I dont understand Prevx, please help.

[Lebowsky]

Hi Guys,
i have seen a couple of videos on youtube showing how Prevx stops malware from infecting the system, and its pretty impressive.
What exactly is Prevx?
Is it like a HIPS application, or is it more like a really good Antivirus application.

I am asking because, a) the malware scans are wicked fast, and that is never the case with Antivirus apps. like Avast, avira etc.

b) It dosent let any malware through in those tests, which is again unlike Avira and Avast etc.

How does Prevx work? Why is it so effective and so lightweight,
and yet better performer than Avast and Antivir etc?
I dont understand.
Please help me figure out, that if i decide to buy Prevx, and shift from a HIPS application that i currently use (dwall) what exactly am i doing?!

I hope my question makes sense, i you need any more info. from me i will be happy to supply it.

Oh, i am running XP SP2 x86 (i dont really like vista or win7)

[Lebowsky]

Also the reviews on youtube are using Prevx Edge, but i went to the prevx site, and i only see Prevx 3.0?

[Triple Helix]

Here is some info to look through! http://www.prevx.com/freescan.asp and here -http://www.youtube.com/user/PrevxResearch- and here http://www.prevx.com/certification.asp

It's a total Anti-Malware security product it use to be Prevx Edge and now it's just called Prevx 3.0! The whole database is in the cloud on there network so it's always uptodate without downloading signatures it picks up malware on Regular scans and on Execution only it does not scan email clients but if you have malware that came in an email and you tried to Execute Prevx would Block it! It can be run on it's own or if you like you can run another AV with it or just keep Defencewall!

If you need more info PrevxHelp will be by ASAP to answer any other Questions you will have!

HTH,

TH

[Lebowsky]

I appreciate the quick reply Triple Helix

I am a little concerned about 1 thing, and would like your thoughts on it.
Suppose a rootkit executes on my pc, and Prevx is running, so it detects it successfully,
and prompts for a full scan.
I do the full scan, and Prevx says the rootkit is detected,
and it needs to connect to the cloud to download instructions to remove the rootkit.
BUT, the rootkit has killed my internet access!
(as it happens a lot, in my experience cleaning up friends computers)

How will Prevx then proceed with the removal?

[PrevxHelp]

Quote:

Originally Posted by Lebowsky

I appreciate the quick reply Triple Helix

I am a little concerned about 1 thing, and would like your thoughts on it.
Suppose a rootkit executes on my pc, and Prevx is running, so it detects it successfully,
and prompts for a full scan.
I do the full scan, and Prevx says the rootkit is detected,
and it needs to connect to the cloud to download instructions to remove the rootkit.
BUT, the rootkit has killed my internet access!
(as it happens a lot, in my experience cleaning up friends computers)

How will Prevx then proceed with the removal?

Without requiring internet access, Prevx has numerous modules which will work to restore your internet connectivity if it is required, or, in the worst case, Prevx will perform a partial local cleanup without requiring the downloaded instructions and will then continue online once connectivity is restored

[Triple Helix]

Just an Example your should read through the blogs this is a good one on the TDSS RootKit!

http://www.prevx.com/blog/139/Tdss-r...s-the-net.html

And it would be best for Joe (PrevxHelp) to answer your great question!

And if you were ever infected and unable to clean see picture attached:

TH

EDIT: As usual Joe is quick!

[Lebowsky]

Wow, never seen a guarantee like that before....

I usually carry MBAM with the latest definitions downloaded via manual update on my USB stick when friends call me over to clean up their PC's.
Most of the time, MBAM will fail install, or if installed fail to connect to the update server to download the latest defs.
They usually have an antivirus like Norton installed, but the rootkits just sail past their realtime protection.

I have seen Prevx do much better, but i just saw a vid where MBAM detected the security tools fake av, and removed it, while Prevx wasnt able to.

I guess a layered approach is the only thing that works these days.

[Triple Helix]

Quote:

Originally Posted by Lebowsky

Wow, never seen a guarantee like that before....

I usually carry MBAM with the latest definitions downloaded via manual update on my USB stick when friends call me over to clean up their PC's.
Most of the time, MBAM will fail install, or if installed fail to connect to the update server to download the latest defs.
They usually have an antivirus like Norton installed, but the rootkits just sail past their realtime protection.

I have seen Prevx do much better, but i just saw a vid where MBAM detected the security tools fake av, and removed it, while Prevx wasnt able to.

I guess a layered approach is the only thing that works these days.

I've always been very happy with Prevx 3.0 and now with SafeOline it's hard to beat! But I also like the layered approach to anyones security setup as I have NOD32 AV and they work very well together!

TH

[Lebowsky]

Quote:

Originally Posted by Triple Helix

I've always been very happy with Prevx 3.0 and now with SafeOline it's hard to beat! TH

Yeah, its hard for malware to get through Prevx, thats for sure.
But these modern 0day rootkits, they are everywhere these days,
and i'm afraid they are going to get more and more common.

My dream setup would be HIPS + Prevx + Virtualization.

But i am lazy when it comes to my own pc security, but because i have relatively safe browsing habits, i hardly get any serious malware on my machine, even when antivirus and hips is turned off, which is most of the time.
A quick scan with Mbam and superantispyware gets pretty much everything.

