically named files from different sources?

As you say, files such as svchost.exe exist in both legit and malicious forms.

Indeed, I just had two instances of a particular file flagged by KIS 2009, but not the versions in the system directories. The flagged files are apparently older versions that live in install directories, but are not actually used in real-time, as the system directories have more recent versions with the potential problems fixed.

In effect, to distinguish between both categories, software has to act as a real-time AV scanner, not only list as yet uninvestigated programs as potential malware.

Does Prevx act as a real-time virus scanner?

-{ Quote: "Well, then how do you distinguish among identically named files from different sources?

As you say, files such as svchost.exe exist in both legit and malicious forms.

Indeed, I just had two instances of a particular file flagged by KIS 2009, but not the versions in the system directories. The flagged files are apparently older versions that live in install directories, but are not actually used in real-time, as the system directories have more recent versions with the potential problems fixed.

In effect, to distinguish between both categories, software has to act as a real-time AV scanner, not only list as yet uninvestigated programs as potential malware.

Does Prevx act as a real-time virus scanner?" }-

Yes, Prevx is a realtime virus/malware scanner. We don't take the filename into account when we are building signatures - the filename is just stored for the filenames pages which you'll find from Google. We look at the underlying data behind the file rather than the name (which is almost always completely unreliable, as just demonstrated by tigerfish0303 who had a FP from another product on a file named C:\install.exe).

When a user is looking for information about a program they have, they search for the filename which brings up a page from us which queries our database about the determination over programs with that filename - not determinations against the filename itself.

Great many thanks, keep up the good work, it will payoff in the near future.;) By the way, is there no dedicated forum for prevx or is this it?

-{ Quote: "Great many thanks, keep up the good work, it will payoff in the near future.;) By the way, is there no dedicated forum for prevx or is this it?" }-

We did have a dedicated forum at Castlecops but they closed and we haven't opened a new one yet because Wilders seems to be the mecca of the techie world ;D