PDA

View Full Version : Future Changes to Prevx

Pages : [1] 2

Triple Helix
June 13th, 2009, 06:14 PM
The aim of this thread is to give feedback to Prevx as to changes we would like to see in future upgrades of Prevx.

TH

Habakuck
June 14th, 2009, 04:03 AM
1) The "Save Scan Result" does not work fine if the SelfProtection Setting is at Maximum. I would not like to see that behavior in the next upgade
OS is Vista HP SP2.

2) I would like to have a real behavior monitor/blocker implementet in the next upgrade. (PrevX installs a file system filter, a Process Creation Notification callback and a handful of hooks to prevent processmanipulatation. But i cant see a real BehaviorBlocker. So in fact PrevX is a very powerfull Cloud based AntiVirus Produkt but it does not prevent the user from beeing owend by a Targetted Attack. That could be better.. ;) )

markusg
June 14th, 2009, 11:50 AM
1. keyboard suport :-)
2. multilangual. German would be nice :-)

PrevxHelp
June 14th, 2009, 12:12 PM
-{ Quote: " 1) The "Save Scan Result" does not work fine if the SelfProtection Setting is at Maximum. I would not like to see that behavior in the next upgade
OS is Vista HP SP2." }-

This will be fixed ASAP :)

-{ Quote: " So in fact PrevX is a very powerfull Cloud based AntiVirus Produkt but it does not prevent the user from beeing owend by a Targetted Attack. That could be better.. ;) )" }-

Although Prevx may not look like it hooks much in the system, we gather more then enough data (you can't see a majority of the analysis which exists server-side and you also can't easily see the protection which is loaded on the fly as suspicious programs run ;))

Targeted attacks are even easier to protect against - our community view can see how popular a program is so if a program is trying to enter your system which is a targeted attack (i.e. - only seen by your system across the entire community), it can be immediately blocked by Age/Spread heuristics (Settings > Heuristic Settings).

Habakuck
June 14th, 2009, 12:24 PM
-{ Quote: "This will be fixed ASAP :)" }- Ok. :)

-{ Quote: "Although Prevx may not look like it hooks much in the system, we gather more then enough data (you can't see a majority of the analysis which exists server-side and you also can't easily see the protection which is loaded on the fly as suspicious programs run ;))" }- That's too easy Joe.. ;)
So how do you analyse the file at the server? Only a checksum is submitted to the server so how should the server analyse the behavior of the file?
And how can the PrevX Client analyse the behavior of a file without having an emulator included?

-{ Quote: "Targeted attacks are even easier to protect against - our community view can see how popular a program is so if a program is trying to enter your system which is a targeted attack (i.e. - only seen by your system across the entire community), it can be immediately blocked by Age/Spread heuristics (Settings > Heuristic Settings)." }-
Witch Settings are necessary for that detection? Cause a friend of mine wrote a test malware sample an tested it on his maschine. The file was not detected!
About 5min later he again tried to execute that test file. Now it was detected by the cloud. He tested that with several samples.
Settings were at default. So where is the zero-day/first seen proactive protection?

my best regards

PS: -{ Quote: "2. multilangual. German would be nice :-)" }- Yes! German would be very nice! :)

PrevxHelp
June 14th, 2009, 12:37 PM
-{ Quote: "
So how do you analyse the file at the server? Only a checksum is submitted to the server so how should the server analyse the behavior of the file?
And how can the PrevX Client analyse the behavior of a file without having an emulator included?" }-

The server does not only receive a checksum - it receives a large amount of data about the program itself and we obviously can't go into full detail of our technology as to how the client/server is able to analyze the file ;)

-{ Quote: "Witch Settings are necessary for that detection? Cause a friend of mine wrote a test malware sample an tested it on his maschine. The file was not detected!
About 5min later he again tried to execute that test file. Now it was detected by the cloud. He tested that with several samples.
Settings were at default. So where is the zero-day/first seen proactive protection?" }-

You can increase the settings to Maximum in the Settings > Heuristic Settings page which will block programs as you've described. The default settings are strong enough for virtually all real-world threats, however, but Maximum makes it nearly into an "Anti-Executable"/whitelisting protection system.

Habakuck
June 14th, 2009, 12:54 PM
-{ Quote: "The server does not only receive a checksum - it receives a large amount of data about the program itself and we obviously can't go into full detail of our technology as to how the client/server is able to analyze the file ;)
" }-
Ok no problem about that. I trust your statements.

-{ Quote: "You can increase the settings to Maximum in the Settings > Heuristic Settings page which will block programs as you've described. The default settings are strong enough for virtually all real-world threats, however, but Maximum makes it nearly into an "Anti-Executable"/whitelisting protection system." }-
That is no problem for me cause i will use PrevX with highest settings.
So Prevx with increased settings will definitely protect me against Targeted attacks?
Every AV product has gabs in its protection and i just want to know where Prevx's gaps are....

PrevxHelp
June 14th, 2009, 12:56 PM
-{ Quote: "
That is no problem for me cause i will use PrevX with highest settings.
So Prevx with highest settings will definetly protect me against Targeted attacks?
Every AV product has gabs in its protection and i just want to know where Prevx gaps are...." }-

Yes, it will tend to produce more FPs as well (just because it is conceptually blocking untrusted programs) but it will block any targeted attacks. You mentioned something about writing software - if you are a software developer, you're going to want to add your build directories to the ignore list in Prevx - otherwise we may get quite annoying for your testing ;D

Habakuck
June 14th, 2009, 01:07 PM
Many thanks for the detailed reply on this sunny sunday!

Do you have no real weekend? =)

-{ Quote: "you're going to want to add your build directories to the ignore list in Prevx - otherwise we may get quite annoying for your testing" }- ^^ i will definitely do so... :argh:

raven211
June 14th, 2009, 01:11 PM
Faster processing of data as full-screen detection is already on the list. I know that you've already mentioned the Age/Spread heuristics are being improved, so... ;)

Don't remember... would the full-screen detection be default, or is there a really good reason not to?

scmp
June 14th, 2009, 01:36 PM
Hello,

I'm a Systems Engineer working for a nationwide (US) IT consulting company and several months ago I ran across your product. Now, I'm recommending PrevX left and right even against my company's policy (those in charge of selecting technologies that will be recommended to our clients and supported by us, are still stuck on the usual bloatware - Symantec, Trend Micro, McAfee, etc). Luckily I have room for decision when my direct accounts are concerned and they will not see any trace of Symantec "security" products on their computers. If I need to clean an infected workstation, I give them the option to either pay us for several hours to clean it or maybe rebuild it or pay $29.95 for a 1 year PrevX license and have their computer cleaned in minutes. That being said, sometimes it is difficult to implement and manage PrevX at certain clients. The agent-server model needs to go away since most businesses have remote users that rarely come back to the corporate network to update the AV client and report back to the server. Here the cloud model works perfectly, and in the PrevX case the MyPrevX console is more than enough to check on overall status. What is missing though is a more granular control on deployed agents, mainly whitelisting. If I roll out PrevX to 50 computers and something generates a false positive on all of them, I have quite a situation to deal with. But, if I could whitelist it from MyPrevX, then I wouldn't have to worry about much. Deploying the agent directly from MyPrevX and licensing it at the same time would also be a good feature to have. So, I want to congratulate you for this great product and submit my wish list: 1. Granular agent control from MyPrevX 2. Possibility of deploying it from MyPrevX, already tied to the license. Cheers PrevxHelp June 14th, 2009, 01:47 PM -{ Quote: "Hello, I'm a Systems Engineer working for a nationwide (US) IT consulting company and several months ago I ran across your product. Now, I'm recommending PrevX left and right even against my company's policy (those in charge of selecting technologies that will be recommended to our clients and supported by us, are still stuck on the usual bloatware - Symantec, Trend Micro, McAfee, etc). Luckily I have room for decision when my direct accounts are concerned and they will not see any trace of Symantec "security" products on their computers. If I need to clean an infected workstation, I give them the option to either pay us for several hours to clean it or maybe rebuild it or pay$29.95 for a 1 year PrevX license and have their computer cleaned in minutes.

That being said, sometimes it is difficult to implement and manage PrevX at certain clients. The agent-server model needs to go away since most businesses have remote users that rarely come back to the corporate network to update the AV client and report back to the server. Here the cloud model works perfectly, and in the PrevX case the MyPrevX console is more than enough to check on overall status. What is missing though is a more granular control on deployed agents, mainly whitelisting. If I roll out PrevX to 50 computers and something generates a false positive on all of them, I have quite a situation to deal with. But, if I could whitelist it from MyPrevX, then I wouldn't have to worry about much. Deploying the agent directly from MyPrevX and licensing it at the same time would also be a good feature to have.

So, I want to congratulate you for this great product and submit my wish list:

1. Granular agent control from MyPrevX
2. Possibility of deploying it from MyPrevX, already tied to the license.

Cheers" }-

Hello,
We completely agree with your suggestions and I will forward them onto the MyPrevx development team. We have planned on adding the ability to put overrides in place in MyPrevx as this is definitely a very powerful tool.

One feature which is not self-evident is the ability to run a silent installation/scan/report to MyPrevx if the installer executable is named with the license key as the filename. I'm not sure if this will help with all of your clients, but if they name the installer exe, for example: 12345678-1234-1234-1234-123456789123.exe, it would then automatically use that license key and report into MyPrevx with the associated scan results.

We will work on automating this process, however, to try and make the deployment/usage as seamless as possible.

Thank you for your suggestions! :)

PrevxHelp
June 14th, 2009, 01:48 PM
-{ Quote: "
Don't remember... would the full-screen detection be default, or is there a really good reason not to?" }-

It will be default and there really isn't a good reason not to ;D

dlimanov
June 14th, 2009, 02:03 PM
@ Habacuck:
Despite what everyone else is saying, PrevX is NOT a 0-day protection product per se. It relies on cloud-based signature and behavioral cross-referencing; if both of these criterias fail, you will get infected (just like your friend with test program he wrote), even though behavior analysis KNOWS the process is malicious. So when a true 0-day comes out, you better hope you're guy #2 in line, as if you're #1, you will get infected and will need to wait for signature and/or behavior analysis to be available via the cloud. You will probably get new signatures pretty quickly and everyone after you will be protected, but you WILL get infected nevertheless.
To be fair to PrevX, however, true HIPS with 0-day protection is VERY labor-intensive to configure and maintain, and close to impossible to deploy in dynamic corporate environment. If your environment is balanced and somewhat static, products like Cisco Security Agent (formerly Okena) would suit the bill better.
This brings me to my request which I posted in "delayed detection" thread: I would like to see an ability to configure how much the behavioral engine relies on cross-referencing behavior with the cloud. I want to be able to control this option based on what I feel is necessary in my particular case, and not have PrevX decide for me across the board. My understanding, it was an option on v2.0 but has been dropped in v3.0.

@scmp: I disagree on dropping client/server infrastructure in favor on portal-based, hosted management. This may be a desirable option for smaller consulting companies, but for large enterprise, hosting security products like this usually is not an option for variety of reasons. Again, as in my point above, this is probably something you want to have control over, versus vendor-controlled situation.
On third-party tools, we had a sales guy call Symantec to help them troubleshoot infection that was coming back after SEP could't clean it. After about two hours on the phone and desktop sharing, Symantec tech downloaded Malware Bytes and cleaned machine in a single scan. Talk about faith in their own product! :)

scmp
June 14th, 2009, 02:17 PM
@PrevxHelp Thanks for the follow up, looking forward to v.4

@dlimanov I understand your point, however even with server/client you still rely on the vendor to provide the signatures and scan engines. Clients will get them from the server instead of directly from the vendor but it still the vendor that has to make them available in the first place. For offsite users that's a problem - from what I see they rarely have updated definitions. For remote users, their connections to the corporate network are usually slower than to the internet so why tie up the WAN links getting AV updates? About SEP and their use of Malwarebytes, that's funny... not very surprising though :)

Habakuck
June 15th, 2009, 02:23 AM
I would like to refresh my claim number 2).

I think PrevX would be a perfect, complete product if there is a HIPS, IDS or real behavior blocker implemented.
I would really like to use PrevX as a stand alone but i cant trust it up to 100% cause it has, in my opinion no real protection against threats witch are unknown in the cloud.

Longboard
June 15th, 2009, 04:59 AM
Thanks for allowing this thread to run:
@PrevX Help:-{ Quote: "You can increase the settings to Maximum in the Settings > Heuristic Settings page which will block programs as you've described. The default settings are strong enough for virtually all real-world threats, however, but Maximum makes it nearly into an "Anti-Executable"/whitelisting protection system." }-
;)
An "advanced module" to fulfill the need to block all/any if wanted
??
-{ Quote: "I think PrevX would be a perfect, complete product if there is a HIPS, IDS or real behavior blocker implemented.
I would really like to use PrevX as a stand alone but i cant trust it up to 100% cause it has, in my opinion no real protection against threats witch are unknown in the cloud." }-
I'm stumbling along here:always want more ;)
That comment might be harsh but close to reality ??
Pertains to above and 'the lost functions' for those who want them.

I really do appreciate the current implementation, but, as noted, targeted at those who don't wish to interact so often, and, for absolute ease of use. However, then might be dependent on 'second look/second run' after install and from the cloud analysis.

As noted elsewhere, some current 'rogues' have no malware characteristics and so succeed in getting installed.

What about a 'block and send to Px' module for those who might need it ??

Regards

PrevxHelp
June 15th, 2009, 09:51 AM
-{ Quote: "
I would really like to use PrevX as a stand alone but i cant trust it up to 100% cause it has, in my opinion no real protection against threats witch are unknown in the cloud." }-

Trying to trust a single product 100% is the fault here :) No product, Prevx included, is perfect. We detect more than 20,000 new bad programs every day, thousands of which are detected on the absolute first time they are seen but yes, like everyone else, we periodically miss threats - however, the benefit with our protection is that we then detect them quickly because we can still analyze the data and correlate it to other new programs/techniques.

You appear to be looking for a pure HIPS/behavior blocker which Prevx is not. While we are planning to add in more techie-oriented controls in the future, a basic behavior blocker is not what we're trying to develop.

Habakuck
June 15th, 2009, 12:06 PM
-{ Quote: "Trying to trust a single product 100% is the fault here :) No product, Prevx included, is perfect. We detect more than 20,000 new bad programs every day, thousands of which are detected on the absolute first time they are seen but yes, like everyone else, we periodically miss threats - however, the benefit with our protection is that we then detect them quickly because we can still analyze the data and correlate it to other new programs/techniques.

You appear to be looking for a pure HIPS/behavior blocker which Prevx is not. While we are planning to add in more techie-oriented controls in the future, a basic behavior blocker is not what we're trying to develop." }-

Dont get me wrong. PrevX is the most powerfull AntiVirus solution i know and i will definitly buy several licenses but i would like to have a proactive detection in the next upgrades. What's wrong about that?
I just said: prevX would be perfect if it blocks totally unknown malware by blocking malicius behavior.
Implementing that would turn PrevX to a very very good stand alone application and that would be absolutely fantastic.

