Prevx 3.0: PC Magazine Review

Oh noes - that's a disaster!

 

The advanced/full scan looks through <every> file on the system, so it will scan programs which are inactive in subfolders on the disk. However, these files can't actually infect your computer so it is largely unnecessary to scan them at all. We look for programs which are loaded in the system, programs which are referenced by the registry, programs in system folders, and anything that may be hidden by a rootkit in memory/registry/on disk.

The full scan feature was implemented because of a large number of requests from users who are used to using conventional AVs which have to scan through the entire system. Our approach allows us to look for real threats rather than files sitting idle that aren't harmful

 

Do I understand this correctly? It is possible that there can be a "nasty" in a program as long as this program is inactive. If this program becomes active Prevx comes to the rescue.

 

Correct - scanning files on-demand with Prevx won't really see what Prevx would block, and in many cases, if you have a folder like C:\backup\somefiles\fileswhicharentactive\, Prevx wouldn't scan it unless something actually tried to run from there or if something was registered to run from there.

Prevx will protect you when something actually tries to attack your system

 

Thanks PrevxHelp for the response. Somehow I got a feeling your product is a great one and even gonna get better in the future thats why I'm gonna give it my trust and try it out.

However, what do you mean by this:
Originally Posted by PrevxHelp

It can be dependent on the processor or on the harddisk. I've sent you a PM with my email address to send a scan log to so that I can see if there is anything we can do to optimize the connection as 10 minutes is indeed extremely slow relative to the rest of our users (the system I'm writing this on takes 9 seconds to scan )

Where did u send the PM?(sorry but I don't get what PM means)and how do I make a scan log?

You know 10 mins is just great enough for me. If I can wait for AVG to scan for more than 3 hrs how much more can I wait for Prevx to scan for 10 mins?

 

Great As always, let me know if you need anything

You can view your Private Messages by clicking "Private Messages" in the top right corner of the Wilders website:

"Welcome, PrevxHelp.
You last visited: Today at 04:13 AM
Private Messages:"

From there, you should see a new message from me with more detailed instructions on how to get a scan log to me. Let me know if you find them!

 

Well after reading all this I took the plunge and installed Prevx 3 on my Vista x64 pc. Later this afternoon I bought a one year license for the full version and along with a few on demand scanners I already had installed I'm happy to use this as my everyday realtime security app.

Very impressed to say the least. Keep up the good work.

 

Re: Prevx 3.0 & Prevx Edge

What is the turnaround time for analyzing such programs?
You sure must employ a lot of elves to do this analysis.

Well, I've seen pages with very erroneous statements about some software.
Your elves need help.

A sandbox just protects your production systems,but I do not see how it can detect truely malicious files that, say, plop an innocuous looking file that will later do a misdeed.

Well, the reason I posted here is that a month or so ago, I found 3 of my own programs listed, with very incorrect info about at least 2 of them.

I contacted you folkes, in April 2009, and the programs were whitelisted in a few hours, tho I have not yet verified this.

However, I was displeased with the lack of co-operation in one case.
Although the program was whitelisted, your old write-up stated that the program had been found with all numeric names at particlar web sites.

I offerred to download those files to determine whether the files were legit, so I asked for the URLs. I got no co-operation.

 

Re: Prevx 3.0 & Prevx Edge

We generally determine about 30,000 new programs as malicious every day and > 50,000 as good every day. The rest take a bit longer as we may not have enough data about them.

Filename is not a reliable way of finding out information on a program, however, it is the only way that the average user can understand. For example, http://www.prevx.com/filenames/X637823902852059119-X1/SVCHOST.EXE.html - obviously all instances of svchost.exe are not malicious, but there are quite a lot that are.

The other application of a sandbox which we are using online is to analyze every behavior coming from the program and then cataloging/generating reports. Examples of these are CWSandbox, ThreatExpert, etc.

If you could let me know (via PM or here) what program is still being detected, I will check through our database to see why this is happening.

