The aim of this thread is to give feedback to Prevx as to changes we would like to see in future upgrades of Prevx.

TH

1) The "Save Scan Result" does not work fine if the SelfProtection Setting is at Maximum. I would not like to see that behavior in the next upgade
OS is Vista HP SP2.

2) I would like to have a real behavior monitor/blocker implementet in the next upgrade. (PrevX installs a file system filter, a Process Creation Notification callback and a handful of hooks to prevent processmanipulatation. But i cant see a real BehaviorBlocker. So in fact PrevX is a very powerfull Cloud based AntiVirus Produkt but it does not prevent the user from beeing owend by a Targetted Attack. That could be better.. ;) )

1. keyboard suport :-)
2. multilangual. German would be nice :-)

{QUOTE-> 1) The "Save Scan Result" does not work fine if the SelfProtection Setting is at Maximum. I would not like to see that behavior in the next upgade
OS is Vista HP SP2. <-QUOTE}

This will be fixed ASAP :)

{QUOTE-> So in fact PrevX is a very powerfull Cloud based AntiVirus Produkt but it does not prevent the user from beeing owend by a Targetted Attack. That could be better.. ;) ) <-QUOTE}

Although Prevx may not look like it hooks much in the system, we gather more then enough data (you can't see a majority of the analysis which exists server-side and you also can't easily see the protection which is loaded on the fly as suspicious programs run ;))

Targeted attacks are even easier to protect against - our community view can see how popular a program is so if a program is trying to enter your system which is a targeted attack (i.e. - only seen by your system across the entire community), it can be immediately blocked by Age/Spread heuristics (Settings > Heuristic Settings).

{QUOTE-> This will be fixed ASAP :) <-QUOTE} Ok. :)


{QUOTE-> Although Prevx may not look like it hooks much in the system, we gather more then enough data (you can't see a majority of the analysis which exists server-side and you also can't easily see the protection which is loaded on the fly as suspicious programs run ;)) <-QUOTE} That's too easy Joe.. ;)
So how do you analyse the file at the server? Only a checksum is submitted to the server so how should the server analyse the behavior of the file?
And how can the PrevX Client analyse the behavior of a file without having an emulator included?

{QUOTE-> Targeted attacks are even easier to protect against - our community view can see how popular a program is so if a program is trying to enter your system which is a targeted attack (i.e. - only seen by your system across the entire community), it can be immediately blocked by Age/Spread heuristics (Settings > Heuristic Settings). <-QUOTE}
Witch Settings are necessary for that detection? Cause a friend of mine wrote a test malware sample an tested it on his maschine. The file was not detected!
About 5min later he again tried to execute that test file. Now it was detected by the cloud. He tested that with several samples.
Settings were at default. So where is the zero-day/first seen proactive protection?

my best regards

PS: {QUOTE-> 2. multilangual. German would be nice :-) <-QUOTE} Yes! German would be very nice! :)

{QUOTE->
So how do you analyse the file at the server? Only a checksum is submitted to the server so how should the server analyse the behavior of the file?
And how can the PrevX Client analyse the behavior of a file without having an emulator included? <-QUOTE}

The server does not only receive a checksum - it receives a large amount of data about the program itself and we obviously can't go into full detail of our technology as to how the client/server is able to analyze the file ;)

{QUOTE-> Witch Settings are necessary for that detection? Cause a friend of mine wrote a test malware sample an tested it on his maschine. The file was not detected!
About 5min later he again tried to execute that test file. Now it was detected by the cloud. He tested that with several samples.
Settings were at default. So where is the zero-day/first seen proactive protection? <-QUOTE}

You can increase the settings to Maximum in the Settings > Heuristic Settings page which will block programs as you've described. The default settings are strong enough for virtually all real-world threats, however, but Maximum makes it nearly into an "Anti-Executable"/whitelisting protection system.

{QUOTE-> The server does not only receive a checksum - it receives a large amount of data about the program itself and we obviously can't go into full detail of our technology as to how the client/server is able to analyze the file ;)
<-QUOTE}
Ok no problem about that. I trust your statements.


{QUOTE-> You can increase the settings to Maximum in the Settings > Heuristic Settings page which will block programs as you've described. The default settings are strong enough for virtually all real-world threats, however, but Maximum makes it nearly into an "Anti-Executable"/whitelisting protection system. <-QUOTE}
That is no problem for me cause i will use PrevX with highest settings.
So Prevx with increased settings will definitely protect me against Targeted attacks?
Every AV product has gabs in its protection and i just want to know where Prevx's gaps are....

{QUOTE->
That is no problem for me cause i will use PrevX with highest settings.
So Prevx with highest settings will definetly protect me against Targeted attacks?
Every AV product has gabs in its protection and i just want to know where Prevx gaps are.... <-QUOTE}

Yes, it will tend to produce more FPs as well (just because it is conceptually blocking untrusted programs) but it will block any targeted attacks. You mentioned something about writing software - if you are a software developer, you're going to want to add your build directories to the ignore list in Prevx - otherwise we may get quite annoying for your testing ;D

Many thanks for the detailed reply on this sunny sunday!

Do you have no real weekend? =)

{QUOTE-> you're going to want to add your build directories to the ignore list in Prevx - otherwise we may get quite annoying for your testing <-QUOTE} ^^ i will definitely do so... :argh:

Faster processing of data as full-screen detection is already on the list. I know that you've already mentioned the Age/Spread heuristics are being improved, so... ;)

Don't remember... would the full-screen detection be default, or is there a really good reason not to?

