False positives / Missing detections thread

One last thought, how can something that says they use cloud scanning have such a issue. If anything you would think it would be the other way around. Prevx is a AV, plain and simple.

 

The iebrshim.dll FP was caused by one of our researchers manually determining it as bad - the file hooks the browser which is probably what caused our researcher to think it was malicious.

Cloud AVs are just like normal AVs - newly created rules/signatures affect every other file. I would like you to look at any other AV which also produces FPs (so any AV). Just because a file is not detected one day does not mean it will not be detected the next day - look at every AV product: they, at one point, all say that a file is clean, then after updating signatures you will see that the file is detected - the same works in the inverse for false positives. Every changed detection affects every other detection in Prevx and in every other AV.

 

I disagree, with respect. Look here and forget about the validity of the tests, but look at the yellow for suspicious, that is how to me, cloud scanning works. On their site it says: "c) detection of suspicious file (detecting yet unknown malware by the method of informing the user about suspicious characteristics of a sample under analysis. Examples: "Suspicious file"; "VIPRE: Suspicious")

That is real cloud scanning and who is using it, not red.

 

From the Vipre site, seems to match those calculations, or how they are calculated.

NEW - MX-Virtualization™ analyzes malware in real-time, in a secured memory "lock box" that emulates Windows. MX-V fools the malware into thinking it has taken over your PC. MX-V allows VIPRE to observe how the malware behaves and kill it before it can harm your PC. MX-V technology is the safest way to protect against zero-day threats.
IMPROVED - VIPRE's Genscan™ and Cobra™ heuristics use super efficient dynamic pattern assessment to determine if something is malware.

And we already know how Artemis works. Prevx just pops it, plain and simple.

 

And boy, I may just owe IC a very big apology.

 

If you could please check the signature database size of Prevx and note that it is 0 you'll be able to see that we are a cloud AV Our VirusTotal scanner has none of the behavioral analysis pieces, file infector detection, exploit detection, or any of the more indepth analysis components which is why we don't have yellow bars and why those tests are completely and unequivocally irrelevant.

 

Vipre is actually the complete opposite of cloud analysis - all of the analysis takes place on the user's PC.

Yes, by sending simple 1-to-1 checksums to the cloud, something we moved away from years ago as it is ineffective (to say the least).

 

well, we both have better things to do so, I guess this boils down to, "Time will tell."

 

Hello all,
We've done some reassessing of the usefulness of this thread and have determined that it really does not bring any benefit to our users. Virtually all of the FPs reported here just result in one of us requesting a scan log, making the post here just an unnecessary hurdle.

We have an email address set up for false positive/missed detections which will be much easier to manage and report to: report@prevxresearch.com. If you could follow the instructions in this post: https://www.wilderssecurity.com/showthread.php?t=245129 that will allow us to get at your log file as quickly as possible.

Alternatively, you can write into our customer support inbox to report a misdetection directly, or you can right click on the file in the product and select "Report as a false positive". The latter approach will not result in a human response but it will allow you to immediately remove detection on your local system.

You can also send one of us a PM but that isn't as optimal as sending an email as it is then limited to only the Wilders support staff to analyze it, while an email submission can be viewed by any of our researchers.

For now, I'm going to close this thread. Feel free to continue any discussions outside in another thread within our forum, or contact us by PM/email/inbox and we will be happy to discuss anything further.