PS: -{ Quote: "we are planning to add in more techie-oriented controls" }- Go on please... :)

Cutting_Edgetech
June 15th, 2009, 05:28 PM
I would like to see the HIPS protection offered by Prevx 2.0 Expert Mode integrated back into Prevx 3.0.

trjam
June 15th, 2009, 05:31 PM
I want to see the active number of processes being protected by Prevx in the GUI, and, I want to see a tray icon like version 2.???

dlimanov
June 15th, 2009, 07:25 PM
Can someone post v2 screenshots, mainly the HIPS part of it? I am mighty curious what is missing from v3.
:P

Longboard
June 15th, 2009, 10:09 PM
for dlimanov:
from PX v2 help file : quick summary, if you want more pm me

-{ Quote: "Prevx 2.0 ABC - intended for the home or non-technical user who wants to use the Community database to automatically detect malware and block it from running.

Prevx 2.0 Pro - intended for users with some technical knowledge who want to be alerted for all known malware and unknown program activity, and who also wants to decide whether to allow or block each activity.

Prevx 2.0 Expert - intended for advanced technical users or researchers who want alerts for all malware, unknown, and good program activity. This mode can generate a large number of pop-ups. It provides the same protection as the other modes, but allows you to manually control Prevx 2.0 Lite.

This mode can be useful when performing evaluations, troubleshooting or installations, but thereafter we advise you to switch to either ABC or Pro Mode.
" }-
Screenshot of control options.

dlimanov
June 15th, 2009, 11:42 PM
-{ Quote: "for dlimanov:
from PX v2 help file : quick summary, if you want more pm me

Screenshot of control options." }-

Dammit, this exactly the things I wish v3 had.

Habakuck
June 16th, 2009, 12:37 AM
-{ Quote: "I would like to see the HIPS protection offered by Prevx 2.0 Expert Mode integrated back into Prevx 3.0." }-

-{ Quote: "I want to see the active number of processes being protected by Prevx in the GUI, and, I want to see a tray icon like version 2." }-

-{ Quote: "Dammit, this exactly the things I wish v3 had." }-

same here! :argh:

Habakuck
June 16th, 2009, 02:13 AM
I thought about all this and have to say that a HIPS is not what PrevX3 want to be or should be. It is fantastically light and clear to use and needs to remain like that.

So i thought about how to protect the user against threats which are absolutely unknown and came to following conclusion:

What about a holding stack for unknown executables:
Start of an unknown Programm -> Prevx blocks the action and querys whether the programm should be blocked till the answer of the cloud is received or not.
Implementing that as a function which is unchecked by default won't disturb the normal user while pros will get maximum protection.
If you are sure that the programm you have executed is trustable you dont have to wait the clouds answer. If you are not sure you can hold the action till the cloud is sure.

raven211
June 16th, 2009, 05:37 AM
-{ Quote: "I thought about all this and have to say that a HIPS is not what PrevX3 want to be or should be. It is fantastically light and clear to use and needs to remain like that.

So i thought about how to protect the user against threats which are absolutely unknown and came to following conclusion:

What about a holding stack for unknown executables:
Start of an unknown Programm -> Prevx blocks the action and querys whether the programm should be blocked till the answer of the cloud is received or not.
Implementing that as a function which is unchecked by default won't disturb the normal user while pros will get maximum protection.
If you are sure that the programm you have executed is trustable you dont have to wait the clouds answer. If you are not sure you can hold the action till the cloud is sure." }-

Sadly this is kinda where the FPs reported come in and PX's reliability on Age/Spread heuristics (which I can see a point in, but it screws it for some people indeed to be honest). Sure, the current option to automatically remove "found threats" would be vastly improved with this - great suggestion! - but the problem which is "for all AVs" (I've said this before - products that find FPs that cause problems for me goes off my system. NOD... Don't forget that I dropped ThreatFire - and you know how much I'm used to go on about it, partly how I prefer its thinking more to the Age/Spread criteria) creates a problem.

Triple Helix
June 30th, 2009, 10:07 PM
-{ Quote: "Trying to trust a single product 100% is the fault here :) No product, Prevx included, is perfect. We detect more than 20,000 new bad programs every day, thousands of which are detected on the absolute first time they are seen but yes, like everyone else, we periodically miss threats - however, the benefit with our protection is that we then detect them quickly because we can still analyze the data and correlate it to other new programs/techniques.

You appear to be looking for a pure HIPS/behavior blocker which Prevx is not. While we are planning to add in more techie-oriented controls in the future, a basic behavior blocker is not what we're trying to develop." }-

Maybe you can Add HIPS/behaviour blocker as an addon or make a separate program with both and sell it as a choice like when you had CSI & Edge! I just think it would make it a more complete solution.

TH

Habakuck
July 1st, 2009, 12:03 PM
Will there be a possibility for the user to check why a file is blocked to verify a "heuristic", "age-spread" or "flaged bad by the server" detection? A Feature like this added into the "Found -> Block" PoPup would be very good!

PrevxHelp
July 2nd, 2009, 11:25 AM
-{ Quote: "Will there be a possibility for the user to check why a file is blocked to verify a "heuristic", "age-spread" or "flaged bad by the server" detection? A Feature like this added into the "Found -> Block" PoPup would be very good!" }-

This is built in already - the block popup will say "Age/Spread Criteria Violation Detected" for an Age/Spread detection, "Edge Heuristics identified a threat in the file:" if found by the "Advanced Heuristics" slider-bar detection (note - this is only a small piece of our heuristics :)) and it will say a more descriptive name if it finds a threat using the database (i.e. Malicious Software/Fraudulent Security Program/etc.)

Habakuck
July 3rd, 2009, 02:33 AM
-{ Quote: "This is built in already - the block popup will say "Age/Spread Criteria Violation Detected" for an Age/Spread detection, "Edge Heuristics identified a threat in the file:" if found by the "Advanced Heuristics" slider-bar detection (note - this is only a small piece of our heuristics :)) and it will say a more descriptive name if it finds a threat using the database (i.e. Malicious Software/Fraudulent Security Program/etc.)" }-

:D Wow. Cool. :) Hehe. Thats great. I think i never got an age spread detection so i thought it is not built in.
Good to know! ;D

scmp
July 27th, 2009, 09:23 PM
-{ Quote: "Hello,
We completely agree with your suggestions and I will forward them onto the MyPrevx development team. We have planned on adding the ability to put overrides in place in MyPrevx as this is definitely a very powerful tool.

One feature which is not self-evident is the ability to run a silent installation/scan/report to MyPrevx if the installer executable is named with the license key as the filename. I'm not sure if this will help with all of your clients, but if they name the installer exe, for example: 12345678-1234-1234-1234-123456789123.exe, it would then automatically use that license key and report into MyPrevx with the associated scan results.

We will work on automating this process, however, to try and make the deployment/usage as seamless as possible.

Thank you for your suggestions! :)" }-

Hello,

This month I had 2 of my clients purchase PrevX licenses (140 licenses total). I did try renaming the installer as suggested and it does a silent install but it does not use the license key - I would still have to go to each client and enter the license - luckily I can leave their internal IT staff to deal with it :)

Thank you

PrevxHelp
July 27th, 2009, 11:08 PM
-{ Quote: "Hello,

This month I had 2 of my clients purchase PrevX licenses (140 licenses total). I did try renaming the installer as suggested and it does a silent install but it does not use the license key - I would still have to go to each client and enter the license - luckily I can leave their internal IT staff to deal with it :)

Thank you" }-

Hello,
We have had some reports of this functionality not working properly and we're working on correcting the issue. However, for now we have a workaround which may be viable for you.

First: create a registry key named PxLic under HKEY_CURRENT_USER\Software\ and then create a REG_SZ value named CSILic under this key with data of the license key to be applied.

Then, run the license-key-named installer and the installation will take place silently except for one initial prompt which shows a message to the user saying that the license is accepted. Besides this initial prompt, there are no other dialogs to be answered and the prompt will not show on subsequent uses.

Please let us know if you have any questions with this and we will be correcting the license key automatic installation behavior in the next version.

Phantasm
August 6th, 2009, 04:07 PM
Prevx needs a 'Last updated' kind of thing

Example: Last Update: 1 minute ago

PrevxHelp
August 6th, 2009, 04:31 PM
-{ Quote: "Prevx needs a 'Last updated' kind of thing

Example: Last Update: 1 minute ago" }-

Prevx is constantly kept up to date so we don't have this. However, our volume of updates per day a couple years ago (the last figures I'm aware of) was about 250,000 updates per day, which equates to around 173 per minute so I think it would be safe to say that "Last Update:" will always be "Less than 1 second ago" :)

Phantasm
August 8th, 2009, 01:13 AM
Any chance of a Prevx Bootable .iso for CD/DVD?

PrevxHelp
August 8th, 2009, 01:25 AM
-{ Quote: "Any chance of a Prevx Bootable .iso for CD/DVD?" }-

We currently don't have a need for a bootable ISO but we have it in the books if we do end up running into a need for it.

Phantasm
August 9th, 2009, 04:13 PM
Seriously make the malware uploading much easier look at this for example 2.ly/2
see how simple it is?

Triple Helix
August 9th, 2009, 04:40 PM
-{ Quote: "Seriously make the malware uploading much easier look at this for example 2.ly/2
see how simple it is?" }-

All you have to do is follow the Directions here! http://www.wilderssecurity.com/showthread.php?t=245129

TH

Phantasm
August 9th, 2009, 05:30 PM
Way too much :P Im not signing in to my e-mail just to send something, i guess it's just me so nvm.

PrevxHelp
August 9th, 2009, 09:30 PM
You can also just send a message here with an entry from a scan log and we can investigate it :) Also, uploading it to VirusTotal will get it sent to us (albeit with some thousand other files every day) but feel free to PM a link to what is missed from VT and we will investigate.

At the current volumes of missed samples that we receive to our report@prevxresearch.com email address, we do not see it necessary to expand to a dedicated system. We already gather the necessary information automatically. If a threat was to start spreading quickly, we would latch onto it immediately and if a threat is extremely low volume, we still have the details on it so we can just as easily add protection.

Triple Helix
August 11th, 2009, 05:41 PM
Hi Joe,

Possibility of an easier way to empty Quarantine in the Undo Cleanup window?

TH

trjam
August 11th, 2009, 05:46 PM
and dont forget Joe, the actual number of processes being protected.

PrevxHelp
August 11th, 2009, 06:03 PM
-{ Quote: "and dont forget Joe, the actual number of processes being protected." }-

This is a big component on the roadmap in v4 - it won't make it into 3.5 yet but we're developing a nice techie friendly tool for v4 :)

PrevxHelp
August 11th, 2009, 06:04 PM
-{ Quote: "Hi Joe,

Possibility of an easier way to empty Quarantine in the Undo Cleanup window?

TH" }-

:thumb: Added to the list :)

trjam
August 11th, 2009, 06:18 PM
you know Joe, in 3 months and 2 days, Edge will be 1 year old which is also the date of my 16th birthday. Who would have ever thunk it that you would be here, with the rest of the Prevx team, soaking the sun up at Wilders less then a year later..;)

well, maybe one visionary.8)

PrevxHelp
August 11th, 2009, 08:23 PM
-{ Quote: "you know Joe, in 3 months and 2 days, Edge will be 1 year old which is also the date of my 16th birthday. Who would have ever thunk it that you would be here, with the rest of the Prevx team, soaking the sun up at Wilders less then a year later..;)

well, maybe one visionary.8)" }-

;D Wilders is definitely a great place to be - always sunny and warm by the beach (the crab, seagull, and dog seem to be there more than all of us though, but I guess one can never get enough Wilders sun :))

PrevxHelp
August 11th, 2009, 08:40 PM
And as a clarification, trjam, you aren't 16 years old (nice try ;D) however, you're correct that your 16th birthday shares the date of your upcoming one ;)

raven211
August 12th, 2009, 05:00 AM
-{ Quote: "And as a clarification, trjam, you aren't 16 years old (nice try ;D) however, you're correct that your 16th birthday shares the date of your upcoming one ;)" }-

I actually believe him when he says he is - my sensors says so. ;D

Dark Star 72
August 12th, 2009, 05:37 AM
That was a typo, he pressed the 1 before the 6 ;D
Perhaps he's like me, only 16 in mind and spirit - that's all that matters ;)

EraserHW
August 13th, 2009, 07:17 PM
-{ Quote: "Perhaps he's like me, only 16 in mind and spirit - that's all that matters ;)" }-

Nice trick, I've to use it more often when I'll be older ;D

spootnack
August 14th, 2009, 01:01 PM
Hello

Great job for Prevx ! Light and powerful ;)

Questions :

1) Is it possible to add a functionality that when we want "report this detection as false positive" we can select more one file at a time ? :-\

http://img188.imageshack.us/img188/3161/prevx.png

2) Can you make available to the general public (on your site for example) a means to have trial-serials to test the program for 30 days for example ?

Thank you.

++

PrevxHelp
August 16th, 2009, 02:00 AM
-{ Quote: "Hello

Great job for Prevx ! Light and powerful ;)

Questions :

1) Is it possible to add a functionality that when we want "report this detection as false positive" we can select more one file at a time ? :-\" }-

Currently no, but if you have that many FPs, feel free to send a scan log to report@prevxresearch.com by clicking Tools > Save Scan Results and we'll analyze it from there :)

-{ Quote: "2) Can you make available to the general public (on your site for example) a means to have trial-serials to test the program for 30 days for example?" }-

We provide this on-demand to people requesting it in our customer support inbox or here on Wilders. A bit of clarification as to the reason behind it can be found here: http://www.wilderssecurity.com/showpost.php?p=1520819&postcount=7

Let me know if you have any other suggestions or questions!

spootnack
August 16th, 2009, 06:02 AM
OK.

Thank you !

++

Phantasm
August 18th, 2009, 04:24 PM
Right click a undetected executable or dll or w/e and click report to prevx :).

aieie
August 25th, 2009, 04:04 AM
Don't shoot me (it could be a stupid suggestion) but could a "self test" function be implemented?

I was reading the thread about Prevx stopping working and, when you become aware of it, needing reinstall.

Even if it's rare..............i'd like to be able to verify that the software is working before being infected.

Best Regards

ElmoScoggins
September 5th, 2009, 03:58 PM
This might be my error because I just loaded V3 after using V2 for a year or so, but the box that used to appear when the op sys was executing any application or exe was very helpful when working with potentially problem applications. Doesn't seem to exist in 3. Can it be turned on?

Thanks

PrevxHelp
September 5th, 2009, 04:10 PM
-{ Quote: "This might be my error because I just loaded V3 after using V2 for a year or so, but the box that used to appear when the op sys was executing any application or exe was very helpful when working with potentially problem applications. Doesn't seem to exist in 3. Can it be turned on?

Thanks" }-

Hello,
We have removed this functionality because of the low number of users using it and the levels of confusion produced from it for a majority of our non-technical users. Prevx 3.0 now automates the decision process behind-the-scenes which allows us to provide a very strong level of protection without the impediments on usability.

Please let us know if you have any further questions!

ElmoScoggins
September 5th, 2009, 04:17 PM
If its not a large piece of code (as I am thrilled at how small the V3 app is) perhaps it can be added back in a future version with an 'off' default. I thought it was both very helpful and a big differentiator. JMHO

PrevxHelp
September 5th, 2009, 04:28 PM
-{ Quote: "If its not a large piece of code (as I am thrilled at how small the V3 app is) perhaps it can be added back in a future version with an 'off' default. I thought it was both very helpful and a big differentiator. JMHO" }-

Prevx 4.0, which is still a few months away, will have a realtime behavior status reporting feature. It won't be exactly like how Prevx 2.0 was but it will be more comprehensive so that you can get down to the technical details very easily if wanted.

