Age/popularity heuristics

Discussion in 'Prevx Releases' started by BoerenkoolMetWorst, Oct 10, 2011.

Thread Status:
Not open for further replies.
  1. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    3,405
    Location:
    Outer space
    I was trying to trigger the age/pop heuristics by executing rare and newer software but I haven't been able to trigger a detection so far. Even with both age and popularity set to maximum it does not trigger on software that would normally have been triggered with Prevx 3 on lower settings. Is it fully working?

    Also I did this to check if some improvements were already implemented which I suggested here and were confirmed for v4:
    http://www.wilderssecurity.com/showthread.php?t=283838
    Are they implemented in WSA?
     
  2. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    The Age/Popularity heuristics now take into account the behavior of a program. As we're just coming out of the beta, the Age/Popularity heuristics aren't fully enabled but once we establish a good baseline of users, we'll be turning them on.

    In the meantime, you can set specific areas to block any non-whitelisted file or by raising the Advanced Heuristics which will show a "HIPS" warning like the one below:

    image003.png
     
  3. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    3,405
    Location:
    Outer space
    Thanks.

    How to do this? Are these the options in the Core system shield which are already enabled by default?(Except for HOSTS file modification.)
     
  4. Romagnolo1973

    Romagnolo1973 Registered Member

    Joined:
    Feb 17, 2009
    Posts:
    505
    Location:
    Italy - Ravenna
    pc security - edit heuristic - set "warn when new programs execute taht are not trusted", in this case you bypass heuristics and are you that decide what allow or not
     
  5. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    Exactly :thumb:
     
  6. TonyW

    TonyW Registered Member

    Joined:
    Oct 12, 2005
    Posts:
    2,533
    Location:
    UK
    Just to clarify in case anyone is trying to find this - find it here: PC Security/Shields/Edit Heuristics.

    Alternatively, click on Settings and go to Heuristics.
     
  7. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    3,405
    Location:
    Outer space
    Yes, but that is about the execution of untrusted files(a nice feature btw), but I asked about blocking modifications done by untrusted files, like setting itself up to automatically start on boot like shown in Joe's screen.
     
  8. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    You can do that by raising the Advanced Heuristics one or two levels from the default Medium.
     
  9. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    3,405
    Location:
    Outer space
    Thanks :)
     
  10. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    3,405
    Location:
    Outer space
    WSA has been released for a while now and a lot of old Webroot customers have been transfered, so are they completely enabled now?
     
  11. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    I believe they're still slightly different than the P3 age/popularity heuristics in how they work (as they're taking into account the behavior of files still) but we're currently working on tuning them fairly regularly to see how to best work within the configuration :)
     
  12. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    3,405
    Location:
    Outer space
Thread Status:
Not open for further replies.