Hello,

I'm a Systems Engineer working for a nationwide (US) IT consulting company and several months ago I ran across your product. Now, I'm recommending PrevX left and right even against my company's policy (those in charge of selecting technologies that will be recommended to our clients and supported by us, are still stuck on the usual bloatware - Symantec, Trend Micro, McAfee, etc). Luckily I have room for decision when my direct accounts are concerned and they will not see any trace of Symantec "security" products on their computers. If I need to clean an infected workstation, I give them the option to either pay us for several hours to clean it or maybe rebuild it or pay $29.95 for a 1 year PrevX license and have their computer cleaned in minutes.

That being said, sometimes it is difficult to implement and manage PrevX at certain clients. The agent-server model needs to go away since most businesses have remote users that rarely come back to the corporate network to update the AV client and report back to the server. Here the cloud model works perfectly, and in the PrevX case the MyPrevX console is more than enough to check on overall status. What is missing though is a more granular control on deployed agents, mainly whitelisting. If I roll out PrevX to 50 computers and something generates a false positive on all of them, I have quite a situation to deal with. But, if I could whitelist it from MyPrevX, then I wouldn't have to worry about much. Deploying the agent directly from MyPrevX and licensing it at the same time would also be a good feature to have.

So, I want to congratulate you for this great product and submit my wish list:

1. Granular agent control from MyPrevX
2. Possibility of deploying it from MyPrevX, already tied to the license.

Cheers

{QUOTE-> Hello,

I'm a Systems Engineer working for a nationwide (US) IT consulting company and several months ago I ran across your product. Now, I'm recommending PrevX left and right even against my company's policy (those in charge of selecting technologies that will be recommended to our clients and supported by us, are still stuck on the usual bloatware - Symantec, Trend Micro, McAfee, etc). Luckily I have room for decision when my direct accounts are concerned and they will not see any trace of Symantec "security" products on their computers. If I need to clean an infected workstation, I give them the option to either pay us for several hours to clean it or maybe rebuild it or pay $29.95 for a 1 year PrevX license and have their computer cleaned in minutes.

That being said, sometimes it is difficult to implement and manage PrevX at certain clients. The agent-server model needs to go away since most businesses have remote users that rarely come back to the corporate network to update the AV client and report back to the server. Here the cloud model works perfectly, and in the PrevX case the MyPrevX console is more than enough to check on overall status. What is missing though is a more granular control on deployed agents, mainly whitelisting. If I roll out PrevX to 50 computers and something generates a false positive on all of them, I have quite a situation to deal with. But, if I could whitelist it from MyPrevX, then I wouldn't have to worry about much. Deploying the agent directly from MyPrevX and licensing it at the same time would also be a good feature to have.

So, I want to congratulate you for this great product and submit my wish list:

1. Granular agent control from MyPrevX
2. Possibility of deploying it from MyPrevX, already tied to the license.

Cheers <-QUOTE}

Hello,
We completely agree with your suggestions and I will forward them onto the MyPrevx development team. We have planned on adding the ability to put overrides in place in MyPrevx as this is definitely a very powerful tool.

One feature which is not self-evident is the ability to run a silent installation/scan/report to MyPrevx if the installer executable is named with the license key as the filename. I'm not sure if this will help with all of your clients, but if they name the installer exe, for example: 12345678-1234-1234-1234-123456789123.exe, it would then automatically use that license key and report into MyPrevx with the associated scan results.

We will work on automating this process, however, to try and make the deployment/usage as seamless as possible.

Thank you for your suggestions! :)

{QUOTE->
Don't remember... would the full-screen detection be default, or is there a really good reason not to? <-QUOTE}

It will be default and there really isn't a good reason not to ;D

@ Habacuck:
Despite what everyone else is saying, PrevX is NOT a 0-day protection product per se. It relies on cloud-based signature and behavioral cross-referencing; if both of these criterias fail, you will get infected (just like your friend with test program he wrote), even though behavior analysis KNOWS the process is malicious. So when a true 0-day comes out, you better hope you're guy #2 in line, as if you're #1, you will get infected and will need to wait for signature and/or behavior analysis to be available via the cloud. You will probably get new signatures pretty quickly and everyone after you will be protected, but you WILL get infected nevertheless.
To be fair to PrevX, however, true HIPS with 0-day protection is VERY labor-intensive to configure and maintain, and close to impossible to deploy in dynamic corporate environment. If your environment is balanced and somewhat static, products like Cisco Security Agent (formerly Okena) would suit the bill better.
This brings me to my request which I posted in "delayed detection" thread: I would like to see an ability to configure how much the behavioral engine relies on cross-referencing behavior with the cloud. I want to be able to control this option based on what I feel is necessary in my particular case, and not have PrevX decide for me across the board. My understanding, it was an option on v2.0 but has been dropped in v3.0.