We're still in the early phases of designing the additional functionality but it should be a good replacement for the Prevx 2.0 reporting without adding significant weight/code into the product :)

Triple Helix
September 5th, 2009, 04:42 PM
-{ Quote: "Hi Joe,

Possibility of an easier way to empty Quarantine in the Undo Cleanup window?

TH" }-

Any news on this? At lease be able to hold down Ctrl>Click each one and delete?

PrevxHelp
September 5th, 2009, 04:57 PM
-{ Quote: "Any news on this? At lease be able to hold down Ctrl>Click each one and delete?" }-

A "Remove All" button will be added into the next update :) Thanks for the suggestion!

Triple Helix
September 5th, 2009, 05:02 PM
Great Thanks! 8)

September 18th, 2009, 09:35 AM
How do current users receive updates? I have seen posts about a version later than mine (3.0.1.65) -are these automatically updated for subscribers?

PrevxWebDesigner
September 18th, 2009, 11:05 AM
-{ Quote: "How do current users receive updates? I have seen posts about a version later than mine (3.0.1.65) -are these automatically updated for subscribers?" }-

You will receive all product updates automatically (unless you've elected not to under the configuration settings).

3.0.1.65 is the current public live version - with any higher version numbers you've seen recently being those of BETA and Release candidate versions which are undergoing testing prior to public release.

Hope that helps :)

rolarocka
September 18th, 2009, 02:39 PM
Two suggestions:

Change the colour of the "eye" or around the eye during a background scan to let people know prevx is scanning in the background or at least an option to set this behaviour.
----
"Pause" button for scans.

Phantasm
September 22nd, 2009, 06:01 PM
Early bootup option

dlimanov
September 22nd, 2009, 10:44 PM
Ability to scan not on boot when 400 other different things load, but during specific time of the day, CPU load (< then 50%, for example) or when screen saver is active.

redwolfe_98
October 3rd, 2009, 07:56 PM
hello.. i am new to "prevx".. :)

one thing that i would like is a way to just plain disable prevx's realtime-protection, temporarily, where it will stay disabled, until i choose to re-enable it.. the way it is now, you can disable prevx's realtime-protection for 10 minutes, and then prevx re-enables itself.. i want to be able to disable it until i decide to re-enable it rather than having it automatically re-enable itself after 10 minutes..

it is kind of a pain in the butt to have to deal with the 10-minute time-limit when disabling prevx's realtime-protection, to where i usually don't even bother to disable it.. (there is one situation where i have to disable prevx's realtime-protection, in order to run one of the programs that i use, which used a temp-file that is flagged by prevx.. i can't use the program unless i disable prevx's realtime-protection)..

i also would like it if prevx had an option for turning off its "self protection".. the way it is now, there are 3 levels of self-protection, for prevx, but none of them are "disable self-protection".. considering that you can't disable prevx's realtime-protection, except for a 10 minute interval, that leaves me with the option of killing prevx's processes, but, when i do that, they are automatically restarted.. i guess that that is due to prevx's "self-protection"..

prevx's having self-protection might be a good thing for some people, but i don't need it.. i use a program ("system safety monitor" ) that protects prevx, and other programs, from being terminated.. if a program has its own self-protection, i disable it, when possible..

also, i think there should be a "scan" button, along with the other buttons, on the left side of prevx's GUI, to open the panel with the scanning-options.. the way that it is now, you have to go to "tools", then "advanced scan"..

PrevxHelp
October 3rd, 2009, 08:48 PM
-{ Quote: "hello.. i am new to "prevx".. :) " }-

Glad to have you on board! :)

-{ Quote: "one thing that i would like is a way to just plain disable prevx's realtime-protection, temporarily.. the way it is now, you can disable prevx's realtime-protection for 10 minutes.. well, i want to be able to disable it until i decide to re-enable it.. i don't want it to automatically re-enable itself after 10 minutes.." }-

You can click the dropdown arrow to select longer durations for being disabled, or, you can click Remove Protection which will fully remove it until you want to re-enable it (it is the last entry in the list if you do not have maximum self protection enabled).

-{ Quote: "(there is one situation where i have to disable prevx's realtime-protection, in order to run one of the programs that i use, which used a temp-file that is flagged by prevx.. i can't use the program unless i disable prevx's realtime-protection).." }-

If you are running into a specific application which is legitimate, could you please click Tools > Save Scan Results and send them to report@prevxresearch.com so that we can diagnose the issue closer? Alternately, when you are prompted with a warning, you can click "Trust Always" or right click on the file entry within the Prevx 3.0 GUI and select "Report as a false positive" which will automatically mark the file as trusted locally. Or, you can use the Settings > Detection Overrides tool to change the override options and change the default behavior of Prevx.

-{ Quote: "i also would like it if prevx had an option for turning off its "self protection".. the way it is now, there are 3 levels of self-protection, for prevx, but none of them are "disable self-protection".. considering that you can't disable prevx's realtime-protection, except for a 10 minute interval, that leaves me with the option of killing prevx's processes, but, when i do that, they are automatically restarted.. i guess that that is due to prevx's "self-protection".." }-

There isn't an option to disable Prevx's self protection entirely, however, after setting it to Minimum and rebooting your PC, you will be able to terminate both Prevx processes. You may want to use the command:

taskkill /f /im prevx.exe

which will terminate both quickly (if you are using the Professional version of Windows).

-{ Quote: "prevx's having self-protection might be a good thing for some people, but i don't need it.. i use a program that will protect prevx, and other programs, from being terminated.. if a program has self-protection, i disable it, when possible.." }-

The self protection within Prevx has been designed to work carefully within Prevx itself so we strongly recommend using Prevx to protect itself rather than using another program to duplicate functionality built into Prevx.

-{ Quote: "also, i think there should be a "scan" button, along with the other buttons, on the left side of prevx's GUI, to open the panel with the scanning-options.. the way that it is now, you have to go to "tools", then "advanced scan".." }-

The default Deep Scan is the recommended scan, which can be triggered by clicking Scan My PC (or clicking View Threats and then Scan My PC).

Please let me know if you have any further questions!

vijayind
October 25th, 2009, 02:23 PM
My biggest problem with Prevx on my laptop is that when I am on the road, it often nags that its not connected to the net. I wish there was a way to optionally turn off that msg.

rolarocka
October 27th, 2009, 11:01 AM
Possibility to disable SafeOnline for certain browsers.

Jeroen1000
October 27th, 2009, 03:24 PM
Recently, I had cain and able removed from the database (reported as false positives). Couldn't we leave such applications IN the database but colour them orange as they MIGHT be dangerous.

Same thing with Remote control tools (don't know IF they are detected) like Remote administrator (Radmin), VNC, Ultra VNC. What does PrevX do with those? If I have installed them and I know of them, fine...but what if someone did this behind my back. I would like to know for sure.

Please comment on this as I personally find this very important!

PrevxHelp
October 27th, 2009, 05:11 PM
-{ Quote: "Recently, I had cain and able removed from the database (reported as false positives). Couldn't we leave such applications IN the database but colour them orange as they MIGHT be dangerous.

Same thing with Remote control tools (don't know IF they are detected) like Remote administrator (Radmin), VNC, Ultra VNC. What does PrevX do with those? If I have installed them and I know of them, fine...but what if someone did this behind my back. I would like to know for sure.

Please comment on this as I personally find this very important!" }-

We try and identify the intent of the program being used - i.e. if UltraVNC/Radmin/LogMeIn/VNC are installed covertly, we will detect them but if they are clearly visible to the user we tend to allow them.

In the past, we have had a "Caution" determination but it led to a lot of confusion - many users who encountered them were not very tech savvy and they would write in asking: "What should I do?!" which is why we've moved to a black/white approach for most software.

Technically, almost all software can be used maliciously so there has to be some cutoff point :)

Habakuck
October 27th, 2009, 05:23 PM
I would like to see why a file/process is beeing flaged as malicious. Some kind of process monitor/history would be great. So that i can see why PrevX thinks that the file is malicious.
Of course this only make sense for heuristic detections.
A short link in the warning PopUp to the process monitor log for that file would be great.

PrevxHelp
October 27th, 2009, 05:24 PM
-{ Quote: "I would like to see why a file/process is beeing flaged as malicious. Some kind of process monitor/history would be great. So that i can see why PrevX thinks that the file is malicious.
Of course this only make sense for heuristic detections.
A short link in the warning PopUp to the process monitor log for that file would be great." }-

This will be a prominent feature in Prevx 4.0 :)

Habakuck
October 27th, 2009, 05:32 PM
Hehe :) Very cool! :thumb: I can't wait.!. :D

trjam
October 27th, 2009, 05:39 PM
64 bit SafeOnline ;)

Jeroen1000
October 28th, 2009, 03:14 AM
-{ Quote: "We try and identify the intent of the program being used - i.e. if UltraVNC/Radmin/LogMeIn/VNC are installed covertly, we will detect them but if they are clearly visible to the user we tend to allow them.

In the past, we have had a "Caution" determination but it led to a lot of confusion - many users who encountered them were not very tech savvy and they would write in asking: "What should I do?!" which is why we've moved to a black/white approach for most software.

Technically, almost all software can be used maliciously so there has to be some cutoff point :)" }-

I can understand your reasons for that. However, actions like that tend to make PrevX less secure. I have not tested it (yet) but if I hide (as in disable it) the Radmin tray icon PrevX should flag it, correct?
Could you consider including some sort of checkbox option (which would be off by default to avoid a boatload of confused users) for 'potentially dangerous applications'? Those could include the remote tools and hack tools. Put a big warning on it what happens when the checkbox is checked.

I'm a fan of categorizing threats. This way a user can choose what he wants PrevX to detect:)
I'm talking out of my hat here (as in I'm guessing you do not have this option yet and I'm not near my PrevX PC) but you could introduce an advanced settings page. I understand your need to keep it simple but Enterprises (and users like me) like many useful options.

Anyway, does this mean that keyloggers like Spector, if installed as per their use (they are meant to be covert), are NOT being detected?

Jeroen1000
October 28th, 2009, 03:24 AM
As long as I'm making suggestions;D. Password protect the settings:

No one can see them without entering the password
No one can change them without entering the password
It would not be cool is users could add programs to the exception list themselves...

Why? Some users (mainly an enterprise problem) have a problem with Ultra VNC because they think we use it to spy on them. Some go to great lengths to delete it. Well that would be a useful option if you consider adding the checkbox *puppy*

PrevxHelp
October 28th, 2009, 03:04 PM
-{ Quote: "As long as I'm making suggestions;D. Password protect the settings:

No one can see them without entering the password
No one can change them without entering the password
It would not be cool is users could add programs to the exception list themselves...

Why? Some users (mainly an enterprise problem) have a problem with Ultra VNC because they think we use it to spy on them. Some go to great lengths to delete it. Well that would be a useful option if you consider adding the checkbox *puppy*" }-

We have this functionality in place already :) If you click Settings > Basic Configuration, you can tick the box: "Password protect configuration options" which will lock down all of the configuration to users that aren't authorized.

PrevxHelp
October 28th, 2009, 03:09 PM
-{ Quote: "I can understand your reasons for that. However, actions like that tend to make PrevX less secure. I have not tested it (yet) but if I hide (as in disable it) the Radmin tray icon PrevX should flag it, correct?" }-

This generally won't, it depends on the installation behavior.

-{ Quote: "Could you consider including some sort of checkbox option (which would be off by default to avoid a boatload of confused users) for 'potentially dangerous applications'? Those could include the remote tools and hack tools. Put a big warning on it what happens when the checkbox is checked." }-

Yes, I agree - a number of programs can be added into this category, like mIRC, ServU, and a handful of remote support tools as you have noted.

-{ Quote: "I'm a fan of categorizing threats. This way a user can choose what he wants PrevX to detect:)
I'm talking out of my hat here (as in I'm guessing you do not have this option yet and I'm not near my PrevX PC) but you could introduce an advanced settings page. I understand your need to keep it simple but Enterprises (and users like me) like many useful options." }-

The Prevx Enterprise version, however, functions exactly as you mention - you can configure determinations/block programs en-masse or even set up a whitelisting-restricted environment where only trusted programs are allowed to run.

-{ Quote: "Anyway, does this mean that keyloggers like Spector, if installed as per their use (they are meant to be covert), are NOT being detected?" }-

Keyloggers are a different beast entirely in our opinion and we consider them to be malicious in all cases unless the user explicitly overrides them to not be detected.

From the review that PC Magazine did over Prevx:

"In a parallel test using commercial keyloggers in place of malware, Prevx detected every sample and completely prevented installation for most of them." (http://www.pcmag.com/article2/0,2817,2346861,00.asp)

Jeroen1000
October 28th, 2009, 04:20 PM
Thank you Joe (I may call you Joe I hope;D ). Your support is really top-notch!

If you don't mind I've got one more question. What is policy for certain hack tools like hash dumpers (PWdump, fgdump ...)? Some of those can be used over the network by roaming users (which would make them harmful in my agenda).
Anyway, I'm getting off topic here sorry. I still hope to see a setting for potentially harmful applications.

I do have a final suggestion for the enterprise app. (if it isn't already present). I may be pushing the envelope here but here goes: I call it the Sophos approach: it catches all potentially harmful program groups:

- Toolbars
- HTTP(s)/SSH tunnel software
- Proxy software
- Cracker programs (collecting hashes or bruteforcers)
- Things like Nmap, Wireshark
- FTP programs

Almost everything that CAN be used to get info out of the network.

On the other hand I just realize, PrevX allows one to whitelist things and flag all the rest. I suppose a 'home' user can't get this enterprise version?:)

Defenestration
November 3rd, 2009, 07:54 PM
I would like to see the ability to stop an app from loading a URL. For example, a few apps will automatically load a web page when you uninstall their software. It would be great if Prevx could block this from happening.

subhrobhandari
November 7th, 2009, 08:08 AM
Here are my suggestions:

1. Import/Export settings.
2. Safeonline to cover IMs.
3. Having option to automatically update to Beta releases.
4. Option to check how often Prevx will check for updates.
5. Option in Scheduled Scans to scan only when CPU usage and Memory is under certain level.
6. Support for scanning SSL protol .
7. Option to send malicious file(s) directly to Prevx with description.

Defenestration
November 9th, 2009, 08:31 PM
-{ Quote: "3. Having option to automatically update to Beta releases." }-If you originally installed a beta version, then you can get beta releases automatically via the update mechanism.

subhrobhandari
November 9th, 2009, 09:01 PM
I know that, but what if I install a stable release after testing some betas but want to get betas when they are out?

PrevxHelp
November 10th, 2009, 11:11 AM
-{ Quote: "I know that, but what if I install a stable release after testing some betas but want to get betas when they are out?" }-

If you install a beta release, it will update to the live release and will continue to update to the next beta release when we have one :)

dlimanov
November 11th, 2009, 12:45 AM
Got hit by an interesting variation of PDF/JS exploit tonight: a well-known news site was pulling a banner ad from a compromised host; it was launching a Java applet via HTTPS from some server in China, which loaded a malicious PDF. The only thing that saved my bacon was DefenseWall and the fact that JavaScript is disabled in Acrobat on my machine. I was able to save the PDF and scan it against VirusTotal and Jotti, only 2 engines out of 20-something detected it, so it's pretty new.
The reason I'm posting this is that PDF detection can't come soon enough in Prevx (and Hitman). I understand the legalities of it, but there's got to be a way to examine the file without uploading entire thing to the cloud somehow, to protect privacy and confidentiality. Also, SafeOnline could probably benefit from some advanced methods of detecting abnormal or suspicious PDF loads, like in this case via HTTPS/Java.
Just sayin'..

