OFFICIAL RELEASE - Prevx 3.0.5.10 with SafeOnline

This manual update doesn't have the blue SafeOnline GUI, instead it has reverted back to black Prevx 3.0, is this normal? Remember last time I had to do this, you advised to uninstall/then reinstall, should I go back and redo to get the SafeOnline GUI??

EDIT: Nope, didn't change it. Went ahead and uninstalled/reinstalled as before, only thing it did was lose my configuration on my protected sites. Will just wait next time for the auto update to do it.

EDIT2: Checked laptop, same version, its blue but desktop is black. Man, this is crazy!

FINAL EDIT: Am I embarrassed! Just dawned on me that I dl'd the Prevx version and not the SafeOnline version. Went back and dl'd the correct one, uninstalled/reinstalled and now all is well. Oh well, won't ever forget this one again!

 

Hello Joe,

Thanks for all your hard work you have had during several past remote sessions to fix my problems. The latest version .10 seems OK except one persisting issue. Still having IE8 crashes occasionally, the error is always the same with those I have e-mailed you. No rule for crashes tracked. Otherwise all is OK with this Prevx version You know, I am not so bothered as I almost don't use IE. Just to let you know it, though.

Apart above, I noticed when a browser (in my case Opera or IE) is open and I start an application which needs to be confirmed via UAC, the backgroung is deeply black. However when no browser is open the background is transparent (i.e. you can see what is underneath UAC confirmation window), what is normal behaviour. When Prevx is uninstalled the background is always transparent. Anyhow it isn't a big issue which would deserve your large attention.

Out of curiosity, what level of HTTP configuration should be set in SafeOnline to enable take a screen shot?

Regards,
pegas

 

Hello Joe!
Whereas the above issues are not sort of urgency, can you comment upon though? The next issue I encountered is that when SafeOnline is enabled I can't type apostrophe (') and diacritic mark (ˇ) in my browsers (Opera and IE. Typing applications (Word, Excel etc.) are not affected, just browsers are.
Thx,
pegas

 

OK. I'm not seeing it show up but I think I know why now. I have a 64 bit machine so I'm assuming that until the native 64 bit is finalized I won't have the option of safeonline? Is that right?

 

That is right! Joe said they are working on it ASAP and it's only a few weeks away! https://www.wilderssecurity.com/showthread.php?t=257763

TH

 

That's good. Excited to try it out. It was confusing me why I didn't see it show up and then it dawned on me. lol I'm still getting used to having a 64 instead of 32 bit machine.

 

I have tried updating, but mine shows no update and still using 3.0.1.65 Is this right? I am using 64 it win7,
Should I manually download?

Answered my own question Just downloaded the file form the site and its updated.

 

Thanks for the information If you do happen to find some reproducible scenario, please let me know!

This is intentional - although it is a bit harsh, Prevx is blocking Windows from seeing the desktop, which prevents it from rendering it for the UAC prompt We may add an exclusion for Windows itself in the future but we don't want to open ourselves to the potential for exploits piggybacking on Windows to take screenshots.

Setting it to "High" will allow screenshots to take place.

Thank you for the information We will have this fixed in one of the next updates.

 

Yes, you're correct We are not yet pushing out updates for v3.0.1.65 users so if you would like to use the new functionality/new version, we recommend downloading it manually, as you have discovered

 

The crash logs from Opera and IE8 sent to you via mail.

OK thx for explanation. I dont have a problem with this I was just curious and I am glad that it is not another hitch but rather intentional feature.

Thx, yes it does.

NP glad I could help you.

 

Do you have a time-span for when 3.0.1.65 users can auto-update please?

 

We're still waiting to iron out a handful of minor issues but will hopefully have 3.0.1.65 users upgraded within the next couple weeks, provided no other AVs start producing FPs on the next versions.

 

I've experienced an issue on my Windows XP system between Prevx 3.0.5.10 with SafeOnline (paid) and Returnil Virtual System 2010 Home Lux.

When Returnil's real-time anti-malware component (called Virus Guard) is enabled, Prevx scans slow right down and take much longer to complete. With Virus Guard turned off, Prevx scans run at their normal speed. This suggests that Prevx and Virus Guard are conflicting with each other in some way. There was no other security software running at the time, other than Prevx and Returnil.

I know that it is normally not a good idea to run two anti-malware progams in real-time, as these kinds of conflict can occur; but I've always understood that Prevx was an exception to the rule, as it has been deliberately designed to be able to complement a conventional anti-virus.

I'm not really that bothered as I just turned Virus Guard off, but I thought I'd report it anyway so that Prevx could take a look and see if the problem is reproducible in order to get an insight into the issue.

BTW, Prevx 3.0.5.10 with SafeOnline is working just great here!