@scmp: I disagree on dropping client/server infrastructure in favor on portal-based, hosted management. This may be a desirable option for smaller consulting companies, but for large enterprise, hosting security products like this usually is not an option for variety of reasons. Again, as in my point above, this is probably something you want to have control over, versus vendor-controlled situation.
On third-party tools, we had a sales guy call Symantec to help them troubleshoot infection that was coming back after SEP could't clean it. After about two hours on the phone and desktop sharing, Symantec tech downloaded Malware Bytes and cleaned machine in a single scan. Talk about faith in their own product! :)

@PrevxHelp Thanks for the follow up, looking forward to v.4

@dlimanov I understand your point, however even with server/client you still rely on the vendor to provide the signatures and scan engines. Clients will get them from the server instead of directly from the vendor but it still the vendor that has to make them available in the first place. For offsite users that's a problem - from what I see they rarely have updated definitions. For remote users, their connections to the corporate network are usually slower than to the internet so why tie up the WAN links getting AV updates? About SEP and their use of Malwarebytes, that's funny... not very surprising though :)

I would like to refresh my claim number 2).

I think PrevX would be a perfect, complete product if there is a HIPS, IDS or real behavior blocker implemented.
I would really like to use PrevX as a stand alone but i cant trust it up to 100% cause it has, in my opinion no real protection against threats witch are unknown in the cloud.

Thanks for allowing this thread to run:
@PrevX Help:{QUOTE-> You can increase the settings to Maximum in the Settings > Heuristic Settings page which will block programs as you've described. The default settings are strong enough for virtually all real-world threats, however, but Maximum makes it nearly into an "Anti-Executable"/whitelisting protection system. <-QUOTE}
;)
An "advanced module" to fulfill the need to block all/any if wanted
??
{QUOTE-> I think PrevX would be a perfect, complete product if there is a HIPS, IDS or real behavior blocker implemented.
I would really like to use PrevX as a stand alone but i cant trust it up to 100% cause it has, in my opinion no real protection against threats witch are unknown in the cloud. <-QUOTE}
I'm stumbling along here:always want more ;)
That comment might be harsh but close to reality ??
Pertains to above and 'the lost functions' for those who want them.

I really do appreciate the current implementation, but, as noted, targeted at those who don't wish to interact so often, and, for absolute ease of use. However, then might be dependent on 'second look/second run' after install and from the cloud analysis.

As noted elsewhere, some current 'rogues' have no malware characteristics and so succeed in getting installed.

What about a 'block and send to Px' module for those who might need it ??

Regards

{QUOTE->
I would really like to use PrevX as a stand alone but i cant trust it up to 100% cause it has, in my opinion no real protection against threats witch are unknown in the cloud. <-QUOTE}

Trying to trust a single product 100% is the fault here :) No product, Prevx included, is perfect. We detect more than 20,000 new bad programs every day, thousands of which are detected on the absolute first time they are seen but yes, like everyone else, we periodically miss threats - however, the benefit with our protection is that we then detect them quickly because we can still analyze the data and correlate it to other new programs/techniques.

You appear to be looking for a pure HIPS/behavior blocker which Prevx is not. While we are planning to add in more techie-oriented controls in the future, a basic behavior blocker is not what we're trying to develop.

{QUOTE-> Trying to trust a single product 100% is the fault here :) No product, Prevx included, is perfect. We detect more than 20,000 new bad programs every day, thousands of which are detected on the absolute first time they are seen but yes, like everyone else, we periodically miss threats - however, the benefit with our protection is that we then detect them quickly because we can still analyze the data and correlate it to other new programs/techniques.

You appear to be looking for a pure HIPS/behavior blocker which Prevx is not. While we are planning to add in more techie-oriented controls in the future, a basic behavior blocker is not what we're trying to develop. <-QUOTE}

Dont get me wrong. PrevX is the most powerfull AntiVirus solution i know and i will definitly buy several licenses but i would like to have a proactive detection in the next upgrades. What's wrong about that?
I just said: prevX would be perfect if it blocks totally unknown malware by blocking malicius behavior.
Implementing that would turn PrevX to a very very good stand alone application and that would be absolutely fantastic.

PS: {QUOTE-> we are planning to add in more techie-oriented controls <-QUOTE} Go on please... :)

I would like to see the HIPS protection offered by Prevx 2.0 Expert Mode integrated back into Prevx 3.0.

I want to see the active number of processes being protected by Prevx in the GUI, and, I want to see a tray icon like version 2.???

Can someone post v2 screenshots, mainly the HIPS part of it? I am mighty curious what is missing from v3.
:P

for dlimanov:
from PX v2 help file : quick summary, if you want more pm me

{QUOTE-> Prevx 2.0 ABC - intended for the home or non-technical user who wants to use the Community database to automatically detect malware and block it from running.

Prevx 2.0 Pro - intended for users with some technical knowledge who want to be alerted for all known malware and unknown program activity, and who also wants to decide whether to allow or block each activity.

Prevx 2.0 Expert - intended for advanced technical users or researchers who want alerts for all malware, unknown, and good program activity. This mode can generate a large number of pop-ups. It provides the same protection as the other modes, but allows you to manually control Prevx 2.0 Lite.

This mode can be useful when performing evaluations, troubleshooting or installations, but thereafter we advise you to switch to either ABC or Pro Mode.
<-QUOTE}
Screenshot of control options.

{QUOTE-> for dlimanov:
from PX v2 help file : quick summary, if you want more pm me


Screenshot of control options. <-QUOTE}

Dammit, this exactly the things I wish v3 had.

{QUOTE-> I would like to see the HIPS protection offered by Prevx 2.0 Expert Mode integrated back into Prevx 3.0. <-QUOTE}

{QUOTE-> I want to see the active number of processes being protected by Prevx in the GUI, and, I want to see a tray icon like version 2. <-QUOTE}

{QUOTE-> Dammit, this exactly the things I wish v3 had. <-QUOTE}

same here! :argh:

I thought about all this and have to say that a HIPS is not what PrevX3 want to be or should be. It is fantastically light and clear to use and needs to remain like that.