BryanW
November 14th, 2009, 03:10 AM
It would be nice to be able to add another 15 minutes of install time. I am aware that there are longer time intervals on the pull-down menu for disabling protection, but some installs take longer than originally anticipated.

rolarocka
November 20th, 2009, 12:16 PM
I think this is a bit overkill:
213794
I cant image anyone will ever need this detailed "time outs"

November 23rd, 2009, 08:01 AM
-{ Quote: "I think this is a bit overkill:
213794
I cant image anyone will ever need this detailed "time outs"" }-

No! It is not a overkill! I have a handicapping software that does not work when Prevx is fully enabled. I have to disable for 4hr when I play the races
live on my computer.

SMPRICESOLUTIONS
December 18th, 2009, 01:08 PM
Adding technology provided by CallingID (http://www.callingid.com) would be a nice addition to SafeOnline.

dorgane
December 27th, 2009, 02:17 PM
Hi
again me with suggestion, i am gamer and i don't like scan when I play, my idea it is a scan when comptuer is IDLE and pending after a new scan.

example : from 5, 10, 15, 20 min IDLE's computer a scan start and an wait 4, 12, 18 or 24 hours for make an other.

example :
214458

9:00am computer is idle
9:05am again idle scan start
...4h...
01:00pm computer is not idle, not scan start
01:10pm computer is idle, last scan is more than 4yours
01:15pm again idle, scan start.

thank you for feedback

Romagnolo1973
January 2nd, 2010, 01:24 PM
SafeOnLine working on Chrome4 and for me expecialy on CromePlus a fork that is Chrome4 based

PC__Gamer
January 2nd, 2010, 01:42 PM
-{ Quote: "SafeOnLine working on Chrome4 and for me expecialy on CromePlus a fork that is Chrome4 based" }-
although i personally dont use Chrome anymore, i believe it should be working with it, as in my head, its one of the big players in the selection of browsers.

i want the green blob tray icons back :) lol

and want the 'no more changes allowed for this licence' thing fixed, i hate formatting or whatever and then having to contact support for them to disable my licence, so i can activate it again.

if im able to login to my own 'my prevx', and i can see it with my own eyes 'deactivate', i should be able to click it (which at the moment, is not possible, even though i see it)

id also like to see 'right click - report as false positive' during found items to be checked and fixed much quicker, ie. as quick as if i physically sent in the file via email etc.

skylite
January 2nd, 2010, 02:28 PM
I have only 1 suggestion to Prevx : stop treating legit customer as a criminal!,today i just got this :
-{ Quote: "
Error: (CHK007) No further system changes are allowed on this license" }-

to be honest,prevx being the most paranoid protection i've ever seen,i've bought engima protector for my developed software,so far it's being stronghold without putting my customer in headache.

Triple Helix
January 2nd, 2010, 02:30 PM
-{ Quote: "I have only 1 suggestion to Prevx : stop treating legit customer as a criminal!,today i just got this :

to be honest,prevx being the most paranoid protection i've ever seen,i've bought engima protector for my developed software,so far it's being stronghold without putting my customer in headache." }-

PM PrevxHelp (Joe) with your license and he will fix you up ASAP like he did before!

TH

PC__Gamer
January 3rd, 2010, 10:24 AM
-{ Quote: "PM PrevxHelp (Joe) with your license and he will fix you up ASAP like he did before!

TH" }-
he shouldn't have to though T.H,

its an issue that annoys me greatly too.... ::)

Romagnolo1973
January 15th, 2010, 03:14 PM
making SafeOnline easely ON/OFF clicking on the prevx icon on the tray

PC__Gamer
January 18th, 2010, 09:08 AM
i want prevx to bring the traffic-lights back in their gui and tray icon.

a possibilty? :P

Dark Star 72
January 18th, 2010, 10:17 AM
-{ Quote: "i want prevx to bring the traffic-lights back in their gui and tray icon.

a possibilty? :P" }-
Me and Trjam pestered for this when P3 first came out as Edge without success and I still prefer them by far. So much more noticeable as well.

PC__Gamer
January 18th, 2010, 11:07 AM
-{ Quote: "Me and Trjam pestered for this when P3 first came out as Edge without success and I still prefer them by far. So much more noticeable as well." }-
you think they will listen and bring em back?

they just gave off a more friendly, more safe kinda feel from those little blobs. ;D

not all things from the past should come back though:

214882

214881

however, maybe we should get a petition going to get that little green blob back, especially for the tray icon. :)

PrevxHelp
January 18th, 2010, 01:34 PM
;D Ah, a blast from the past :)

Our primary reason for moving away from the orb tray icon is that we want to move away from connections to P2. P3 is a significantly different world from P2 and leaving the tray icon the same would produce quite a lot of confusion. We've also removed the "amber" middle state and are now working on black/white (red/green :)) states so the "traffic light" concept wouldn't work well now.

However, Prevx 4.0 is under development and while we aren't explicitly planning changes to reincorporate the orbs, we have had a handful of users request it so we'll definitely consider it if we can make it fit within the overall scope of Prevx 4.0.

PC__Gamer
January 18th, 2010, 01:49 PM
-{ Quote: ";D Ah, a blast from the past :)

Our primary reason for moving away from the orb tray icon is that we want to move away from connections to P2. P3 is a significantly different world from P2 and leaving the tray icon the same would produce quite a lot of confusion. We've also removed the "amber" middle state and are now working on black/white (red/green :)) states so the "traffic light" concept wouldn't work well now.

However, Prevx 4.0 is under development and while we aren't explicitly planning changes to reincorporate the orbs, we have had a handful of users request it so we'll definitely consider it if we can make it fit within the overall scope of Prevx 4.0." }-
i see no reason to use some of its 'charm' to the newer products. ;)

800ster
January 21st, 2010, 03:16 AM
I think I'm reading this right from looking at the help on the current Heuristic Settings configuration screen. If "Apply before Age/Popularity detection" (default) is selected then the bottom 2 Age/Popularity sliders are ignored and so would it be clearer to have them greyed out in that instance?

PrevxHelp
January 22nd, 2010, 02:10 PM
-{ Quote: "I think I'm reading this right from looking at the help on the current Heuristic Settings configuration screen. If "Apply before Age/Popularity detection" (default) is selected then the bottom 2 Age/Popularity sliders are ignored and so would it be clearer to have them greyed out in that instance?" }-

They aren't ignored, but just lessened in the way in which they are applied. We clarify this a bit better on our help page at:

http://info.prevx.com/edgehelp.asp

(If you click Settings > Heuristics Settings, this should help shed some light on it :))

pegr
January 30th, 2010, 09:45 AM
I would like the option to be able to backup and restore the list of SafeOnline security configuration settings.

JCRUYFF
January 31st, 2010, 02:52 AM
Can Someone tell me the most recent stable version of prevx because i have the Prevx 3.0.5.50 version installed in my computer

thanks.

guest
January 31st, 2010, 03:07 AM
-{ Quote: "Can Someone tell me the most recent stable version of prevx because i have the Prevx 3.0.5.50 version installed in my computer
" }-

'Stable' is a bit misleading here because those recent versions
are ALL sort of 'release candidate' or some say 'beta'. ;D

But if pushing the 'check for updates' button doesn't
bring up an update you have the recent one that is
offered via their homepage. - I am to lazy to check
this out for you. But you probably know what I am

For a real 'stable' version that works without bugs I guess
we have to wait another few builds / weeks of be .. pardon .. rc testing 8)

Scoobs72
January 31st, 2010, 03:26 AM
@MatDe, if you had any real experience of software development and deployment then you'd know that you can test and test and test against every possible user type/usage case, think you've ironed-out all the bugs, deploy, then find there are more bugs. This is new software - expect more bugs to be revealed as the user base grows. Stop moaning.

guest
January 31st, 2010, 04:19 AM
-{ Quote: "@MatDe, if you had any real experience of software development and deployment then you'd know that you can test and test and test against every possible user type/usage case, think you've ironed-out all the bugs, deploy, then find there are more bugs." }-

This clearly isn't the case here with that SafeOnline story. I am testing this from the beginning (and I am exactly doing THAT and not only writing 'works great' as many others who think it's great if there is a lack of BSOD never testing things ;) ) and I always told them very openly that this software - given the bug experience I had with it - wasn't (and isn't!) ready to release. In fact I told them how I was shocked to see that version going live in end of october!

I was just making fun here of naming this version for many months and countless builds 'release candidate' instead of beta. That is my opinion based on my test experience with every build so far I came across since SafeOnline was introduced.

And I knew from start how difficult it would be to make this SafeOnline features compatible with those thousands of programs that are out there. And more important - I am confident that Prevx will get this gargantuan task done some day soon!

But you have to forgive me: 'stable' really is the wrong word for the 'live' version (the so called non-beta which is of course a beta too). And that was my point I had not made if this all were about BETA software or even RC. But they decided - I guess because of marketing or financial reasons - to risk this and go public with that 'official' version long ago and I stay with my opinion: that was unfortunately way to early and the wrong decision.

The thing is ... people that buy SafeOnline experience those bugs and are maybe pushed away from that don't you think? Which all could have been avoided with a little more patience (not releasing this months before it was ready to). :(

-{ Quote: "This is new software - expect more bugs to be revealed as the user base grows." }-

This is normal of course. As a beta tester of many softwares I know that perfectly well. - And what I experienced with all those Prevx builds since months is also normal. For BETA versions! - But it's *NOT* or should be not for official ones, please test it for yourself!

-{ Quote: "Stop moaning." }-

Please stop telling me what to do. ::) I don't know how many bugs YOU have discovered or if you helped at ALL ironing them out as I did MANY times spending hours of my time with it?

And yes, I am NOT a 'fanboy' covering things up and barking the competition away ;) but a customer (currently on free licenses though - thx to prevx :) ) that actually *helps* to better the product. Being critic at times is part of that too and if this is not allowed anymore I am done here wasting my time. ;)

@ JCRUYFF:

p.s.: What I mainly tried to tell you in maybe a weird (supposed-to-be-funny) way was:
You could use IMO pretty well the actual beta versions also since they aren't
much more unstable than the 'stable' version and supposed to be fixing detected bugs. ;)

Scoobs72
January 31st, 2010, 07:18 AM
-{ Quote: "
This is normal of course. As a beta tester of many softwares I know that perfectly well. - And what I experienced with all those Prevx builds since months is also normal. For BETA versions! - But it's *NOT* or should be not for official ones, please test it for yourself!

)" }-

The purpose of beta & RC versions is to try to iron out as many bugs as possible, but you will not iron out all the bugs for all users. That doesn't mean it shouldn't become the stable version. Perhaps your experience has been particularly bad - sometimes that happens and I have had it happen myself with software development I have done. Personally, I have 3 licenses and use Safeonline on 3 different computers - XP, Win7 32bit and Win764bit. I have had no issues whatsoever. So for me these releases are stable and work without bugs. Perhaps you need to look at the wider situation before asserting the software is still beta quality.

fax
January 31st, 2010, 07:32 AM
-{ Quote: " Perhaps you need to look at the wider situation before asserting the software is still beta quality." }-

:thumb: Indeed, it works perfectly fine here too.

PrevxHelp
January 31st, 2010, 04:29 PM
-{ Quote: "The purpose of beta & RC versions is to try to iron out as many bugs as possible, but you will not iron out all the bugs for all users. That doesn't mean it shouldn't become the stable version. Perhaps your experience has been particularly bad - sometimes that happens and I have had it happen myself with software development I have done. Personally, I have 3 licenses and use Safeonline on 3 different computers - XP, Win7 32bit and Win764bit. I have had no issues whatsoever. So for me these releases are stable and work without bugs. Perhaps you need to look at the wider situation before asserting the software is still beta quality." }-
Scoobs72 is exactly right - with all due respect guest, we have far more than one million SafeOnline users and virtually all of them are running problem free. I know that you have run into a few issues in the past with SafeOnline, but most of these were caused by Fritz!Protect, which has a bugged DLL injected into processes, causing them to crash. Outside of those issues, most of your complaints were due to screen protection, but that was because of being set into compatibility mode by configuring it down to High which is intentional... so outside of these, I haven't really seen any issues :-\

If you are aware of any issues that currently exist that are significant enough to prevent the next version of SafeOnline from going out to our users, please let me know and I'll gladly investigate them as closely as possible to see if we can fix the problems :)

We try and ensure that our software will work on every one of the billions upon billions of different software/hardware configurations out in the world but this is not an easy task, although we have never had to issue a refund because of an incompatibility we weren't able to fix - we've corrected every compatibility issue that we've come across :)

guest
February 1st, 2010, 12:45 PM
-{ Quote: "with all due respect guest," }-
This is only an empty phrase as you have sadly proved you have NO respect at all for me.

-{ Quote: "we have far more than one million SafeOnline users and virtually all of them are running problem free." }-HAHAHA!! :argh: (this is called virtual reality I guess)

And you know that HOW? Many things I discovered - besides the ones that provoked crashes in early betas - are NOT obvious if you don't test them. To say - in other words - that SafeOnline works (!) just because it is installed on one million systems which owners don't complain to you does say *NOTHING* at all!

Of course I start from which what I see on MY system and on others I get hands on. - And what I see there regarding SafeOnline since months (!) was first alpha (in 2009) and is now for a while beta and maybe in a few weeks and after some more builds close to RC but for sure NOT to final yet!?

-{ Quote: "I know that you have run into a few issues in the past with SafeOnline, but most of these were caused by Fritz!Protect, " }-

FYI: Since I have Win 7 installed I don't use Fritz!Protect anymore.
And that's only because YOU said Prevx has a problem with it!!!

-> No, those bugs I lately discovered were all bugs of Prevx and nothing else!

-{ Quote: "Outside of those issues, most of your complaints were due to screen protection, but that was because of being set into compatibility mode by configuring it down to High which is intentional... " }-

WTF?! - That isn't true and you know it! Why are you lying openly to me when I can proof you wrong just pointing to many postings I made including screenshots?!?

Truth is (hardcore fanboys please grab a tissue):

Your software had a simple bug which I discovered (and you embarrassingly failed to reproduce on your own! *LOL*) and showed you via remote control. If you really have trouble remembering: Prevx SO slider set back from high to maximum again didn't raise security to maximum again (somehow in registry), no it stayed on high (but stating maximum in GUI!) and THAT was the reason for all those (non) black screen issues I posted so much about and which no one else even noticed (here on wilders - that I know of)!

-> Bug of Prevx. Reproduced on many systems of my relatives and my own.
So it had NOTHING to do with my 'configuration' or being 'intentional' of Prevx!

And even worse you tried now again as already before to disguise this bug as you strangely didn't put it in the change log but repaired it 'silently' in the next build after our remote session! :thumbd:

And frankly I come every week across another bug so to speak (of course this is a little bit exaggerated!): The last one is that my credentials are NOT protected as they should be. Whatever the reason is -> SafeOnline works right now - and since many weeks - *NOT* as advertised. - Maybe on million other system (though I really doubt that!)- But not on my system, fact!

-{ Quote: "so outside of these, I haven't really seen any issues :-\" }-

WTH? Isn't that enough?!?