 

Hi Joe,
italian people with KIS & Prevx 3.0.5.10 said Prevx yesterday detect the klif.sys (kaspersky drive) as malicious and unfortunaly trusting in prevx more than in their brain they delete the file , so they need reinstall KIS (I know with rollback/undo cleanup they could solve easier, but they don't know)

Knowing Kaspersky problem we recommend set Kis (his pattern) on the exclusion of prevx but his drive located in system32\DRIVERS\klif.sys
was not and obviously prevx scan control it

Do you think is better exclude from scan the klif.sys too (I think is possible)? And it solve future problem?
In this pic you can see the FP and there are 2 registry voice about klif too, setting klif as excluded file on prevx scan automaticaly the registry key concerning it is non catched?
http://www.picamatic.com/view/5974024_2009-11-18_151915/
And if it is not solved, please set as safe this file.
Thanks

EDIT: is not on 3.0.5.10 but on 3.0.5.23 sorry
c:\windows\system32\drivers\klif.sys [PX5: A91D4FC710BCB6A7D0AB048E3CABDB0029BDF800] Malware Group: Medium Risk Malware
They said the same happens on some Ashampoo program, probably you are experimenting something new here

 

I don't think this is necessarily an incompatibility or clash, but more so that both programs are looking at the same files at the same time. Although the Prevx scan may take longer, it is basically guiding VirusGuard to run a scan alongside Prevx's scan as well, possibly finding malware which Prevx would have missed as well that VirusGuard wouldn't have normally looked at

Indeed it isn't ideal, but a few AVs do scan what Prevx scans - we generally haven't had too many complaints about it, however - as it saves users having to run a manual scan with their other AV

Out of curiosity, how long is the Prevx scan taking? It may be possible to add prevx.exe to the exclusion list within VirusGuard to prevent it from scanning accesses made by Prevx, but I'm not sure if they have that level of granularity available to the user.

 

We've corrected the FP but this is caused because security software drivers act almost identically to malware drivers - if we weren't flagging these files, I'd be worried

Let me know if you (or they) have any questions

 

Thanks for replying and for the explanation. I thought that was probably what was happening. The lengthened scan times did make the system fairly unresponsive for a longer duration at boot time though. Rather than lose the benefit of Prevx's boot time scan, I opted to turn off Virus Guard instead.

It was fairly inconsistent. Sometimes, the Prevx scan would run normally to completion; at other times, it would start normally and get a certain percentage of the way through (usually between 24% and 28%) then almost grind to a halt, proceeding at the rate of 1% every 10 seconds or so. Prevx scans could then take several minutes to finish, whereas normally they complete within a minute or two. They always did finish eventually though; I never once experienced a hang.

Indeed, it does not appear to be possible. Folders and files can be excluded from scanning, but I couldn't see an option to exclude processes. Nonetheless, I did try creating file exclusions in both programs to ignore each others executables, but it didn't help.

I am still a little puzzled about one thing though. The fact that anti-malware programs can interfere with each other's operation is well known, which is why the usual recommendation is not to run more than one in real-time. I thought that Prevx was supposed to be different, having been deliberately designed to co-exist with other security products without each program modifying the behaviour of the other. My main concern here is that if Virus Guard can have such a dramatic effect on Prevx scanning, there could also be a risk that mutual interference could prevent each program from responding in a timely fashion in real-time, potentially reducing the overall level of protection.

This is the main reason I decided to report this, in case you thought it worthy of investigation. As I said previously, it's not a problem for me to keep Virus Guard permanently turned off as Returnil is primarily a lightweight virtualisation application, not an anti-virus. As I use a layered approach which includes virtualisation and policy restriction, I am comfortable relying solely on Prevx as my only real-time signature/heuristic/behavioral based anti-malware program.

 

Joe did you fix the issue already? Only way to get it work now is to lower configuration for HTTP websites in SafeOnline to "Low". However configuration higher than "Low" doesn't enable me to use the key stroke. Having .23 RC installed.

 

Just to show you exactly what key I meant

 

Thanks for pointing it out - we haven't fixed it yet but it should be fixed in the next release

 

Any news yet Joe?

 

I think he said early this next week he is rolling out a upgrade.

https://www.wilderssecurity.com/showpost.php?p=1586432&postcount=16

 

PC Magazine has a good reason, good things come in small packages, what Prevx lacks in size it makes it up in technology, you have a utility the weighs in at a mere "5 Mb's"

Most modern antimalware utilities or suites include a large database of signatures to help them identify known malware. Some can't scan at all after installation, until they perform a lengthy signature update. The database keeps growing as new malware appears at an ever-increasing rate. And, of course, zero-day malware may slip through before a signature becomes available. The better signature-based tools supplement their scanning with behavior-based detection of new threats.

Patience..

Hogndog

 

We have pushed the automatic upgrade back to now take place on the release of 64bit support for SafeOnline to prevent a confusing split in the existing users, but any user can still manually upgrade by running the newer versions directly.

 

Thanks for the kind words This is exactly our approach and intention!