So i thought about how to protect the user against threats which are absolutely unknown and came to following conclusion:

What about a holding stack for unknown executables:
Start of an unknown Programm -> Prevx blocks the action and querys whether the programm should be blocked till the answer of the cloud is received or not.
Implementing that as a function which is unchecked by default won't disturb the normal user while pros will get maximum protection.
If you are sure that the programm you have executed is trustable you dont have to wait the clouds answer. If you are not sure you can hold the action till the cloud is sure.

{QUOTE-> I thought about all this and have to say that a HIPS is not what PrevX3 want to be or should be. It is fantastically light and clear to use and needs to remain like that.

So i thought about how to protect the user against threats which are absolutely unknown and came to following conclusion:

What about a holding stack for unknown executables:
Start of an unknown Programm -> Prevx blocks the action and querys whether the programm should be blocked till the answer of the cloud is received or not.
Implementing that as a function which is unchecked by default won't disturb the normal user while pros will get maximum protection.
If you are sure that the programm you have executed is trustable you dont have to wait the clouds answer. If you are not sure you can hold the action till the cloud is sure. <-QUOTE}

Sadly this is kinda where the FPs reported come in and PX's reliability on Age/Spread heuristics (which I can see a point in, but it screws it for some people indeed to be honest). Sure, the current option to automatically remove "found threats" would be vastly improved with this - great suggestion! - but the problem which is "for all AVs" (I've said this before - products that find FPs that cause problems for me goes off my system. NOD... Don't forget that I dropped ThreatFire - and you know how much I'm used to go on about it, partly how I prefer its thinking more to the Age/Spread criteria) creates a problem.

{QUOTE-> Trying to trust a single product 100% is the fault here :) No product, Prevx included, is perfect. We detect more than 20,000 new bad programs every day, thousands of which are detected on the absolute first time they are seen but yes, like everyone else, we periodically miss threats - however, the benefit with our protection is that we then detect them quickly because we can still analyze the data and correlate it to other new programs/techniques.

You appear to be looking for a pure HIPS/behavior blocker which Prevx is not. While we are planning to add in more techie-oriented controls in the future, a basic behavior blocker is not what we're trying to develop. <-QUOTE}

Maybe you can Add HIPS/behaviour blocker as an addon or make a separate program with both and sell it as a choice like when you had CSI & Edge! I just think it would make it a more complete solution.

TH

Will there be a possibility for the user to check why a file is blocked to verify a "heuristic", "age-spread" or "flaged bad by the server" detection? A Feature like this added into the "Found -> Block" PoPup would be very good!

{QUOTE-> Will there be a possibility for the user to check why a file is blocked to verify a "heuristic", "age-spread" or "flaged bad by the server" detection? A Feature like this added into the "Found -> Block" PoPup would be very good! <-QUOTE}

This is built in already - the block popup will say "Age/Spread Criteria Violation Detected" for an Age/Spread detection, "Edge Heuristics identified a threat in the file:" if found by the "Advanced Heuristics" slider-bar detection (note - this is only a small piece of our heuristics :)) and it will say a more descriptive name if it finds a threat using the database (i.e. Malicious Software/Fraudulent Security Program/etc.)

{QUOTE-> This is built in already - the block popup will say "Age/Spread Criteria Violation Detected" for an Age/Spread detection, "Edge Heuristics identified a threat in the file:" if found by the "Advanced Heuristics" slider-bar detection (note - this is only a small piece of our heuristics :)) and it will say a more descriptive name if it finds a threat using the database (i.e. Malicious Software/Fraudulent Security Program/etc.) <-QUOTE}

:D Wow. Cool. :) Hehe. Thats great. I think i never got an age spread detection so i thought it is not built in.
Good to know! ;D

{QUOTE-> Hello,
We completely agree with your suggestions and I will forward them onto the MyPrevx development team. We have planned on adding the ability to put overrides in place in MyPrevx as this is definitely a very powerful tool.

One feature which is not self-evident is the ability to run a silent installation/scan/report to MyPrevx if the installer executable is named with the license key as the filename. I'm not sure if this will help with all of your clients, but if they name the installer exe, for example: 12345678-1234-1234-1234-123456789123.exe, it would then automatically use that license key and report into MyPrevx with the associated scan results.

We will work on automating this process, however, to try and make the deployment/usage as seamless as possible.

Thank you for your suggestions! :) <-QUOTE}

Hello,

This month I had 2 of my clients purchase PrevX licenses (140 licenses total). I did try renaming the installer as suggested and it does a silent install but it does not use the license key - I would still have to go to each client and enter the license - luckily I can leave their internal IT staff to deal with it :)
Any advice?

Thank you

{QUOTE-> Hello,

This month I had 2 of my clients purchase PrevX licenses (140 licenses total). I did try renaming the installer as suggested and it does a silent install but it does not use the license key - I would still have to go to each client and enter the license - luckily I can leave their internal IT staff to deal with it :)
Any advice?

Thank you <-QUOTE}

Hello,
We have had some reports of this functionality not working properly and we're working on correcting the issue. However, for now we have a workaround which may be viable for you.

First: create a registry key named PxLic under HKEY_CURRENT_USER\Software\ and then create a REG_SZ value named CSILic under this key with data of the license key to be applied.