[PC__Gamer]

Quote:

Originally Posted by Lebowsky

Yeah, its hard for malware to get through Prevx, thats for sure.
But these modern 0day rootkits, they are everywhere these days,
and i'm afraid they are going to get more and more common.

My dream setup would be HIPS + Prevx + Virtualization.

But i am lazy when it comes to my own pc security, but because i have relatively safe browsing habits, i hardly get any serious malware on my machine, even when antivirus and hips is turned off, which is most of the time.
A quick scan with Mbam and superantispyware gets pretty much everything.

ive only had Prevx fail on 1 file for cleanup in my testing, but even then it directly me to support within the software for them to manually delete it for me, so either way, protected! (I didnt contact support, as i knew what i was doing and just deleted everything manually)

Prevx offer 100% guarenteed removal, as if they engineers cant fix it in 14 days, you get your money back.

Prevx is an AV (in the cloud), a community (in the cloud), a HIPS/Behavour blocker all rolled into a package around the 1mb mark.

even on missed detections, these are usually caught by its other means.

its pretty darn impressive, and so role-on Prevx 4.


----

basically, lets say a file on your system gets infected, Prevx actually supplys your PC with those windows files and replaces them with known good ones from the Prevx cloud while chucking that bad one out

..well, i think this is still the case.

[Dark Star 72]

Quote:

Originally Posted by Lebowsky

My dream setup would be HIPS + Prevx + Virtualization

Why not add Prevx SafeOnline to DefenseWall which I believe you use. Quite a few of us at Wilders are running this combo, very light, very fast and add in something like Shadow Defender, Returnil or Deep Freeze and that is about as bullet proof as you are going to get.
If you get a zero day on your machine DW will neuter it until Prevx knows about it and then Prevx will remove it for you
Reboot your virtualiser and your back where you started.

[TonyW]

Quote:

Originally Posted by Lebowsky

i just saw a vid where MBAM detected the security tools fake av, and removed it, while Prevx wasnt able to.

The problem with fake security programs is so often they're not malicious per se. They may contain buggy code, but that's about it. Their main purpose is to extort money from you.

More & more anti-malware programs are detecting these in a category of their own. However, it is more time consuming to add these to databases because the files are not deemed truly malicious.

If Prevx, or any other anti-malware program, doesn't detect the rogue and you know it IS a fraud, submit it to them. I have done this on a number of occasions.

[Lebowsky]

Quote:

Originally Posted by Dark Star 72

Why not add Prevx SafeOnline to DefenseWall which I believe you use. Quite a few of us at Wilders are running this combo, very light, very fast and add in something like Shadow Defender, Returnil or Deep Freeze and that is about as bullet proof as you are going to get.
If you get a zero day on your machine DW will neuter it until Prevx knows about it and then Prevx will remove it for you
Reboot your virtualiser and your back where you started.

Oh man, Defensewall+Prevx+Deep Freeze sounds bulletproof!
I have a lot of experience with Deep Freeze, and its awesome, and works flawlessly on sp2.
Dream AV was missing, but i think Prevx is the one!

[Triple Helix]

Quote:

Originally Posted by TonyW

The problem with fake security programs is so often they're not malicious per se. They may contain buggy code, but that's about it. Their main purpose is to extort money from you.

More & more anti-malware programs are detecting these in a category of their own. However, it is more time consuming to add these to databases because the files are not deemed truly malicious.

If Prevx, or any other anti-malware program, doesn't detect the rogue and you know it IS a fraud, submit it to them. I have done this on a number of occasions.

I fully agree with TonyW no 1 product will detect everything and that's Prevx included if you find something that is not detected just follow this thread and send it to them! http://www.wilderssecurity.com/showthread.php?t=245129

TH

[Lebowsky]

Quote:

Originally Posted by TonyW

The problem with fake security programs is so often they're not malicious per se. They may contain buggy code, but that's about it. Their main purpose is to extort money from you.

More & more anti-malware programs are detecting these in a category of their own. However, it is more time consuming to add these to databases because the files are not deemed truly malicious.

If Prevx, or any other anti-malware program, doesn't detect the rogue and you know it IS a fraud, submit it to them. I have done this on a number of occasions.

Point taken. But some of the fake AV's, they will disable your regedit and your taskmanager, and disable antivirus sites like avg and avast!

I think over at the MBAM forums, you have this whole separate section where users constantly submit malware samples to be added to the definitions list, this amazing user contribution is probably the main reason why MBAM has such fantastic detection rates.

[Triple Helix]

Quote:

Originally Posted by Lebowsky

Point taken. But some of the fake AV's, they will disable your regedit and your taskmanager, and disable antivirus sites like avg and avast!

I think over at the MBAM forums, you have this whole separate section where users constantly submit malware samples to be added to the definitions list, this amazing user contribution is probably the main reason why MBAM has such fantastic detection rates.

Don't forget that Malwarebytes use to make Rogue Remover and that they included it in Malwarebytes Anti-Malware which would be great along side Prevx and your other security!

TH

[Triple Helix]

It's my personal preference not to use a HIPS because I feel that I don't need one as I run NOD32 AV with Prevx 3.0 and in Shadow mode when I do risky stuff on my VM's only for personal testing and if something happen badly I just reboot and all is fine again!

TH