I did a small test. I installed Winpatrol and Prevx 3.0 RC. Then I started running 15 nasty malwares and exploits (flash,pdf). Prevx blocked all of them! Some were blocked with the new Web filter, some with heuristics. Winpatrol had nothing to do (only some active-x files were warned of). Cool! :thumb:

Two more figures. I didn't remove anything during infections. Here is scan of all infections.

A question for Joe (or the staff :P)... with these "Caution" detections implemented, can one set Prevx to automatic operation (automatically block found threats) and will still be prompted on things like Community.Edge, etc.?


For Ako... :

1. You mentioned getting prompted on some Active X-files - what about them? I'm thinking about why that "slipped through" or something... did it pose any threat or what? :)

2. Was this test performed with a complete default installation? (No alteration to heuristics, including population, etc.)

-{ Quote: "A question for Joe (or the staff :P)... with these "Caution" detections implemented, can one set Prevx to automatic operation (automatically block found threats) and will still be prompted on things like Community.Edge, etc.?


For Ako... :

1. You mentioned getting prompted on some Active X-files - what about them? I'm thinking about why that "slipped through" or something... did it pose any threat or what? :)

2. Was this test performed with a complete default installation? (No alteration to heuristics, including population, etc.)" }-

2. Maximum heuristics, that's what I'm using.
1. I think the files are installed, but not run without permission. Right?. Most of them SEEM legitimate.

-{ Quote: "2. Maximum heuristics, that's what I'm using.
1. I think the files are installed, but not run without permission. Right?. Most of them SEEM legitimate." }-

It's likely that the files were copied into the system but probably were not allowed to load. If they are indeed legitimate (and nothing jumps out but filenames don't really mean much) and were installed "accidentally" when malware infected the system (i.e. if a page required a plugin), Prevx would still allow them to function.

One other semi-interesting technique which "might" be the case is the malware could be installing legitimate, but older, exploitable components of legitimate software. I've seen this a couple times but it is relatively rare (although interesting by itself :))

-{ Quote: "A question for Joe (or the staff :P)... with these "Caution" detections implemented, can one set Prevx to automatic operation (automatically block found threats) and will still be prompted on things like Community.Edge, etc.?" }-

Yes, the automatic answering affects only "hard" bads. Caution detections will still trigger a prompt unless you tick both "Automatically remove blocked files" and "Automatically block files when detected without prompting".

-{ Quote: "One other semi-interesting technique which "might" be the case is the malware could be installing legitimate, but older, exploitable components of legitimate software. I've seen this a couple times but it is relatively rare (although interesting by itself :))" }-
Clever - yet somehow also a little cheeky