Then, run the license-key-named installer and the installation will take place silently except for one initial prompt which shows a message to the user saying that the license is accepted. Besides this initial prompt, there are no other dialogs to be answered and the prompt will not show on subsequent uses.

Please let us know if you have any questions with this and we will be correcting the license key automatic installation behavior in the next version.

Prevx needs a 'Last updated' kind of thing

Example: Last Update: 1 minute ago

{QUOTE-> Prevx needs a 'Last updated' kind of thing

Example: Last Update: 1 minute ago <-QUOTE}

Prevx is constantly kept up to date so we don't have this. However, our volume of updates per day a couple years ago (the last figures I'm aware of) was about 250,000 updates per day, which equates to around 173 per minute so I think it would be safe to say that "Last Update:" will always be "Less than 1 second ago" :)

Any chance of a Prevx Bootable .iso for CD/DVD?

{QUOTE-> Any chance of a Prevx Bootable .iso for CD/DVD? <-QUOTE}

We currently don't have a need for a bootable ISO but we have it in the books if we do end up running into a need for it.

Seriously make the malware uploading much easier look at this for example 2.ly/2
see how simple it is?

{QUOTE-> Seriously make the malware uploading much easier look at this for example 2.ly/2
see how simple it is? <-QUOTE}

All you have to do is follow the Directions here! http://www.wilderssecurity.com/showthread.php?t=245129

TH

Way too much :P Im not signing in to my e-mail just to send something, i guess it's just me so nvm.

You can also just send a message here with an entry from a scan log and we can investigate it :) Also, uploading it to VirusTotal will get it sent to us (albeit with some thousand other files every day) but feel free to PM a link to what is missed from VT and we will investigate.

At the current volumes of missed samples that we receive to our report@prevxresearch.com email address, we do not see it necessary to expand to a dedicated system. We already gather the necessary information automatically. If a threat was to start spreading quickly, we would latch onto it immediately and if a threat is extremely low volume, we still have the details on it so we can just as easily add protection.

Hi Joe,

Possibility of an easier way to empty Quarantine in the Undo Cleanup window?

TH

and dont forget Joe, the actual number of processes being protected.

{QUOTE-> and dont forget Joe, the actual number of processes being protected. <-QUOTE}

This is a big component on the roadmap in v4 - it won't make it into 3.5 yet but we're developing a nice techie friendly tool for v4 :)

{QUOTE-> Hi Joe,

Possibility of an easier way to empty Quarantine in the Undo Cleanup window?

TH <-QUOTE}

:thumb: Added to the list :)

you know Joe, in 3 months and 2 days, Edge will be 1 year old which is also the date of my 16th birthday. Who would have ever thunk it that you would be here, with the rest of the Prevx team, soaking the sun up at Wilders less then a year later..;)


well, maybe one visionary.8)

{QUOTE-> you know Joe, in 3 months and 2 days, Edge will be 1 year old which is also the date of my 16th birthday. Who would have ever thunk it that you would be here, with the rest of the Prevx team, soaking the sun up at Wilders less then a year later..;)


well, maybe one visionary.8) <-QUOTE}

;D Wilders is definitely a great place to be - always sunny and warm by the beach (the crab, seagull, and dog seem to be there more than all of us though, but I guess one can never get enough Wilders sun :))

And as a clarification, trjam, you aren't 16 years old (nice try ;D) however, you're correct that your 16th birthday shares the date of your upcoming one ;)

{QUOTE-> And as a clarification, trjam, you aren't 16 years old (nice try ;D) however, you're correct that your 16th birthday shares the date of your upcoming one ;) <-QUOTE}

I actually believe him when he says he is - my sensors says so. ;D

That was a typo, he pressed the 1 before the 6 ;D
Perhaps he's like me, only 16 in mind and spirit - that's all that matters ;)

{QUOTE-> Perhaps he's like me, only 16 in mind and spirit - that's all that matters ;) <-QUOTE}

Nice trick, I've to use it more often when I'll be older ;D

Hello

Great job for Prevx ! Light and powerful ;)

Questions :

1) Is it possible to add a functionality that when we want "report this detection as false positive" we can select more one file at a time ? :-\

http://img188.imageshack.us/img188/3161/prevx.png

2) Can you make available to the general public (on your site for example) a means to have trial-serials to test the program for 30 days for example ?

Thank you.

++

{QUOTE-> Hello

Great job for Prevx ! Light and powerful ;)

Questions :

1) Is it possible to add a functionality that when we want "report this detection as false positive" we can select more one file at a time ? :-\ <-QUOTE}

Currently no, but if you have that many FPs, feel free to send a scan log to report@prevxresearch.com by clicking Tools > Save Scan Results and we'll analyze it from there :)

{QUOTE-> 2) Can you make available to the general public (on your site for example) a means to have trial-serials to test the program for 30 days for example? <-QUOTE}

We provide this on-demand to people requesting it in our customer support inbox or here on Wilders. A bit of clarification as to the reason behind it can be found here: http://www.wilderssecurity.com/showpost.php?p=1520819&postcount=7

Let me know if you have any other suggestions or questions!

OK.

Thank you !

++

Right click a undetected executable or dll or w/e and click report to prevx :).

Don't shoot me (it could be a stupid suggestion) but could a "self test" function be implemented?

I was reading the thread about Prevx stopping working and, when you become aware of it, needing reinstall.