We don't store the URLs in our database (for privacy reasons) so that may be why we couldn't help you get them. However, feel free to send anything you think is miscategorized to me and I'll be glad to check them out

 

Re: Prevx 3.0 & Prevx Edge

On 18 April 2009, I sent the following to Prevx:

 

Re: Prevx 3.0 & Prevx Edge

There are many possible causes for this - for instance, a file infector modifying legitimate software could cause warnings and if we see any infected files, we can't mark the entire filename as "known good" being that we would have seen an infection using that name.

The filename page which you've pasted shows that we aren't actually generating a false positive on any of the files so your users shouldn't have any problems with the files. Determining a filename as "always good" is near-impossible to do so we tend to err on the side of saying: "Currently being reviewed" as no software can ever be defined as 100% good

 

Good day,
I'm sorry if I'm adding to this 'thread', I should be posting in a dedicated prevx forum but I can't seem to find it in google(is there a dedicated prevx forum?), so joe I'll just ask it here:

Just last night(about 12 hrs ago) I did an on demand scan using another security product and it caught Trojan.Agent(C:\install.exe). The on access protection AV did not detect this and prevx also did not detect it in real time and on demand-I scanned twice(both scans still 10mins+). I'm really surprised at having this infection cause I don't visit the internet frequently and when I do I usually go to a limited number of sites. Is Trojan.Agent not in your database? and is it possible for me to send you this Trojan.Agent to be added to your database so it could be detected next time? The other product is MBAM.

 

No product detects 100% of threats, and there are thousands of Trojan.Agent infections but I can see what we missed if you send me a scan log to the address I've PM'd you

Also note that some free security products heavily use filename based detections so if you save a file to c:\install.exe, it will get detected, so we may indeed have not actually missed anything and it is just a false positive from the other product.

 

Hello,
I've checked out the c:\install.exe file and it is indeed legitimate - a component of a Microsoft installer

 

What do u mean legitimate? What should I do? Did I do something wrong by placing it in quarantine?

 

Yes, the file is not malicious - it was a FP from MBAM and is not a missed detection from Prevx. The file is just a temporary file used by installations, however, so removing it probably won't damage anything.

 

Re: Prevx 3.0 & Prevx Edge

That does not answer my question.

I was told that PageFileUsageMonitor was whitelisted on 20 April 2009:

I then followed up with:

And, on 21 April, I received the following:

It would have made your task easier, if you folkes had sent me the URLs for, at least the misnamed files, so I could tell you whether they matched any released versions.

Searching in Google, I find a number of web sites that offer obsolete versions of the program.As a result, I put the following at PageFileUsageMonitor:

 

Re: Prevx 3.0 & Prevx Edge

We don't have/store the URLs where programs originate from so it would be impossible for us to provide this information for you. The other filenames could be from a backup program or system imaging utility which renames files, not necessarily that they are hosted somewhere with different filenames.

 

Re: Prevx 3.0 & Prevx Edge

Well, then how do you distinguish among identically named files from different sources?

As you say, files such as svchost.exe exist in both legit and malicious forms.

Indeed, I just had two instances of a particular file flagged by KIS 2009, but not the versions in the system directories. The flagged files are apparently older versions that live in install directories, but are not actually used in real-time, as the system directories have more recent versions with the potential problems fixed.

In effect, to distinguish between both categories, software has to act as a real-time AV scanner, not only list as yet uninvestigated programs as potential malware.

Does Prevx act as a real-time virus scanner?

 

Re: Prevx 3.0 & Prevx Edge

Yes, Prevx is a realtime virus/malware scanner. We don't take the filename into account when we are building signatures - the filename is just stored for the filenames pages which you'll find from Google. We look at the underlying data behind the file rather than the name (which is almost always completely unreliable, as just demonstrated by tigerfish0303 who had a FP from another product on a file named C:\install.exe).

When a user is looking for information about a program they have, they search for the filename which brings up a page from us which queries our database about the determination over programs with that filename - not determinations against the filename itself.

 

Great many thanks, keep up the good work, it will payoff in the near future. By the way, is there no dedicated forum for prevx or is this it?

 

We did have a dedicated forum at Castlecops but they closed and we haven't opened a new one yet because Wilders seems to be the mecca of the techie world