Screen grabbing protection was broken for many weeks (the slider thing you wanted desperately to cover up) and credentials are not safe right now. And you want to tell me that this is/was only on MY system and on million others works fine? :argh:

Hahaha ... sorry .. just fell from my chair. ;)

Yeaaah riiiight ... and I probably just dreamt that many people had problems with Youtube or couldn't print from their browsers ... hmm .. was that before or after the official release? ::)

But if you really choose to believe that your product is now finally ready to hit the market just release it already!!! - But wait! *LOL* Clearly there must be a reason that all those people who have the old Edge version running are not automatically upgraded and are probably not going to very soon. Right. ;)

@ PrevxHelp - I am not interested anymore in helping your company finding those countless bugs / incompatibleness as uninstalling Prevx cures them all for me! In case you wonder why this ends this way: that is because if someone is lying to me I am DONE with him and whatever he is selling. (Yes, I bought SO-Upgrade, so that was not free!). Fair enough I hope? Trust -> gone. Congratulations. :P

But anyway good luck to you and with SO - you will need it! ;D - and do not wonder why no one is reporting false positives by email anymore. - Hint: it's NOT because there aren't any. No, a certain 'world's largest realtime threat database' is probably full of them. That's at least my experience, but luckily for you I am just only one of millions and can be neglected. ;)

PrevxHelp
February 1st, 2010, 01:00 PM
-{ Quote: "This is only an empty phrase as you have sadly proved you have NO respect at all for me." }-

Not true at all - you have been very valuable in your testing with Prevx and I'm sorry you took this the wrong way.

-{ Quote: "Your software had a simple bug which I discovered (and you embarrassingly failed to reproduce on your own! *LOL*) and showed you via remote control. If you really have trouble remembering: Prevx SO slider set back from high to maximum again didn't raise security to maximum again (somehow in registry), no it stayed on high (but stating maximum in GUI!) and THAT was the reason for all those (non) black screen issues I posted so much about and which no one else even noticed (here on wilders - that I know of)!

-> Bug of Prevx. Reproduced on many systems of my relatives and my own.
So it had NOTHING to do with my 'configuration' or being 'intentional' of Prevx!

And even worse you tried now again as already before to disguise this bug as you strangely didn't put it in the change log but repaired it 'silently' in the next build after our remote session! :thumbd:" }-

I'm sorry, but you are wrong. Feel free to uninstall your existing copy and download the current live version from http://info.prevx.com/downloadcsi.asp and install it - you will notice that I did not change anything within the build on your PC - it was merely me making the configuration change I asked you to try before :-\ As I explained, changing Prevx into "High" configuration enables compatibility mode, which prevents issues from occurring on some printers and allows screenshots to take place. This is not a bug and is a feature.

-{ Quote: "And frankly I come every week across another bug so to speak (of course this is a little bit exaggerated!): The last one is that my credentials are NOT protected as they should be. Whatever the reason is -> SafeOnline works right now - and since many weeks - *NOT* as advertised. - Maybe on million other system (though I really doubt that!)- But not on my system, fact!" }-

This, however, is a bug and we're working on correcting it but it looks like this is due to the German keyboard layout producing different data - I replied to your post asking for further clarification and haven't heard back yet.

-{ Quote: "Screen grabbing protection was broken for many weeks (the slider thing you wanted desperately to cover up) and credentials are not safe right now. And you want to tell me that this is/was only on MY system and on million others works fine? :argh: " }-

To reiterate - no, it was not broken. Yes, it was your system due to the configuration change you made. Please go ahead and try retesting this - you'll see that I obviously am not lying :)

-{ Quote: "Yeaaah riiiight ... and I probably just dreamt that many people had problems with Youtube or couldn't print from their browsers ... hmm .. was that before or after the official release? ::)" }-

These were isolated cases - sure, there were a handful of them when we released the test version of SafeOnline supporting x64, but you'll notice that on the purchase pages of Prevx: http://www.prevx.com/buynow.asp that we currently still do not officially support x64 within SafeOnline publicly - we're waiting for this next release.

-{ Quote: "But if you really choose to believe that your product is now finally ready to hit the market just release it already!!! - But wait! *LOL* Clearly there must be a reason that all those people who have the old Edge version running are not automatically upgraded and are probably not going to very soon. Right. ;)" }-

The v3.0.5.x version of Prevx installs two new drivers, removes a previous driver, installs a DLL, modifies a number of other system areas, restructures the Prevx local database, and replaces the core program files. We have upwards of 7 million users still happily using v3.0.1.65 for the last 10 months and we don't want to rush anything out to them. We are, however, planning on making this release in the near future.

-{ Quote: "@ PrevxHelp - I am not interested anymore in helping your company finding those countless bugs / incompatibleness as uninstalling Prevx cures them all for me! In case you wonder why this ends this way: that is because if someone is lying to me I am DONE with him and whatever he is selling. (Yes, I bought SO-Upgrade, so that was not free!). Fair enough I hope? Trust -> gone. Congratulations. :P " }-

Again, I implore you to PLEASE check your facts and you will see instantly that the issue you think is there does not exist, as I have said many times :-\

I'm really unsure where all of the animosity comes from between you and SafeOnline but I am sorry that you have this feeling towards it.

Aragorn7
February 3rd, 2010, 10:43 PM
Frankly, I love Prevx 3.0 with Safe-On-Line. I love the small package and the speed with which it scans. While I appreciate some of the suggestions for the next release, I want nothing added that increases the Prevx footprint/overhead. This, along with the cloud-based technology, is one of my chief selling points. If you add everything everyone wants to add, I'm afraid you will lose this feature. That's why the typical internet security suites are so cumbersome. I have no desire to go back to Prevx 2.0.

Prevx Safe-On-Line: On some of my clients' PCs I do have to show them how to lower the security bar on certain sites in which they either cannot login or enter data or for some reason the site may not display properly. When I show them how to do this, they don't seem to think it is a problem.

For me, a simple but great improvement would be to simply provide the user manual in a PDF format. It would be searchable and far less cumbersome than the current on-line manuals. This might, for example, just make it easier for a customer to know how to report a false positve to Prevx. I recently read a positive user review on Prevx with the lone criticism that there was no way to report a false positive. Of course, this is not correct and a searchable PDF manual might have avoided this reviewer's mistake.

Thanks for a great product.

PrevxHelp
February 4th, 2010, 11:14 AM
-{ Quote: "Frankly, I love Prevx 3.0 with Safe-On-Line. I love the small package and the speed with which it scans. While I appreciate some of the suggestions for the next release, I want nothing added that increases the Prevx footprint/overhead. This, along with the cloud-based technology, is one of my chief selling points. If you add everything everyone wants to add, I'm afraid you will lose this feature. That's why the typical internet security suites are so cumbersome. I have no desire to go back to Prevx 2.0." }-

We agree - and our primary goal is to keep Prevx as small, light, and unobtrusive as possible. To give you some context on the improvements we're making: we never see Prevx 3.0 breaking the one megabyte barrier :)

-{ Quote: "Prevx Safe-On-Line: On some of my clients' PCs I do have to show them how to lower the security bar on certain sites in which they either cannot login or enter data or for some reason the site may not display properly. When I show them how to do this, they don't seem to think it is a problem.

For me, a simple but great improvement would be to simply provide the user manual in a PDF format. It would be searchable and far less cumbersome than the current on-line manuals. This might, for example, just make it easier for a customer to know how to report a false positve to Prevx. I recently read a positive user review on Prevx with the lone criticism that there was no way to report a false positive. Of course, this is not correct and a searchable PDF manual might have avoided this reviewer's mistake." }-

Definitely a good point - I will see what we can do to make a combined SafeOnline + Prevx 3.0 PDF for downloadable help.

-{ Quote: "Thanks for a great product." }-

Thank you for your support! :)

pling_man
February 11th, 2010, 03:52 PM
As we now have SafeOnline providing secure comunication with banks and the like would it be possible in future versions to allow SafeOnline to also manage the passwords so we can log in automatically. These could be encrypted and hidden behind a master password. Obviously the master password must be entered once in any browser session to provide access.

I suspect SafeOnline only stores a hash of the data it protects at the moment so this would need to be changed (its a one way function).

I know you can get various plugins and software to do this, but it would be cool to have it combined with the security that something like SafeOnline offers.

Of course it will all have to be coded in very few kilobytes -- a challenge for someone. ;D

Just an idea.

PrevxHelp
February 12th, 2010, 02:08 PM
-{ Quote: "As we now have SafeOnline providing secure comunication with banks and the like would it be possible in future versions to allow SafeOnline to also manage the passwords so we can log in automatically. These could be encrypted and hidden behind a master password. Obviously the master password must be entered once in any browser session to provide access.

I suspect SafeOnline only stores a hash of the data it protects at the moment so this would need to be changed (its a one way function).

I know you can get various plugins and software to do this, but it would be cool to have it combined with the security that something like SafeOnline offers.

Of course it will all have to be coded in very few kilobytes -- a challenge for someone. ;D

Just an idea." }-

:) Definitely a good idea - in the meantime, you could use a product like Roboform to fill in the details, but it would be much more elegant to include it all within SafeOnline directly.

We'll try and find some way to squeeze it in there, or make it a separate download ;D

PC__Gamer
February 12th, 2010, 07:07 PM
i want prevx to show more information on why a file is flagged as malware, to give the users 'me included' more information on deciding what to do with it.

a few different colours of infections would be helpful too, to show the severity differences of the detected files.

I want the 'no more changes are allowed on this license' or whatever it says to be fixed, especially when its the same computer-name.

and i want SafeOnline to improve its bad-website detection & its IP blocking/filtering improved.

and of course, the green blob back too. ;D

PrevxHelp
February 14th, 2010, 12:55 PM
-{ Quote: "i want prevx to show more information on why a file is flagged as malware, to give the users 'me included' more information on deciding what to do with it." }-

The next time you receive a detected file within the scan results, try double clicking on the entry - it should open up a web page with much more information on the file :)

-{ Quote: "a few different colours of infections would be helpful too, to show the severity differences of the detected files. " }-

We should be delineating between High Risk/Medium Risk/Low Risk within the status screen - it probably isn't quite as clear as colors, but they are all malware regardless of the risk level and integrating the red/yellow/green again would likely introduce confusion as we try and only show the malicious files.

-{ Quote: "I want the 'no more changes are allowed on this license' or whatever it says to be fixed, especially when its the same computer-name." }-

We're still going to be adding a new system to improve this, especially when reformatting PCs - fear not, it is high on our priority list because of the volume of license change requests we receive :)

-{ Quote: "and i want SafeOnline to improve its bad-website detection & its IP blocking/filtering improved." }-

I agree, and we're constantly working on new ways to protect against malicious websites (although, in our defense, they are honestly harder to detect than malware).

-{ Quote: "and of course, the green blob back too. ;D" }-

;D ;D

pegr
February 14th, 2010, 11:38 PM
-{ Quote: "I would like the option to be able to backup and restore the list of SafeOnline security configuration settings." }-After Prevx crashed trying to update to the latest version, I was forced to uninstall and reinstall Prevx again. This sort of thing can happen once in a while and, in itself, is no big deal because Prevx is so quick and easy to install.

I did lose all of my SafeOnline configuration settings though, which was a nuisance. As previously requested, it would be very useful if there was an import/export feature to allow SafeOnline security configuration settings to be backed up and restored in case of having to reinstall Prevx. It is inconvenient to have to recreate all of the custom website settings manually each time Prevx is reinstalled.

Phantasm
February 17th, 2010, 11:17 AM
I would like Prevx to have a Behavioural thing to it, example like [SONAR] or F-Secures Deep Guard or ThreatFire etc etc.. Because once you install something malicious on your PC that is not recognized by Prevx your Fu****

PC__Gamer
February 17th, 2010, 06:51 PM
-{ Quote: "I would like Prevx to have a Behavioural thing to it, example like [SONAR] or F-Secures Deep Guard or ThreatFire etc etc.. Because once you install something malicious on your PC that is not recognized by Prevx your Fu****" }-
This statement is very inaccurate,

prevx DOES have behaviour-based detections, ive been adding rather a few samples to Prevx over the past week due to these types of detections, as heuristics/cloud had failed with the detections.

undetected zero day samples would execute for a few minutes/seconds etc and THEN prevx would alert me about the missed detection due to their behaviour.

Prevx were one of the first to use the cloud, use these methods of detections many many years ago, and only NOW, some antivirus's are trying their products out with these.

so the way i see it, Prevx has quite a few more years experience in these matters than all the rest. :)

xXDarkStalkerxX
February 17th, 2010, 07:32 PM
-{ Quote: "This statement is very inaccurate,

prevx DOES have behaviour-based detections, ive been adding rather a few samples to Prevx over the past week due to these types of detections, as heuristics/cloud had failed with the detections.

undetected zero day samples would execute for a few minutes/seconds etc and THEN prevx would alert me about the missed detection due to their behaviour.

Prevx were one of the first to use the cloud, use these methods of detections many many years ago, and only NOW, some antivirus's are trying their products out with these.

so the way i see it, Prevx has quite a few more years experience in these matters than all the rest. :)" }-

This is interesting.
But after minutes/seconds maybe it is too late , malware could already have done the harm.
Maybe there is a kind of virtualization or sandbox?

PC__Gamer
February 18th, 2010, 04:32 PM
-{ Quote: "This is interesting.
But after minutes/seconds maybe it is too late , malware could already have done the harm.
Maybe there is a kind of virtualization or sandbox?" }-
No, some samples are not quick to activate and slow to get going, this is what I meant by minutes/seconds,

Detection occurs on its behaviour, each sample is different, but prevx is very good as a behaviour blocker for undetected samples, I wouldn't worry too much about this,

Like I said, prevx as had these technologys long before many others, they know what they are doing.

What you won't see is prevx asking the customer to allow/deny everything as this isn't great.

Habakuck
February 28th, 2010, 09:55 AM
Do you have a rough timetable for the release of version 4? :)

Will it be this year oder next year? Or 2012?

PrevxHelp
March 3rd, 2010, 08:47 AM
-{ Quote: "Do you have a rough timetable for the release of version 4? :)

Will it be this year oder next year? Or 2012?" }-

Our goal is to get it out this year. We have a load of exciting technology coming behind it (and, as usual, we're being quite tight-lipped about it for now :)) so it will take some time to complete everything but we're looking to spread the testing of it further, possibly by adding in some of the functionality to Prevx 3.0 as well in the transition to 4.0.

I'll keep everyone here updated as we make progress! :)

rockdj99uk
March 3rd, 2010, 04:15 PM
Sounds exciting. I do hope it is as light on resources and quick to scan as the current version.

Habakuck
March 4th, 2010, 07:04 AM
-{ Quote: "Sounds exciting. I do hope it is as light on resources and quick to scan as the current version." }-
I think it will! :D

PrevxHelp
March 5th, 2010, 04:21 AM
-{ Quote: "Sounds exciting. I do hope it is as light on resources and quick to scan as the current version." }-

Our current plans have Prevx 4.0 coming in even smaller than 3.0 ;D

Habakuck
March 5th, 2010, 02:38 PM
Doublication

rockdj99uk
March 5th, 2010, 05:03 PM
-{ Quote: "Our current plans have Prevx 4.0 coming in even smaller than 3.0 ;D" }-

Excellent. :)

Habakuck
March 7th, 2010, 05:22 AM
I would like to see a "scan override" option so that i can define areas which PrevX do not scan at all!