Even if it's rare..............i'd like to be able to verify that the software is working before being infected.

Best Regards

This might be my error because I just loaded V3 after using V2 for a year or so, but the box that used to appear when the op sys was executing any application or exe was very helpful when working with potentially problem applications. Doesn't seem to exist in 3. Can it be turned on?

Thanks

{QUOTE-> This might be my error because I just loaded V3 after using V2 for a year or so, but the box that used to appear when the op sys was executing any application or exe was very helpful when working with potentially problem applications. Doesn't seem to exist in 3. Can it be turned on?

Thanks <-QUOTE}

Hello,
We have removed this functionality because of the low number of users using it and the levels of confusion produced from it for a majority of our non-technical users. Prevx 3.0 now automates the decision process behind-the-scenes which allows us to provide a very strong level of protection without the impediments on usability.

Please let us know if you have any further questions!

If its not a large piece of code (as I am thrilled at how small the V3 app is) perhaps it can be added back in a future version with an 'off' default. I thought it was both very helpful and a big differentiator. JMHO

{QUOTE-> If its not a large piece of code (as I am thrilled at how small the V3 app is) perhaps it can be added back in a future version with an 'off' default. I thought it was both very helpful and a big differentiator. JMHO <-QUOTE}

Prevx 4.0, which is still a few months away, will have a realtime behavior status reporting feature. It won't be exactly like how Prevx 2.0 was but it will be more comprehensive so that you can get down to the technical details very easily if wanted.

We're still in the early phases of designing the additional functionality but it should be a good replacement for the Prevx 2.0 reporting without adding significant weight/code into the product :)

{QUOTE-> Hi Joe,

Possibility of an easier way to empty Quarantine in the Undo Cleanup window?

TH <-QUOTE}

Any news on this? At lease be able to hold down Ctrl>Click each one and delete?

{QUOTE-> Any news on this? At lease be able to hold down Ctrl>Click each one and delete? <-QUOTE}

A "Remove All" button will be added into the next update :) Thanks for the suggestion!

Great Thanks! 8)

How do current users receive updates? I have seen posts about a version later than mine (3.0.1.65) -are these automatically updated for subscribers?

{QUOTE-> How do current users receive updates? I have seen posts about a version later than mine (3.0.1.65) -are these automatically updated for subscribers? <-QUOTE}

You will receive all product updates automatically (unless you've elected not to under the configuration settings).

3.0.1.65 is the current public live version - with any higher version numbers you've seen recently being those of BETA and Release candidate versions which are undergoing testing prior to public release.

Hope that helps :)

Two suggestions:

Change the colour of the "eye" or around the eye during a background scan to let people know prevx is scanning in the background or at least an option to set this behaviour.
----
"Pause" button for scans.

Early bootup option

Ability to scan not on boot when 400 other different things load, but during specific time of the day, CPU load (< then 50%, for example) or when screen saver is active.

hello.. i am new to "prevx".. :)

one thing that i would like is a way to just plain disable prevx's realtime-protection, temporarily, where it will stay disabled, until i choose to re-enable it.. the way it is now, you can disable prevx's realtime-protection for 10 minutes, and then prevx re-enables itself.. i want to be able to disable it until i decide to re-enable it rather than having it automatically re-enable itself after 10 minutes..

it is kind of a pain in the butt to have to deal with the 10-minute time-limit when disabling prevx's realtime-protection, to where i usually don't even bother to disable it.. (there is one situation where i have to disable prevx's realtime-protection, in order to run one of the programs that i use, which used a temp-file that is flagged by prevx.. i can't use the program unless i disable prevx's realtime-protection)..

i also would like it if prevx had an option for turning off its "self protection".. the way it is now, there are 3 levels of self-protection, for prevx, but none of them are "disable self-protection".. considering that you can't disable prevx's realtime-protection, except for a 10 minute interval, that leaves me with the option of killing prevx's processes, but, when i do that, they are automatically restarted.. i guess that that is due to prevx's "self-protection"..

prevx's having self-protection might be a good thing for some people, but i don't need it.. i use a program ("system safety monitor" ) that protects prevx, and other programs, from being terminated.. if a program has its own self-protection, i disable it, when possible..

also, i think there should be a "scan" button, along with the other buttons, on the left side of prevx's GUI, to open the panel with the scanning-options.. the way that it is now, you have to go to "tools", then "advanced scan"..

{QUOTE-> hello.. i am new to "prevx".. :) <-QUOTE}

Glad to have you on board! :)

{QUOTE-> one thing that i would like is a way to just plain disable prevx's realtime-protection, temporarily.. the way it is now, you can disable prevx's realtime-protection for 10 minutes.. well, i want to be able to disable it until i decide to re-enable it.. i don't want it to automatically re-enable itself after 10 minutes.. <-QUOTE}

You can click the dropdown arrow to select longer durations for being disabled, or, you can click Remove Protection which will fully remove it until you want to re-enable it (it is the last entry in the list if you do not have maximum self protection enabled).

{QUOTE-> (there is one situation where i have to disable prevx's realtime-protection, in order to run one of the programs that i use, which used a temp-file that is flagged by prevx.. i can't use the program unless i disable prevx's realtime-protection).. <-QUOTE}

If you are running into a specific application which is legitimate, could you please click Tools > Save Scan Results and send them to report@prevxresearch.com so that we can diagnose the issue closer? Alternately, when you are prompted with a warning, you can click "Trust Always" or right click on the file entry within the Prevx 3.0 GUI and select "Report as a false positive" which will automatically mark the file as trusted locally. Or, you can use the Settings > Detection Overrides tool to change the override options and change the default behavior of Prevx.

