Prevx2

As far as testing its detection ability against Prevx1, you are right, there may not be much of a difference. But test it in 2 weeks and see what happens. A lot is going to happen in the next 2 weeks.

 

Hi!
any details on the new Sandbox and how it works, or is it something at server level and not at client??

Thanks,
Fax

Whats new - Prevx 2.0 Beta

- Improved real time reporting and malware determination
- Faster determination process
- New community database structure
- New rules engine
- New jail functionality
- New policy structure and increase number of security policies
- Improved Registry protection
- New "Sandbox" style analysis engine for analysis or unknown programs
- Improved compatability with 3rd party products enabling Prevx 2.0 to co-exist
- New Enterprise features and functionality for Corporates
- Support for 200,000+ agents within a Corporate

 

new sandbox?

Who will know what will happen

http://www.effedieffe.com/tasti/img/nuclear-bomb-explosion.jpg

 

I ran both versions, XP and Vista of Prevx2 and they run really smooth; these are beta version and are stable, can't wait for the final versions.

dja2k

 

nice!

 

Its funny. All the things I read on the Prevx site, when I first purchased it, sounded so good. A product that "might" replace all my other stuff. Well it was good, but it didnt replace everything. But in about 13 days, this may very well change. These folks, Stubbs, Notok, and others, did the beta and finished product right. Light? Yes. Can it detect? Well lets see when some reputable testers check it out. The world is a changing, and it wont be to much longer.

 

hi, folks: Since Prevx2 beta has been released for public testing, I thought it will be appropiate to post my concern here seeking similiar ones and perhaps some advices. During installation, AVAST home flagged one of the dll is trojan, I ignored it by disabling Avast's on-access scanner. After installation and window booting, Avast again alerted me the following file as a trojan horse:
libdctmt.dll malware name is Win32:RPCexploit
Avast can not remove/move to chest, because access is denied. Now each time after window booting, I have to go thru the very same headache again. Has anyone else had same encounter as mine. Is this Prevx's or Avast's fault ?
Or just me?

 

It's probably a good idea to disable your AV when running the Prevx install - then enable after reboot. A false positive is usually the fault of the product highlighting the fp. Have you contacted Avast about this?

FWIW, Nod32 appears to be happy with my libdctmt.dll file.

 

It's both our faults That particular DLL contains a few generic signatures that we use for detecting the RPC exploit and some others. It seems that Avast is detecting our sample code as the exploit itself. A false positive on behalf of Avast and an oversight on ours for not scrambling the data. We are looking to work around it.

 

Hi, folks: Thanks for speedy reply. I will just ignore it for now. Hope the correction will be ready soon. Thanks.

 

Antivir is popping the same. Ignore seems to do nothing, eventually it will ask me the same.

 

Hi, folks: That means some AV's are better at detecting some trojans such as the ones packed in Prevx2's file than others.. If the AV's alert bothers you, I would do this to remove it temporarily: shut down prevx2, remove the said file to a new folder for safe keeping for now. Or let AV to move to holding section. If the trojans in question ever infect our box, AV will detect them; no harm will be done. I do hope folks at Prevx can fix it ASAP.

 

I am having no issues with it and Antivir PE.

 

Which alert with Avira?

 

Fao EraserHW/Notok

A few questions with reguards the software capabilities but first off i have to express my approval of the blacklist/whitelist combo.Its the way to go when/if coupled up with raw disk reading under the hood

Does the new PrevX engine have the advanced capability to do what the PrevX Gromozon removal tool does very well....in short can it bust Rustock B(or Gromozon) if it is already loaded onto a system ?

How does it fare against Haxdoor(Poof/ntio256),Wincom32 and other advanced rootkit malwares when they are already native ?

Finally based on my own experiences(and targeted research/malware hunting etc)i'm seeing a steady increase in patched system files underpinning some current real nasty infections.

How will PrevX react when for example introduced onto a computer where say winlogon.exe/ndis.sys have already been patched by malware.Will it alert to the presence of it(if known variant) and subsequently can it disinfect the file or effect a clean up as such ?

The reason i ask is my *fav* software ticks all but one box there at the moment,i still hope that i can find a software that ticks all the box's but no takers yet(although plenty claim to be using very *advanced* technology ).

TIA

Ade

 

Hello!

I just installed Prevx2. Installation went smoothly. Startup is quicker. I like the new gui. It is looking really good. It is running along side with KIS6...no problems. Looking forward the final release.


Kristian

 

@ Pedro, the tests I did, are simple tests, anyone can do them, but I didn´t want to go into details because I think they (the Prevx company) should figure it out for themselves, I mean they are the experts right? And it´s just my point of view, I´m sure it perhaps does a great job in removing malware, perhaps even at spotting malware, but I´m mainly interested in the HIPS part, and I´m not impressed.

 

Yep, but still... you posted a quite strong but then you don't explain how did your arrive to that conclusion.
So, its normal that users may doubt about your assessment regardless it was limited to Prevx HIPS functionality.

Fax

 

We're working hard on it. We already had a first version of antirootkit module in Prevx1 but we are really improving it. Our test reported very good results about detection of actual rootkits, and we're implementing some new and interesting concepts.

This new module is still not ready, it'll come more likely as update a little after Prevx 2.0 release.

 

Avira FP should be fixed now

 

Hi, folks: how about Avast's F.P. ? I have report it to them thru built-in report, and meantime have the file in question held in Avast's chest. I just can not bear the repeated popups each time window booting up. Any dialogue between Avast and Prevx ?

 

Going to sort it out too

 

Is there any eta for Prevx2 final ?

 

12 days from now

 

Hi!
Something I really miss in all versions of PREVX is a "time stamp"

So, under program activity I get a good overview of what is going on in my system but I don't have a clue when all of these has actually taken place.

It could be 2 second or 2 weeks ago.... I think its a basic information that any monitoring tool should have nowadays.

Cheers,
Fax