Introducing, The New Prevx Edge.

Edge's self protection protects against all known attacks to its processes and drivers

 

Hi Joe

Another interesting one!

Scheduled scan was running as normal and I paid little attention to it but a little later I decide to check on the results...and found that the GUI was anouncing that the scan had been aborted. Not by me I hasten to add...but then by what.

Have taken a Scan Log thereafter and I can PM it to you if this is of interest to you. Just let me know.

Regards




Baldrick

 

That's another interesting one, and another one which I've never seen. It sounds like something which isn't going to be easy to reproduce but if you run another scan and return it back to Secure status, then we can see if it happens again.

In the meantime, I think we're going to have to play the wonderful waiting game

 

Could it be INTERNET INTERRUPTION that caused this to happen?

TH

 

I don't believe so, Edge should generally retry if there was a connection failure for some reason so I'm guessing there is something more complex at play here

 

Will do...and long live the wonderful waiting game...NOT!

 

Hi Joe,

PrevX EDGE detected a false positive: an Installer / Downloader for a new Skype BETA version which I downloaded from VersionTracker :

http://www.versiontracker.com/php/d...&lnk=http://download.skype.com/SkypeSetup.exe

I already scanned it with S.A.S, MBAM, and avast! and it is clean. Also uploaded it to VirusTotal and NONE of the programs there, found it to be dangerous, so it is a FP.

Thanks

Diazruanova

 

Hello,
Thank you for your report - the false positive should be corrected now if you scan again

 

Joe, hate to call you on the carpet but I need some clarification. Is Edge in reality, another AV product that uses "In the cloud technology" like Panda and McAfee. I mean what distinquishes Edge in its ability to protect, over other AV products. We will come back to this.

Zero day detection is used by all now, and it seems that if product A detects it, it can make this claim. But isnt it still based on 3 factors. Signatures, Hueristics and Community feedback to the vendor. The time has come my firend, to start slivering that fine line that seperates Edge from the rest. Hopefully you can, because if you cant, then Edge deseves to be in the AV forum. And I am going to hard press you on this.

 

Even though they now run in the cloud, (AFAIK) all AVs just use the cloud to distribute simplistic signatures faster. Our difference is that we don't have huge teams of malware researchers sitting around all day analyzing samples and writing definitions. We have huge teams of data centers analyzing samples and writing definitions (granted, we have malware researchers to tune the rules in the databases )

We take community feedback extremely lightly because of how frequently it is abused so we differentiate ourselves from other "community" products because of that (actually, all feedback from users in the community is sent into a manual queue and no determination changes are made automatically because of the potential for abuse).

Edge has a unique advantage over other software because of its ability to actually analyze all of the metrics on an infection, from behavior to popularity to age to signatures to heuristics, etc. etc. which leads it to make a decision on a program based on intelligence rather than whitelisting/blacklisting as many of the vendors are using in the cloud right now.

I believe our cloud technology is years ahead of the other vendors, who are mostly just using simple hashes of programs to check with the cloud. They have a lot of ground to cover and will run into many/all of the problems along the way that we solved 3-4 years ago so I don't think we'll have a direct competitor for quite some time (even if their advertising blurbs make it sound like their "in the cloud technology" can block 500% of all malware, predict the winner of popular sporting events, cure cancer, and find me a good rate on my car insurance).

 

I only say this because as much as I want to agree, every security forum I frequent and view postings by members, there seems to be a uniform disagreement with what we are being told.

 

The data is coming from the user's computers and NOT from the users themselves - that is the difference. Some products use a user-based approach where if the user clicks 'Allow' their database logs that and then says if x% of users have clicked 'Allow' it will always click 'Allow' - that is <not> what we do.