{QUOTE-> i also would like it if prevx had an option for turning off its "self protection".. the way it is now, there are 3 levels of self-protection, for prevx, but none of them are "disable self-protection".. considering that you can't disable prevx's realtime-protection, except for a 10 minute interval, that leaves me with the option of killing prevx's processes, but, when i do that, they are automatically restarted.. i guess that that is due to prevx's "self-protection".. <-QUOTE}

There isn't an option to disable Prevx's self protection entirely, however, after setting it to Minimum and rebooting your PC, you will be able to terminate both Prevx processes. You may want to use the command:

taskkill /f /im prevx.exe

which will terminate both quickly (if you are using the Professional version of Windows).

{QUOTE-> prevx's having self-protection might be a good thing for some people, but i don't need it.. i use a program that will protect prevx, and other programs, from being terminated.. if a program has self-protection, i disable it, when possible.. <-QUOTE}

The self protection within Prevx has been designed to work carefully within Prevx itself so we strongly recommend using Prevx to protect itself rather than using another program to duplicate functionality built into Prevx.

{QUOTE-> also, i think there should be a "scan" button, along with the other buttons, on the left side of prevx's GUI, to open the panel with the scanning-options.. the way that it is now, you have to go to "tools", then "advanced scan".. <-QUOTE}

The default Deep Scan is the recommended scan, which can be triggered by clicking Scan My PC (or clicking View Threats and then Scan My PC).

Please let me know if you have any further questions!

My biggest problem with Prevx on my laptop is that when I am on the road, it often nags that its not connected to the net. I wish there was a way to optionally turn off that msg.

Possibility to disable SafeOnline for certain browsers.

Recently, I had cain and able removed from the database (reported as false positives). Couldn't we leave such applications IN the database but colour them orange as they MIGHT be dangerous.

Same thing with Remote control tools (don't know IF they are detected) like Remote administrator (Radmin), VNC, Ultra VNC. What does PrevX do with those? If I have installed them and I know of them, fine...but what if someone did this behind my back. I would like to know for sure.

Please comment on this as I personally find this very important!

{QUOTE-> Recently, I had cain and able removed from the database (reported as false positives). Couldn't we leave such applications IN the database but colour them orange as they MIGHT be dangerous.

Same thing with Remote control tools (don't know IF they are detected) like Remote administrator (Radmin), VNC, Ultra VNC. What does PrevX do with those? If I have installed them and I know of them, fine...but what if someone did this behind my back. I would like to know for sure.

Please comment on this as I personally find this very important! <-QUOTE}

We try and identify the intent of the program being used - i.e. if UltraVNC/Radmin/LogMeIn/VNC are installed covertly, we will detect them but if they are clearly visible to the user we tend to allow them.

In the past, we have had a "Caution" determination but it led to a lot of confusion - many users who encountered them were not very tech savvy and they would write in asking: "What should I do?!" which is why we've moved to a black/white approach for most software.

Technically, almost all software can be used maliciously so there has to be some cutoff point :)

I would like to see why a file/process is beeing flaged as malicious. Some kind of process monitor/history would be great. So that i can see why PrevX thinks that the file is malicious.
Of course this only make sense for heuristic detections.
A short link in the warning PopUp to the process monitor log for that file would be great.

{QUOTE-> I would like to see why a file/process is beeing flaged as malicious. Some kind of process monitor/history would be great. So that i can see why PrevX thinks that the file is malicious.
Of course this only make sense for heuristic detections.
A short link in the warning PopUp to the process monitor log for that file would be great. <-QUOTE}

This will be a prominent feature in Prevx 4.0 :)

Hehe :) Very cool! :thumb: I can't wait.!. :D

64 bit SafeOnline ;)

{QUOTE-> We try and identify the intent of the program being used - i.e. if UltraVNC/Radmin/LogMeIn/VNC are installed covertly, we will detect them but if they are clearly visible to the user we tend to allow them.

In the past, we have had a "Caution" determination but it led to a lot of confusion - many users who encountered them were not very tech savvy and they would write in asking: "What should I do?!" which is why we've moved to a black/white approach for most software.

Technically, almost all software can be used maliciously so there has to be some cutoff point :) <-QUOTE}

I can understand your reasons for that. However, actions like that tend to make PrevX less secure. I have not tested it (yet) but if I hide (as in disable it) the Radmin tray icon PrevX should flag it, correct?
Could you consider including some sort of checkbox option (which would be off by default to avoid a boatload of confused users) for 'potentially dangerous applications'? Those could include the remote tools and hack tools. Put a big warning on it what happens when the checkbox is checked.

I'm a fan of categorizing threats. This way a user can choose what he wants PrevX to detect:)
I'm talking out of my hat here (as in I'm guessing you do not have this option yet and I'm not near my PrevX PC) but you could introduce an advanced settings page. I understand your need to keep it simple but Enterprises (and users like me) like many useful options.

Anyway, does this mean that keyloggers like Spector, if installed as per their use (they are meant to be covert), are NOT being detected?

As long as I'm making suggestions;D. Password protect the settings:

No one can see them without entering the password
No one can change them without entering the password
It would not be cool is users could add programs to the exception list themselves...