PC__Gamer
March 7th, 2010, 06:37 AM
-{ Quote: "I would like to see a "scan override" option so that i can define areas which PrevX do not scan at all!" }-
advanced scan > custom scan.

Habakuck
March 7th, 2010, 07:54 AM
No, i meant the on-execution scanner.

There is a "detection override" function but the files are still scanned but not detected.

But i want them not to be scanned!

PrevxHelp
March 9th, 2010, 09:43 PM
-{ Quote: "No, i meant the on-execution scanner.

There is a "detection override" function but the files are still scanned but not detected.

But i want them not to be scanned!" }-

Understood :) This is a reasonable request and I'll see what we can do to get it in place without slowing down the operation of the scanner!

Habakuck
March 10th, 2010, 09:43 AM
-{ Quote: "Understood :) This is a reasonable request and I'll see what we can do to get it in place without slowing down the operation of the scanner!" }-
Very good! :thumb:

bellgamin
March 18th, 2010, 07:05 PM
-{ Quote: "making SafeOnline easely ON/OFF clicking on the prevx icon on the tray" }-+1.

Easy off/on is needed (by me, at least) because I only use SOL when doing serious schtuff.

pling_man
March 19th, 2010, 07:14 PM
Right click menu in system tray contains "Stop protection". But this is called "Suspend protection" in main GUI. Change both to "Suspend protection". Use stop protection on the next screen that appears (as now in the main GUI).

BoerenkoolMetWorst
March 22nd, 2010, 06:40 PM
When you click the SafeOnline icon and click configure, it automatically adds the current site to max protection, please remove this, if I click configure I want to configure, not add a site, there is already a add protection button for that.

keep up the good work with this great product :)

Gasp
March 24th, 2010, 03:10 AM
Would it be a good idea to implement a backup scanner, say Ikarus. Double Protection for online and offline :)

jmonge
March 24th, 2010, 08:37 AM
it will defenitly very good idea to have active process activities within prevx:thumb: and be able to take control in case of bypass and more control to the pc's activities:thumb:

papillonn
March 24th, 2010, 11:42 AM
Could you please support comodo dragon browser?

PC__Gamer
March 24th, 2010, 04:43 PM
-{ Quote: "Could you please support comodo dragon browser?" }-
Very much doubt this would happen, the four major browsers will be the ones supported and if, if they were to add another, it would probably be safari

Triple Helix
March 24th, 2010, 05:08 PM
-{ Quote: "Would it be a good idea to implement a backup scanner, say Ikarus. Double Protection for online and offline :)" }-

No I don't want some bloated piece of software! If you want something like that just add a free AV such as Avast or AVG!

TH

SweX
March 24th, 2010, 11:07 PM
-{ Quote: "Very much doubt this would happen, the four major browsers will be the ones supported and if, if they were to add another, it would probably be safari" }-

Yes indeed since Prevx is currently developing a Mac version so I don't see why they wouldn't since Safari is the standard web-browser in Mac OS X ;D

PC__Gamer
March 26th, 2010, 11:30 AM
-{ Quote: "Would it be a good idea to implement a backup scanner, say Ikarus. Double Protection for online and offline :)" }-
hell no!

I will ditch prevx the day they start to use multiple engines, ::)

PrevxHelp
March 26th, 2010, 11:38 AM
-{ Quote: "hell no!

I will ditch prevx the day they start to use multiple engines, ::)" }-

;D So will I ;) All of our technology is built in-house and will remain that way :)

Kees1958
April 3rd, 2010, 04:20 AM
Feature request of a bystander (not a user), but sympathising with PrevX ;D

I have a small feature request

I do understand the defaut settings of PrevX used in a new installation. Reason is that you can't assume the system is clean. But I would like to suggest a relatively simple (because it is based on existing components) optimisation.

Phase1:
PrevX starts in the default settings, after a predefined time (say a month), the apply HEURISTICS BEFORE changes to AFTER applying AGE/POPULARITY. The reason is obvious, after having looked at all programs for a month and NOT having met a warning (this is a 'confidence' elevation criteria), it is fair to assume the system is not infected. Ergo the PrevX can limit its focus to recently installed and or changed programs. This makes PrevX even use less CPU cycles.

Phase2:
After NOT having met any warnings in an additional time frame (again a month for example), the Progam AGE heuristics slides to MEDIUM. The reason is also obvious, since there is no sign of infection, PrevX should emphasis its other quality: zero day malware protection. For the same reason the program POPULARITY setting should also slide to MEDIUM, making it a balanced setting. As stated earlier not being infected is again a 'confidence' elevation criteria.

I have played around with PrevX in the past and really liked PrevX in this setting. In my experience this setting even offered a (slightly) higher protection. The difference between LOW and MEDIUM is not as dramatic as gearing up from HIGH to MAX. So this still should be a comfortable setting for average users.

Bottem line
I am sure the developers will have additional ideas/improvements (e.g. looking at the amount of new programs installed to classify the user and determine the applied confidence periods). I think this is a practical improvement for the average users. The knowledge of the user is the same after two months, but the knowledge of the PC usage by PrevX application has increased and hence the settings can be optimised. It also offers an extra feature marketing wise.
After the innovative lisence model of PrevX2, the innovation to cloud based protection was made (PrevX3). May be the next innovation will be usage (is risk) based setting personalisation, to provide the best security fit to individual users.

Regards Kees

PrevxHelp
April 3rd, 2010, 12:20 PM
:thumb: :thumb: As always, fantastic post, Kees :) I think this is a great idea and something that will be a very valuable addition.

Also, I noticed on another thread that you were having some problems with SafeOnline and typing in URLs - it might be worth trying out the newest beta to see if the problems persist :)

pling_man
April 5th, 2010, 04:53 PM
Is it possible for the uninstall routine to have the option to allow the list of user configured sites and confidential data to be preserved. Or failing that, provide some guidance on how a user can preserve this manually by making a copy of one of prevx's files.

This will prevent me having to re-enter confidential data for 20+ sites when I do a re-install. :)

PrevxHelp
April 5th, 2010, 11:25 PM
-{ Quote: "Is it possible for the uninstall routine to have the option to allow the list of user configured sites and confidential data to be preserved. Or failing that, provide some guidance on how a user can preserve this manually by making a copy of one of prevx's files.

This will prevent me having to re-enter confidential data for 20+ sites when I do a re-install. :)" }-

SafeOnline does store its configuration on disk but it is checked for integrity and will be deleted if changed or replaced with another set of configuration options. I'll see what we can do about adding an override for this :)

pegr
April 6th, 2010, 11:00 PM
-{ Quote: "SafeOnline does store its configuration on disk but it is checked for integrity and will be deleted if changed or replaced with another set of configuration options. I'll see what we can do about adding an override for this :)" }-Instead of an override, wouldn't it be better to add an import/export option that would allow all Prevx/SafeOnline settings to be saved and restored on demand?

Kees1958
April 10th, 2010, 07:17 AM
-{ Quote: ":thumb: :thumb: As always, fantastic post, Kees :) I think this is a great idea and something that will be a very valuable addition.

Also, I noticed on another thread that you were having some problems with SafeOnline and typing in URLs - it might be worth trying out the newest beta to see if the problems persist :)" }-

I will try i when I am home. Weekend before eastern i had a rugby accident. Could not move anything from chest down for half an hour. They fixed spine 3 to 7 in my neck, so i will tripwire security on airports the rest of my life. I have internet in the hospital to kill time browsing wilders. I will report whether the issue is solved hopefully within two weeks.

Here is another idea for future prevx development

Safe install mode
What it does? Checks the executable against the white/black list of prevx.
When good = allows install, when bad = denies install, when unkown
a) creates a restore point
b) logs registry changes for autoruns
c) sends a report to prevx servers
d) creates 'safe boot undo'

When the prevx servers have not answered in 3 days (or any other reasonable time frame), prevx will invoke a re-boot in safe mode, undo all logged auto run registry changes, trigger a restore. This will effectively wipe out the loading of the installed program, drivers or services. This same mechanism can be used to remove the executable when it turned out to be malware after the analysis.

With this mechanism the cloud availability is a non-issue. When malware disconnects the pc from the prevx servers, it will always be wiped out after 3 days. This takes away the disadvantage of cloud based security (needing a life connection)

This safe boot registry healing mechanism, should work with scripts. This mechanism can also be used for newly discovered threats and pushed through the internet as a tailored recovery, as though some external specialist analysed my hijack this log and created a script to clean it and best of all executed the script remotely.

Regards kees

Matthijs5nl
April 10th, 2010, 07:41 AM
You should make your own program Kees =)

Kees1958
April 10th, 2010, 12:13 PM
-{ Quote: "You should make your own program Kees =)" }-

I was a programmer at 21, way back, had to take the difficult route of data base admin and network/tp designer, before I discovered where I was 'born' for: analysing business problems and specifying user requirements. Giving hints to innovative companies is more my cup of thee now.

Also when Prevx2 came out with all sorts of protection mechanismes, I thought it would become to much a mixed bag to excell at anything. PrevX3 prooved I was wrong by applying all those different technique (white/black list, community, age, behavioral heuristics) in a way it made sense, meaning increasing security and reducing user decisions.

PrevxHelp
April 10th, 2010, 10:10 PM
-{ Quote: "I will try i when I am home. Weekend before eastern i had a rugby accident. Could not move anything from chest down for half an hour. They fixed spine 3 to 7 in my neck, so i will tripwire security on airports the rest of my life. I have internet in the hospital to kill time browsing wilders. I will report whether the issue is solved hopefully within two weeks." }-

I'm truly sorry to hear this, Kees. I do hope you'll be alright - not a good situation to be in at all :(

-{ Quote: "What it does? Checks the executable against the white/black list of prevx.
When good = allows install, when bad = denies install, when unkown
a) creates a restore point
b) logs registry changes for autoruns
c) sends a report to prevx servers
d) creates 'safe boot undo' " }-

You've hit the nail on the head with one of the most interesting aspects of Prevx 4.0's protection :) We won't be using restore points but our own technology behind-the-scenes for extremely intelligent cleanup and rollback of individual infections.

More on this to come as we're still shaping the technology but it will certainly be quite a powerful feature.

Prevx 4.0 in many ways will be even easier than Prevx 3.0 to use for the average user, but we're adding in some of the features from Prevx 2.0 and many, many more which will really give technical users a huge toolset to work with without compromising the simplicity of the product. It's honestly hard to curb our excitement with the mass of functionality coming around in it, but we still have quite a lot of work to do before it is ready for mass consumption :)

Thanks again for the suggestions and please let me know if you have any other thoughts! Again, I do hope you recover swiftly and fully!

PC__Gamer
April 10th, 2010, 10:14 PM
-{ Quote: "I'm truly sorry to hear this, Kees. I do hope you'll be alright - not a good situation to be in at all :(

You've hit the nail on the head with one of the most interesting aspects of Prevx 4.0's protection :) We won't be using restore points but our own technology behind-the-scenes for extremely intelligent cleanup and rollback of individual infections.

More on this to come as we're still shaping the technology but it will certainly be quite a powerful feature.

Prevx 4.0 in many ways will be even easier than Prevx 3.0 to use for the average user, but we're adding in some of the features from Prevx 2.0 and many, many more which will really give technical users a huge toolset to work with without compromising the simplicity of the product. It's honestly hard to curb our excitement with the mass of functionality coming around in it, but we still have quite a lot of work to do before it is ready for mass consumption :)

Thanks again for the suggestions and please let me know if you have any other thoughts! Again, I do hope you recover swiftly and fully!" }-
of course some features from prevx 2.0 will be arriving, that green blob is here to stay ;)

so, if 3.5 is the next big version before 4, whats in that? :)

Kees1958
April 11th, 2010, 04:51 AM
-{ Quote: "I'm truly sorry to hear this, Kees. I do hope you'll be alright - not a good situation to be in at all :( " }-

Well I am improving, makes one humble recovering from something nasty.

-{ Quote: "
You've hit the nail on the head with one of the most interesting aspects of Prevx 4.0's protection :) We won't be using restore points but our own technology behind-the-scenes for extremely intelligent cleanup and rollback of individual infections.
" }-
Makes me curious to the release calender :thumb:

PC__Gamer
April 11th, 2010, 10:39 AM
I am surprised that Prevx doesn't block ad's and popups with its PSO, maybe a future feature or would this be a line prevx wont be going down?

markusg
April 15th, 2010, 12:20 PM
perhaps you can add in the scan result window a "view report"buton?

pling_man
April 15th, 2010, 02:04 PM
I have a new problem I have not seen before. Its a good one too. I was using the new 119 RC.

I left prevx doing a scan while I went for a cup of tea. I had various other things open, firefox, powerpoint, which may not be relevant. There was no reason to do a scan, just that I'm paranoid and like to see System Clean from prevx.

When I got back prevx had disappeared from my system tray and the GUI wasn't open. Oh no not again I thought.

Save my work and restart and it will come back, only this time it didn't. I rebooted again and it didn't run again.

I doubled clicked the prevx icon on my desktop and got a message that the target file did not exist. When I went to look, my C:\Program Files\Prevx direcory was empty. Prevx has uninstalled itself! I'm not joking. I don't know if PrevxHelp can do anything remotely -- there might be some clues as to what has happened; I can wait and see what he says before I re-install (my system's clean and im not logging into any of my sites next day or so, so I can live without it if it helps others).

I just noticed there's a new RC so it could be this tried to update when I did the scan? I think TripleHelix told me it could do this.

I have saved scan log from this morning if it helps (when all worked ok). Prevx is still showing in add/remove programs but there are no files.

Edit: I re-installed and have now got 124 RC working.

BoerenkoolMetWorst
April 23rd, 2010, 01:53 AM
2 suggestions:
1: With password protection, it even asks for a PW when adding a site to protection, but it doesn't when uninstalling prevx, please also make a password prompt to secure unwanted uninstalls.
2: I have the MVPS hosts file, when to browser accesses sites in the file a warning dialog from Prevx pops up with 3 options: close(which closes the whole browser, just not one tab), ignore(which lets you visit the site) or fix it(which presumably removes the entry from the HOSTS file?) I would like to have another option, keep blocked.

pling_man
April 23rd, 2010, 02:17 AM
-{ Quote: "
2: I have the MVPS hosts file, when to browser accesses sites in the file a warning dialog from Prevx pops up with 3 options: close(which closes the whole browser, just not one tab), ignore(which lets you visit the site) or fix it(which presumably removes the entry from the HOSTS file?) I would like to have another option, keep blocked." }-

Good idea. I would support a "keep blocked" option for an entry in the hosts file with IP 127.0.0.1 (and for 0.0.0.0 which is sometmes used) as these could be intentional entries. You can click "ignore" but it adds an entry to the list of sites in SafeOnline which is not needed.

dclkdm
April 27th, 2010, 04:56 PM
Future request:

prevx blocking screwed up av to mess up your windows like mcafee did last week >:(

April 27th, 2010, 05:46 PM
Request; Submit sample for analysis via the main program if the hash (or whatever) of the file has never been seen before.

NiteSurfer
April 29th, 2010, 03:14 AM
Perhaps this has already been suggested, but I would like to see in future changes the pop-up screen when you need to disable Prevx during installs slightly smaller and transparent because it interferes with what you need to see on the programs you are installing. Thanks.

Skywolfe
May 5th, 2010, 01:16 AM
I don't know where else to place this since there doesn't seem to really me much on Prevx out there but would it be possible to make it to where you could have a trial of it (with protection enabled) for so many days like most security programs have instead of just saying what it could have caught if you bought the program? that way it would give people a chance to actually test it?