Our researchers do not sit and write definitions: they periodically will update heuristics, but they do not go and find a sample of, say, XP Antivirus and mark it. They will mold the heuristics to better handle it if necessary in the case that a program was not automatically found. However, we see literally tens of thousands of new malicious samples per day and the reason why we can stay on top without huge cost is that our infrastructure is scalable - it doesn't require more manpower to handle more samples. Infections are always changing and nothing is perfect which is why we still have researchers to keep up with mutations that can't be caught automatically. Our systems prioritize infections and report many screens full of data to the researchers so that they can quickly make a decision on the file. The database then finds correlations between the decision which the researcher made and other samples and will mark similar infections as bad automatically and then handle variants and mutated infections based on the original decision as bad.

False positives are a completely different story. A majority of the false positives reported here are on unpopular software and by the time I get a log with the file in it, the database has already corrected the determination so I don't need to do anything. However, of course there are times when a signature became a bit too heuristic and needed taming and the opposite is true as well. Some pieces of software do bizarre things you would never expect them to do which is why they get flagged. When I "fix" a false positive, I mark the original file and then forward the file on to the research team to correct that part of the heuristic engine to prevent future similar false positives.

Our false positive rate is barely noticeable (far less than 1/1000th of 1% based on some rough math) compared to the staggering number of infections we block every day and the masses of good software we see every day. FPs just rise to the top of forum posts while real detections remain hidden because most of those users aren't on Wilders with 15 active security products

 

Any false positive I've received, has been on a portable program from www.portablefreeware.com or www.portableapps.com. But that's expected as not many people are downloading or even using those programs. Otherwise, no problems at all.

 

If I set Comodo to "Block All Mode", the scan never starts, and a series of messages results; then, when you go to the main screen, this is how it shows. So Baldrick may have gotten disconnected somehow. I think Triple Helix is right, since Prevx Edge relies on an internet connection to run. Even though Prevx Help says the scan should have run again if it was interrupted, who knows what can sometimes happen.

 

Yo Joe: Just noticed that program authenticates EVERY time I execute the newest version of xPlorer2 Lite, causing a small delay to bring program to screen. Didn't do this on the old version. Can I set something to prevent it from doing this EVERY time?

 

We are working on improving this - a new update should be out by the end of the week (if not live it will be at least at beta).

For now, can you email me a scan log? I can improve the performance without requiring a software update

 

What is all the difference

1. A user receives a file that the scan agent deems suspicious (for example, an encrypted or packed file) and for which there is no signature in the local .DAT database.
2. Using McAfee Artemis Technology, the agent sends a fingerprint of the file for instant lookup to the comprehensive database at McAfee Avert® Labs.
3. In less than a second, if the fingerprint is identified as known malware, an appropriate response is sent to the user to block or quarantine the file.

 

Edge doesn't just send a fingerprint of the file to our database for a simple lookup. Edge analyzes programs and identifies their functionality statically and dynamically by analyzing their behavior while they run. As a program runs, if not already trusted, Edge will send up the data where our database analyzes all of the information to find unknown malware - unlike McAfee's solution which looks for known malware.

This allows us to block completely new threats as well as threats which are variants of known malware with no actual manual analysis required.

 

Thanks for explaining

 

Got the scan but don't know how to upload to you. What is the secret to that?

 

You aren't psychic? Click Tools and Settings and then Save Scan Results and save it to a file somewhere and then email that to the address I PM'd to you

 

Done and DONE!

 

Hy boys!
Do you think that Prevx Edge (free) united with an hips with file protection, such as Real Time Defender or EQSecure, could be a good security solution?

When PrevxEdge find anything than popup appear, and RTD's (or EQS) file protection will ask me if allow/deny the creation/modification...

Am I right?

Regards

 

Question for one of the prevx guys:

Can prevx protect against and disinfect fileinfectors such as virut and sality?

 

These are some very difficult file infectors to handle for any vendor. We have a solution to detect and remove file infectors by downloading clean versions of system components automatically during cleanup but virut and sality are really quite difficult for any AV to handle 100%. I think our solution is strong against them, but even so, whenever I see a user with a file infector like virut or sality, I generally recommend that they reinstall their OS and delete all programs.