Why? Some users (mainly an enterprise problem) have a problem with Ultra VNC because they think we use it to spy on them. Some go to great lengths to delete it. Well that would be a useful option if you consider adding the checkbox *puppy*

{QUOTE-> As long as I'm making suggestions;D. Password protect the settings:

No one can see them without entering the password
No one can change them without entering the password
It would not be cool is users could add programs to the exception list themselves...


Why? Some users (mainly an enterprise problem) have a problem with Ultra VNC because they think we use it to spy on them. Some go to great lengths to delete it. Well that would be a useful option if you consider adding the checkbox *puppy* <-QUOTE}

We have this functionality in place already :) If you click Settings > Basic Configuration, you can tick the box: "Password protect configuration options" which will lock down all of the configuration to users that aren't authorized.

{QUOTE-> I can understand your reasons for that. However, actions like that tend to make PrevX less secure. I have not tested it (yet) but if I hide (as in disable it) the Radmin tray icon PrevX should flag it, correct? <-QUOTE}

This generally won't, it depends on the installation behavior.

{QUOTE-> Could you consider including some sort of checkbox option (which would be off by default to avoid a boatload of confused users) for 'potentially dangerous applications'? Those could include the remote tools and hack tools. Put a big warning on it what happens when the checkbox is checked. <-QUOTE}

Yes, I agree - a number of programs can be added into this category, like mIRC, ServU, and a handful of remote support tools as you have noted.

{QUOTE-> I'm a fan of categorizing threats. This way a user can choose what he wants PrevX to detect:)
I'm talking out of my hat here (as in I'm guessing you do not have this option yet and I'm not near my PrevX PC) but you could introduce an advanced settings page. I understand your need to keep it simple but Enterprises (and users like me) like many useful options. <-QUOTE}

The Prevx Enterprise version, however, functions exactly as you mention - you can configure determinations/block programs en-masse or even set up a whitelisting-restricted environment where only trusted programs are allowed to run.

{QUOTE-> Anyway, does this mean that keyloggers like Spector, if installed as per their use (they are meant to be covert), are NOT being detected? <-QUOTE}

Keyloggers are a different beast entirely in our opinion and we consider them to be malicious in all cases unless the user explicitly overrides them to not be detected.

From the review that PC Magazine did over Prevx:

"In a parallel test using commercial keyloggers in place of malware, Prevx detected every sample and completely prevented installation for most of them." (http://www.pcmag.com/article2/0,2817,2346861,00.asp)

Thank you Joe (I may call you Joe I hope;D ). Your support is really top-notch!

If you don't mind I've got one more question. What is policy for certain hack tools like hash dumpers (PWdump, fgdump ...)? Some of those can be used over the network by roaming users (which would make them harmful in my agenda).
Anyway, I'm getting off topic here sorry. I still hope to see a setting for potentially harmful applications.

I do have a final suggestion for the enterprise app. (if it isn't already present). I may be pushing the envelope here but here goes: I call it the Sophos approach: it catches all potentially harmful program groups:

- Toolbars
- HTTP(s)/SSH tunnel software
- Proxy software
- Cracker programs (collecting hashes or bruteforcers)
- Things like Nmap, Wireshark
- FTP programs

Almost everything that CAN be used to get info out of the network.

On the other hand I just realize, PrevX allows one to whitelist things and flag all the rest. I suppose a 'home' user can't get this enterprise version?:)

I would like to see the ability to stop an app from loading a URL. For example, a few apps will automatically load a web page when you uninstall their software. It would be great if Prevx could block this from happening.

Here are my suggestions:

1. Import/Export settings.
2. Safeonline to cover IMs.
3. Having option to automatically update to Beta releases.
4. Option to check how often Prevx will check for updates.
5. Option in Scheduled Scans to scan only when CPU usage and Memory is under certain level.
6. Support for scanning SSL protol .
7. Option to send malicious file(s) directly to Prevx with description.

{QUOTE-> 3. Having option to automatically update to Beta releases. <-QUOTE}If you originally installed a beta version, then you can get beta releases automatically via the update mechanism.

I know that, but what if I install a stable release after testing some betas but want to get betas when they are out?

{QUOTE-> I know that, but what if I install a stable release after testing some betas but want to get betas when they are out? <-QUOTE}

If you install a beta release, it will update to the live release and will continue to update to the next beta release when we have one :)

Got hit by an interesting variation of PDF/JS exploit tonight: a well-known news site was pulling a banner ad from a compromised host; it was launching a Java applet via HTTPS from some server in China, which loaded a malicious PDF. The only thing that saved my bacon was DefenseWall and the fact that JavaScript is disabled in Acrobat on my machine. I was able to save the PDF and scan it against VirusTotal and Jotti, only 2 engines out of 20-something detected it, so it's pretty new.
The reason I'm posting this is that PDF detection can't come soon enough in Prevx (and Hitman). I understand the legalities of it, but there's got to be a way to examine the file without uploading entire thing to the cloud somehow, to protect privacy and confidentiality. Also, SafeOnline could probably benefit from some advanced methods of detecting abnormal or suspicious PDF loads, like in this case via HTTPS/Java.
Just sayin'..

It would be nice to be able to add another 15 minutes of install time. I am aware that there are longer time intervals on the pull-down menu for disabling protection, but some installs take longer than originally anticipated.

I think this is a bit overkill:
213794
I cant image anyone will ever need this detailed "time outs"