May 5th, 2010, 03:08 AM
Additional protection against rouge AVs/AMs.

lubieplacki
May 5th, 2010, 09:09 AM

You need to repair the SafeOnline module.

May 5th, 2010, 02:37 PM
-{ Quote: "You need to repair the SafeOnline module." }-

Now THAT is funny. ;D

lubieplacki
May 5th, 2010, 02:56 PM
Why this is funny? The right is that SafeOnline module makes the most problems of Prevx. SafeOnline weakest part of Prevx, weakest link.

PrevxHelp
May 5th, 2010, 03:04 PM
-{ Quote: "Why this is funny? The right is that SafeOnline module makes the most problems of Prevx. SafeOnline weakest part of Prevx, weakest link." }-

SafeOnline is actually one of the strongest parts of Prevx as it doesn't require knowing about files to block them. As for making the most problems - it is true that it is more difficult to be compatible in the browser than in other places, but as I'm sure you've seen, we've fixed every problem that has been reported :)

lubieplacki
May 5th, 2010, 03:14 PM
Maybe this is the strongest part but i see that maybe for a long week the SafeOnline making problem with messing other programs and Windows GUI, after disabling it the problem gone. And by this situation i have right to feel that this is the most trouble-making part of this program.

PrevxHelp
May 5th, 2010, 03:17 PM
-{ Quote: "Maybe this is the strongest part but i see that maybe for a long week the SafeOnline making problem with messing other programs and Windows GUI, after disabling it the problem gone. And by this situation i have right to feel that this is the most trouble-making part of this program." }-

This was a temporary issue which we've now fixed - we had a workaround which is to turn down protection to High from Maximum, but now the problem is fixed still on Maximum protection :)

bellgamin
May 7th, 2010, 04:03 AM
Is this the place to request changes? If so, I request that SafeOnline be made to function with K-meleon.

I further request that the right-click menu for Prevx's system tray icon enable turning SOL on/off.

P.S. SOL is working fine for me now. It is now compatible with KeePass's obfuscation algorithm. Also, SOL's drag on surfing is MUCH less than the drag caused by the web shield offered by my HIPS. In fact, SOL's drag on web surfing is so small as to be imperceptible.

May 7th, 2010, 01:23 PM
Freaking great support by Prevx. My Chrome problems have been resolved! Triple cheers! ;D

PrevxHelp
May 7th, 2010, 01:28 PM
-{ Quote: "Freaking great support by Prevx. My Chrome problems have been resolved! Triple cheers! ;D" }-

Glad to have been able to fix it the issue! Thanks for your time as well :thumb:

May 17th, 2010, 02:33 PM
So, any changes in the future which will include a ~ Snipped as per TOS (http://www.wilderssecurity.com/faq.php?faq=wilders_tos#faq_wilders_tos_1) ~ behaviour blocker and a module specifically made for rouge AVs (which are damn hard to detect)? :)

Gabe

PrevxHelp
May 17th, 2010, 10:36 PM
-{ Quote: "So, any changes in the future which will include a ~ Snipped as per TOS (http://www.wilderssecurity.com/faq.php?faq=wilders_tos#faq_wilders_tos_1) ~ behaviour blocker and a module specifically made for rouge AVs (which are damn hard to detect)? :)" }-

Yes :) We're still developing these engines which may be back ported into Prevx 3.0 but will definitely be in Prevx 4.0.

More to come in the not-so-distant future!

May 18th, 2010, 02:53 AM
Sounds epic as usual. :)

Triple Helix
May 18th, 2010, 09:30 AM
-{ Quote: "Sounds epic as usual. :)" }-

Yes I can't wait to get my hands on it ;)

TH :thumb:

May 18th, 2010, 12:59 PM
Yeah, it would be the ultimate thing to only run one, single, security program like Prevx. But for that, it needs one more layer of security; behavior blocker. I'm very happy when I hear this is about to become reality.

PC__Gamer
May 18th, 2010, 01:43 PM
-{ Quote: "Yeah, it would be the ultimate thing to only run one, single, security program like Prevx. But for that, it needs one more layer of security; behavior blocker. I'm very happy when I hear this is about to become reality." }-
i think your greatly mis-informed about Prevx if you think it doesn't have a behaviour blocker ???

May 18th, 2010, 03:58 PM
Not a very good one for rouge AV. I dare to say it's non existent when it comes to those threats.

PC__Gamer
May 18th, 2010, 08:12 PM
-{ Quote: "Not a very good one for rouge AV. I dare to say it's non existent when it comes to those threats." }-
not really, your reading too much into it or not enough.

The problem with rogues, are most do not simulate malicious behaviour, so I fail to see how you expect a behaviour blocker to pick up on that.

I think you seem to think that simply turning up the settings, especially on age/population will give you your disired results, once again, even these 'filters' take the executables behaviour into question.

Also with rogues, they are ever-mutating to bypass security products, and I think your under the impession that nothing can bypass prevx on its highest settings, sadly your wrong.

However, as more rogues appear and they have been doing over the past few months, prevx will be introducing new technology into their p4 engine to help detection of these threats, there is yet an antivirus that I've seen who gives good detections for these fake anti viruses.

And there is probably a reason why, would you have encountered these samples and actually installed them, highly doubtful. (not through general means, I personally think they are overrated and talked about as pure scare-ware, I know there are many, but its a very small percentage to what people usually get on their machines.

Triple Helix
May 18th, 2010, 08:32 PM
-{ Quote: "not really, your reading too much into it or not enough.

The problem with rogues, are most do not simulate malicious behaviour, so I fail to see how you expect a behaviour blocker to pick up on that.

I think you seem to think that simply turning up the settings, especially on age/population will give you your disired results, once again, even these 'filters' take the executables behaviour into question.

Also with rogues, they are ever-mutating to bypass security products, and I think your under the impession that nothing can bypass prevx on its highest settings, sadly your wrong.

However, as more rogues appear and they have been doing over the past few months, prevx will be introducing new technology into their p4 engine to help detection of these threats, there is yet an antivirus that I've seen who gives good detections for these fake anti viruses.

And there is probably a reason why, would you have encountered these samples and actually installed them, highly doubtful. (not through general means, I personally think they are overrated and talked about as pure scare-ware, I know there are many, but its a very small percentage to what people usually get on their machines." }-

I agree with you 100% and the one that comes out to detect these rogues and scare-ware will be the one that people will use! I look foreword to v4 of Prevx and Prevx needs to deal with this Issue and I think they are the only one's that are willing to do so!

TH

May 19th, 2010, 01:33 AM
-{ Quote: "not really, your reading too much into it or not enough.

The problem with rogues, are most do not simulate malicious behaviour, so I fail to see how you expect a behaviour blocker to pick up on that.

I think you seem to think that simply turning up the settings, especially on age/population will give you your disired results, once again, even these 'filters' take the executables behaviour into question.

Also with rogues, they are ever-mutating to bypass security products, and I think your under the impession that nothing can bypass prevx on its highest settings, sadly your wrong.

However, as more rogues appear and they have been doing over the past few months, prevx will be introducing new technology into their p4 engine to help detection of these threats, there is yet an antivirus that I've seen who gives good detections for these fake anti viruses.

And there is probably a reason why, would you have encountered these samples and actually installed them, highly doubtful. (not through general means, I personally think they are overrated and talked about as pure scare-ware, I know there are many, but its a very small percentage to what people usually get on their machines." }-

Basically, you're just confirming what I stated in the post above. :)

One a side note, scareware (aka rouge security programs) are not rare these days. Most of the friends and family member I have helped out with cleaning infections (and they are HARD to disinfect) have been infected by these. And the reason they give for installing them in the first place is usually; but the site looked so clean and sleek and the installer was beautifully made. - This is what needs to be stopped by a top-notch AV.

Habakuck
May 19th, 2010, 08:45 AM
-{ Quote: "the one that comes out to detect these rogues and scare-ware will be the one that people will use!" }-
Have a look at SONAR 3...

Symantec is on a very good way to get that deal with theire Version 2011.

May 19th, 2010, 12:31 PM
Yeah, Symantec is on its good way to solve this problem by using a sort of 'reputation' system about unknown/semi-unknown files. It is working excellent against Rouge AVs. Of course, they are probably the biggest company on the security market with above 100 million customers... so their 'reputation system' is quite reliable and hence being able to protect you against any threats.

Habakuck
May 19th, 2010, 01:55 PM
-{ Quote: "Yeah, Symantec is on its good way to solve this problem by using a sort of 'reputation' system about unknown/semi-unknown files. It is working excellent against Rouge AVs. Of course, they are probably the biggest company on the security market with above 100 million customers... so their 'reputation system' is quite reliable and hence being able to protect you against any threats." }-
The Reputation system is good, thats right. (It is called Download/File Insight.)

But SONAR is even better cause it is a real Behavior Blocker. There are not much real Behavior Blocker out there.
And good ones nearly none beside SONAR.

I hate Norton for the last years but with SONAR and the 2010 products they made a really big step forward!

May 19th, 2010, 02:07 PM
-{ Quote: "The Reputation system is good, thats right. (It is called Download/File Insight.)

But SONAR is even better cause it is a real Behavior Blocker. There are not much real Behavior Blocker out there.
And good ones nearly none beside SONAR.

I hate Norton for the last years but with SONAR and the 2010 products they made a really big step forward!" }-

And not to raise NIS to the skies, but they really, really made their product lightweighted. :thumb: A tad bit bloated still for my taste though.

PC__Gamer
May 19th, 2010, 02:14 PM
Sorry if I'm misunderstanding something, but what has sonar or symantec gotta do with prevx?

Prevx have been using reputation based detections since the start.

May 19th, 2010, 02:18 PM
You're excused for misunderstanding. We're talking about a NIS 2010 protection in a way Prevx can improve even further. It would be a nice if Prevx gave you live 'statistics' of the file you've just downloaded off the Internet; like how many user in the Prevx community who've encountered the file, how they responded to it etc.

PC__Gamer
May 19th, 2010, 02:40 PM
-{ Quote: "You're excused for misunderstanding. We're talking about a NIS 2010 protection in a way Prevx can improve even further. It would be a nice if Prevx gave you live 'statistics' of the file you've just downloaded off the Internet; like how many user in the Prevx community who've encountered the file, how they responded to it etc." }-
dont think so,

Ive already seen your other threads that you felt the need to create mentioning all the same things, aswell as Prevx and Rogue Av's.

Prevx have been using reputation detections for years, you make it sound like new technology that prevx needs to create. ???

Also, if you think relying on users reputation will make things alright, your wrong.

if people had common sense and 'reputation' they wouldn't get infected, fact is, there are many stupid people out there, many children and teens or people who are not just knowledgeable about the bad things on the internet, who will simply allow the file regardless of what they may think just to get it on,

.. end of the day, why wouldn't they allow the file when its themselfs who have downloaded it in the first place.

please tell me the differences of Sonar technology that you think is an advancement over what Prevx already do and have been doing for years?

PC__Gamer
May 19th, 2010, 02:51 PM
-{ Quote: "You're excused for misunderstanding. We're talking about a NIS 2010 protection in a way Prevx can improve even further. It would be a nice if Prevx gave you live 'statistics' of the file you've just downloaded off the Internet; like how many user in the Prevx community who've encountered the file, how they responded to it etc." }-
to add further, you basically want a pretty screen to say:

x.exe has been encountered 23 times in the community, 17 considered this file to be safe, while 6 labelled it as bad.

what difference does it make knowing, Prevx automatically have rules inplace to counter such decisions, while constantly watching the behaviour of the file aswell.

again, these are not new technologys, they are already onboard and working with Prevx.

Might sound good for Norton, in past years they didnt even have a behaviour blocker so adding a cool new one called 'Sonar' with all its advertising bells & whistles that Symantec always do is a great way to sell yet another year subscription on their new product, let me add they purchased this technology and didnt develop it themselfs, all while other products such as Prevx had already been using one for such a long time.

as for Download insight offering customers to see what people actually think of a file, its just a pretty more hands-on version of technology that Prevx has also been using for such a long time, again - another feature that is behind the times that sounds awesome to the Norton users, another feature that will create more subscriptions onto the next version.

please - stop me if im wrong. :blink:

May 19th, 2010, 03:59 PM
You add nothing new to the discussion. You're claiming Prevx got everything in place, but it doesn't.

- I think it needs a better engine for detecting rouge AV.
- Statistics for each file scanned. Say the file has been seen 400 computer, but still populariy-criteria will hit in, I would like to know the exact number of times seen to make my own judgement whether or not the file is bad (sort of an option for advanced users).

PC__Gamer
May 19th, 2010, 04:14 PM
Please don't pretend you know how prevx works when its clear to me you don't, prevx will improve its rogue detection in 4.0, but prevx does already have the things you seem to want prevx to have, which is why I don't understand your comments.

May 19th, 2010, 04:21 PM
*sigh*

I don't know what you're arguing about. I've already added a wishlist for features in the coming version, whether you like them or not.

pling_man
May 20th, 2010, 04:39 PM
Can we have the option not to show the PSO tab in the browser in 4.0 (or an upcoming 3.0) build? I don't use it much because I never want to inadvertantly protect sites and always do my configuration of PSO from the main GUI.

May 21st, 2010, 07:08 PM
I would like an option where I could choose on what browsers I have installed I want to use SO on. Wouldn't be too hard to implement, right?

tiagozt
May 26th, 2010, 12:48 AM
Hello

I'm a new PrevX user (bought a license in the last week). I don't know if someone said it before but will be interesting if we can send malware samples using the PrevX client. I just sent a malware sample to "reports" address and I don't know if you send some reply (it was my first sample to you) but it will be interesting too.

Best regards.

Tiago

Baz_kasp
May 26th, 2010, 09:56 AM
I would like to see more transparency in the data that prevx is sending to the central database. For example, It would be ideal if I could open a reports section and there view the history of all events/information submitted from my computer to prevx. This already works for malware detections via MyPrevx but as far as I know there is no real way to see what data has been sent to the database regarding specific files etc.

jmc777
June 2nd, 2010, 12:46 PM
Give users the option of retaining their license info on their system when uninstalling.

BoerenkoolMetWorst
June 3rd, 2010, 03:01 PM
I'd like an option to keep the little authenticating files option on top, as I don't see it when I'm using my web browser, now I still have to minimize it to see the authenticating files pop-up.

Skywolfe
June 21st, 2010, 08:56 PM
from what I am hearing or at least from what I have read so far in the threads... you guys seem to be expecting miracles out of a program that is specificaly a behaviour blocker to begin with. it wasn't made to replace an antivirus solution. most rouge apps will be picked up and blocked by a good antivirus program. unless it is something that is really brand new. Prevx is a good addition to security but no one product can do it alone ,and it shouldn't be expected to.

Empath
June 22nd, 2010, 03:07 AM
-{ Quote: "... you guys seem to be expecting miracles out of a program ......" }-

But...... but ........... but, can't we sort of push it in that direction?

PrevxHelp
June 22nd, 2010, 10:09 AM
-{ Quote: "from what I am hearing or at least from what I have read so far in the threads... you guys seem to be expecting miracles out of a program that is specificaly a behaviour blocker to begin with. it wasn't made to replace an antivirus solution. most rouge apps will be picked up and blocked by a good antivirus program. unless it is something that is really brand new. Prevx is a good addition to security but no one product can do it alone ,and it shouldn't be expected to." }-

I do agree with your comments about using a layered solution if possible but while Prevx in its earlier incarnations (v1, v2) was only a behavior blocker and therefore something to be used alongside an AV, Prevx 3 and the upcoming Prevx 4 certainly can replace any security solution and does so in most cases across our users. Frankly, Prevx is one of the best rogue detectors available as well: http://malwareresearchgroup.com/forum/viewtopic.php?f=20&t=80 We detect literally tens of thousands of variants of rogue threats every day automatically because of our familial signatures. While they are indeed more difficult for all of the antivirus industry to detect, it is not impossible and Prevx does include a strong signature engine in addition to the behavior monitoring :)

We're certified Platinum from WestCoastLabs for Antivirus, Antitrojan, and Antispyware, as well as receiving the PC Magazine Editors' Choice for Antispyware and numerous other awards so while it may sound like Prevx focuses on "behavior, behavior, behavior", we do so in a way that allows us to detect threats that more conventional AVs also detect.

Let me know if you have any questions! :)

trjam
June 22nd, 2010, 01:03 PM
I have no problem using 3 as a stand alone app. Version 4 is going be sweet.

Matthijs5nl
June 22nd, 2010, 01:16 PM
In what kind of time schedule should we expect version 4? Or the beta?
I do hope there will be a beta soon. Because I don't know yet what I'll do after my current ESET license expires (I have the NOD32 + Hitman Pro bundle). ESET 5 has to come with some nice features. And I do like Prevx and since the Prevx + Hitman Pro bundle is available that seems like a solid option. (Without the SafeOnline component ofcourse, but I have read there is a commandline trick to install it without Safe Online. I don't like programs protecting my browser, I keep my pc safe, so why should I care? SafeOnline might very well be a great program, fine to me, you can tell me anything you want. But I don't need it.)

Also: what will be the highlight new features of version 4?

Skywolfe
June 22nd, 2010, 01:22 PM
if Prevx works fine as a stand alone program then it would detect everything around it like the eicar test file which it doesn't. it doesn't even detect trojan simulator. so if you are working on an "all security app?" I would fix those two things because if it won't detect something as simple as a test file.. what will it do in realtime? using it beside something is fine. I myself just don't see the point in using something that doesn't detect the simple things. leaves your system too vunerable. it is like unlocking the doors while you are away and expecting to be fine. layered protection is always a good idea. in some cases it isn't needed but those circumstances are rare.

Triple Helix
June 22nd, 2010, 01:29 PM
-{ Quote: "if Prevx works fine as a stand alone program then it would detect everything around it like the eicar test file which it doesn't. it doesn't even detect trojan simulator. so if you are working on an "all security app?" I would fix those two things because if it won't detect something as simple as a test file.. what will it do in realtime? using it beside something is fine. I myself just don't see the point in using something that doesn't detect the simple things. leaves your system too vunerable. it is like unlocking the doors while you are away and expecting to be fine. layered protection is always a good idea. in some cases it isn't needed but those circumstances are rare." }-

It does detect them! http://www.wilderssecurity.com/showpost.php?p=1680260&postcount=10 and here is the whole thread http://www.wilderssecurity.com/showthread.php?t=272629 There must be some other security app that is interfering with detection?

TH

Triple Helix
June 22nd, 2010, 01:30 PM
-{ Quote: "In what kind of time schedule should we expect version 4? Or the beta?
I do hope there will be a beta soon. Because I don't know yet what I'll do after my current ESET license expires (I have the NOD32 + Hitman Pro bundle). ESET 5 has to come with some nice features. And I do like Prevx and since the Prevx + Hitman Pro bundle is available that seems like a solid option. (Without the SafeOnline component ofcourse, but I have read there is a commandline trick to install it without Safe Online. I don't like programs protecting my browser, I keep my pc safe, so why should I care? SafeOnline might very well be a great program, fine to me, you can tell me anything you want. But I don't need it.)

Also: what will be the highlight new features of version 4?" }-

V4 will not be out for Beta for sometime maybe late fall or winter! Also if you don't want to install SafeOnline here is the info but not recommended: http://www.wilderssecurity.com/showthread.php?t=268613

TH

Skywolfe
June 22nd, 2010, 01:32 PM
I ran a MANUAL SCAN on the trojan simulater file and it appeared fine. eset however picked it up. but I am glad for those results because to me...it basicaly means it is rock solid ;)

Triple Helix
June 22nd, 2010, 01:37 PM
-{ Quote: "I ran a MANUAL SCAN on the trojan simulater file and it appeared fine. eset however picked it up. but I am glad for those results because to me...it basicaly means it is rock solid ;)" }-

True as I removed NOD32 on my laptop and I find it much faster I will use NOD32 and Prevx on my Desktop till my NOD32 license expires! Check in Detection Overrides in Prevx to see if they are there? And also what Version of Prevx are you using? Prevx full, Free version or Facebook version?

TH

EDIT: In my Test screen shot I executed them and then Prevx Blocked them!

Skywolfe
June 22nd, 2010, 02:05 PM
free because I can't buy the full just yet. one thing I would recommend although I doubt it would change anything is that people actually get a chance to TRY OUT the detection because otherwise as it has been said on different videos... it acts like a rouge app. oh look its detected but to remove you have to pay etc. in my case nothing is detected. and nothing is in detection overrides.

Triple Helix
June 22nd, 2010, 02:17 PM
-{ Quote: "free because I can't buy the full just yet. one thing I would recommend although I doubt it would change anything is that people actually get a chance to TRY OUT the detection because otherwise as it has been said on different videos... it acts like a rouge app. oh look its detected but to remove you have to pay etc. in my case nothing is detected. and nothing is in detection overrides." }-

Believe me it's not a ROGUE! Maybe do a reinstall to see if that helps? Uninstall and reboot and install a fresh copy! Maybe give the new RC a try? http://www.wilderssecurity.com/showthread.php?t=275231

TH

Skywolfe
June 22nd, 2010, 02:35 PM
I know that it isn't a rouge but the way the company operates in making people pay for something that should be a good trial of... is the same type of deal. one other thing I would vouch for would be live support or a way to actually contact them other than just e mail lol. and yep I have reinstalled. I am on a fresh copy now :P

PrevxHelp
June 23rd, 2010, 12:43 PM
-{ Quote: "I ran a MANUAL SCAN on the trojan simulater file and it appeared fine. eset however picked it up. but I am glad for those results because to me...it basicaly means it is rock solid ;)" }-

With ESET active, it is likely blocking Prevx from reading the files. We obviously detect EICAR and Trojan Simulator, but in order to be compatible with other security products, we will let them detect the files if they can :)

PrevxHelp
June 23rd, 2010, 12:45 PM
-{ Quote: "I know that it isn't a rouge but the way the company operates in making people pay for something that should be a good trial of... is the same type of deal. one other thing I would vouch for would be live support or a way to actually contact them other than just e mail lol. and yep I have reinstalled. I am on a fresh copy now :P" }-

We do offer live chat for paid customers and we guarantee our malware cleanup so if there is something which does get by, we will sort it out with no additional fee :) http://www.pcmag.com/article2/0,2817,2365113,00.asp

Skywolfe
June 23rd, 2010, 01:46 PM
hmm I am curious as to where. because Prevx goes through a third party and on the clever bridge site it specificaly said (at least from what I have found) that they don't provide support for their products.... but live chat is wonderfull when you can get ahold of people ;) I just wish my mouse wouldn't act up with it installed lol

PrevxHelp
June 24th, 2010, 11:23 AM
-{ Quote: "hmm I am curious as to where. because Prevx goes through a third party and on the clever bridge site it specificaly said (at least from what I have found) that they don't provide support for their products.... but live chat is wonderfull when you can get ahold of people ;) I just wish my mouse wouldn't act up with it installed lol" }-

We offer live chat on a case-by-case basis as virtually all support inquiries can be solved over our standard messaging. We also offer phone support if it is required, and remote assistance for helping out with malware infections or software incompatibilities.

Regarding your mouse - could you try lowering protection to "High" from Maximum within SafeOnline and see if that fixes the issue? :)

Skywolfe
June 29th, 2010, 01:09 AM
-{ Quote: "Regarding your mouse - could you try lowering protection to "High" from Maximum within SafeOnline and see if that fixes the issue? " }-

I have and it doesn't seem to make much of a difference it just jumped around. but without it installed, the mouse works fine.

PrevxHelp
June 29th, 2010, 06:12 PM
-{ Quote: "I have and it doesn't seem to make much of a difference it just jumped around. but without it installed, the mouse works fine." }-

It may be worth having a remote support session to solve this. If you'd be interested, could you please send me a PM and we can schedule a time from there?

Thanks! :)

Skywolfe
June 29th, 2010, 09:16 PM
it has already been uninstalled ;) I had to because things would freeze because ot it.

raven211
July 23rd, 2010, 01:54 PM
Virtualization/sandboxing of files unknown to your central and analysis.

Has this been suggested before and do you've any plans for something like this or similar to this?

PrevxHelp
July 25th, 2010, 02:46 PM
-{ Quote: "Virtualization/sandboxing of files unknown to your central and analysis.

Has this been suggested before and do you've any plans for something like this or similar to this?" }-

Yes :) Prevx 4 uses virtualization/sandboxing techniques but isn't a conventional sandbox... per-se. :)

I'll clarify this more once we get closer to a beta ;D

July 28th, 2010, 11:24 AM
I am once again requesting increased detection of rouge AVs.

Even at maximum heuristic settings they're running past Prevx without a hint or prompt. I could post an example right now but I know it's against the rules to link to malware at Wilders.

Shouldn't unknown and new files get detected by age/popularity criteria and prompt me what to do? These bad-ass-malwares installs silently while Prevx does nothing (and that goes for Panda Cloud Antivirus and Avira Premium as well).

BoerenkoolMetWorst
July 29th, 2010, 02:39 AM
It is in the making, Prevx 4 will get a special Behaviour detection for rogue's ;)

Dark Star 72
July 29th, 2010, 06:45 AM
-{ Quote: "Yes :) Prevx 4 uses virtualization/sandboxing techniques but isn't a conventional sandbox... per-se. :)

I'll clarify this more once we get closer to a beta ;D" }-

Does this mean that Prevx 4 will not be compatible with the likes of Returnil and Shadow Defender which the present versions of Prevx are?

July 29th, 2010, 06:59 AM
-{ Quote: "It is in the making, Prevx 4 will get a special Behaviour detection for rogue's ;)" }-

I kind of knew that already. I was just trying emphasize the importance of such implemention once again. :) It's the weak spot of Prevx! :)

Uli9000
July 29th, 2010, 11:59 AM
Hi

Any chance of adding safeonline protection to flashpeaks slimbrowser?

Uli

Uli9000
July 29th, 2010, 12:26 PM
Hi

Scratch that, just found out it's based on IE which makes me a little uncomfortable.

Uli

PrevxHelp
July 30th, 2010, 08:05 AM
-{ Quote: "Does this mean that Prevx 4 will not be compatible with the likes of Returnil and Shadow Defender which the present versions of Prevx are?" }-

No, Prevx will still remain compatible with everything it is compatible with today :)

August 6th, 2010, 02:21 PM
I am once again pleading for better rouge AV protection. All files should get checked against Prevx database. If never seen before, I want to know about it. Even at all max heuristic this one just got through without any notification from Prevx:

MD5 : d96a9047e5c30fb2f709d0f45783efe0

Cheers! :)

PrevxHelp
August 6th, 2010, 02:24 PM
-{ Quote: "I am once again pleading for better rouge AV protection. All files should get checked against Prevx database. If never seen before, I want to know about it. Even at all max heuristic this one just got through without any notification from Prevx" }-

In our defense, I just checked that MD5 on VT and no one finds it :) (VBA32 just says it is using a cryptor, but not an actual detection).

Baz_kasp
August 6th, 2010, 02:25 PM
-{ Quote: "I am once again pleading for better rouge AV protection. All files should get checked against Prevx database. If never seen before, I want to know about it. Even at all max heuristic this one just got through without any notification from Prevx:

MD5 : d96a9047e5c30fb2f709d0f45783efe0

Cheers! :)" }-

I dont think spamming the request thread with the same request will make it happen any faster to be honest....how about sending them the samples so they can be added? :)

PrevxHelp
August 6th, 2010, 02:25 PM
It's also probably worth noting that the MSI itself won't contain the malicious components - if you actually install it, does Prevx not warn?

August 6th, 2010, 02:43 PM
-{ Quote: "It's also probably worth noting that the MSI itself won't contain the malicious components - if you actually install it, does Prevx not warn?" }-

It does not warn when installing and it does not seem to add any malware onto my computer. KIS 2011 however warns me the application is untrusted (seen by less than 10 users of the community) and asks me whether or not to trust it, run under restrictions or block it. I choose to trust it and no reaction yet from Prevx (and to be completely fair, Kaspersky doesn't detect it as malicious, just unknown).

The Rouge AV was PCDefenderSilentSetup.msi and was collected from MDL. Silently installed in program files\def\ and when I executed the .exe, a scan window was shown from Prevx down in right corner but was allowed to run... and I was screwed. Firefox got terminated and the dice was rolled. :p Some russian bad-ass scanner completely destroyed my computer and had to restart with Returnil. :)

I will stop spamming this thread now with the request. I just sent it to Prevx. :)

Triple Helix
August 6th, 2010, 02:56 PM
-{ Quote: "It does not warn when installing and it does not seem to add any malware onto my computer. KIS 2011 however warns me the application is untrusted and asks me whether or not to trust it, run under restrictions or block it. I choose to trust it and no reaction yet from Prevx (and to be completely fair, Kaspersky doesn't detect it as malicious, just unknown). The Rouge AV was collected from MDL. Silently installed in program files\def\ and when I executed the .exe, a scan window was shown from Prevx down in right corner but was allowed to run... and I was screwed. Firefox got terminated and the dice was rolled. :p

I will stop spamming this thread now with the request. I'll just send it to Prevx. :)" }-

You can say what ever you want and keep doing so!! But it is best to send to Prevx to get them added! :thumb: V4 will have something better to handle rogue's so that's good to know! ;)

TH

August 6th, 2010, 03:12 PM
I know, I know, I know. I'll stop. :)

Baz_kasp
August 11th, 2010, 06:59 AM
I would like to see an online file submission webpage to negate the need for logging into email in order to send suspicious files.

August 13th, 2010, 03:06 AM
-{ Quote: "I would like to see an online file submission webpage to negate the need for logging into email in order to send suspicious files." }-

Agreed. Would allow quicker and more easy-going submission of files without 'the hassle'.

SQBI
August 13th, 2010, 06:53 PM
The 'authenticating files' message window could have an "always on top" option.

BoerenkoolMetWorst
August 14th, 2010, 04:44 AM
-{ Quote: "The 'authenticating files' message window could have an "always on top" option." }-

I support this request :)

Phantasm
August 14th, 2010, 07:11 AM
-{ Quote: "I am once again requesting increased detection of rouge AVs.

Even at maximum heuristic settings they're running past Prevx without a hint or prompt. I could post an example right now but I know it's against the rules to link to malware at Wilders.

Shouldn't unknown and new files get detected by age/popularity criteria and prompt me what to do? These bad-ass-malwares installs silently while Prevx does nothing (and that goes for Panda Cloud Antivirus and Avira Premium as well)." }-

Use ThreatFire and Prevx together = Excellent