Bear with me, for at the moment I have no system that I can look at, and confirm with 100% certainty that isn't already part of Prevx, but considering this (https://www.wilderssecurity.com/showpost.php?p=1787121&postcount=8) and the liberty I took to search Softpedia for Prevx screenshots, which I only found for SOL (http://www.softpedia.com/progScreenshots/Prevx-SafeOnline-Screenshot-143278.html), I'd assume that, at the moment, Prevx does not have the option to send a file to ask Prevx team to verify whether or not is false positive, correct? If I'm assuming it correctly, then it would be nice to have that option, IMO.
When a file is detected, you can in the UI of Prevx right click and choose 'report this file as false positive'. I always assumed this alerted the devs of Prevx so they could look into it while at the same time put the file on 'ignore' locally. Can someone please confirm this?
It's been suggested many times but they prefer to send a scan log to report@prevxresearch.com or you can upload the file to VirusTotal! And here is the screens shots of Prevx 3.0 http://info.prevx.com/help.asp TH
What about right-clicking the detected file and mark it as 'false positive'? Does that just override the detection locally and not sending the information to the team behind Prevx?
I'm pretty sure it does but Joe will confirm! But any possible FP's that I have I always send a scan log to report@prevxresearch.com TH
Thanks! I was at that page yesterday, looking for some other info, and I totally forgot there were screenshots there! -Edit- I also just found them at Softpedia. Odd, when I search for Prevx, only Safe Online appears in the results. I searched Prevx 3, and Prevx also appeared. This image (http://www.softpedia.com/screenshots/Prevx-CSI-Free-Malware-Scanner_2.png) does show the option to report as a false positive when right-clicking.
The thing is it could be abused by malware writers so when you mark it as a false positive it still has to be checked by a Prevx malware engineer to make sure it's a FP or true malware IMO! TH
It both overrides the detection locally and it sends the report to our research team. Files aren't change automatically centrally, however, as malware authors do tend to try to abuse the system, so there is a manual process involved to correct possible FPs. Because of this, it is sometimes faster to send a scan log in as we can be much more certain that it is a human doing a legitimate action
I'll just make use of this thread, considering the title is very wide open to suggestions. I don't exactly remember where I've seen it, nor if it was strictly regarding Prevx, but it made me think about it, and specially regarding Prevx. My suggestion means to reflect the protection Prevx could provide when the user is offline. I was wondering what do you guys think of implementing a behavior analyzer? This protection could be provided by checking processes behaviors against a list of known malicious behaviors. (No annoying alerts like HIPS. Simply check the behaviors processes are having and if a match is found to one of those that are known to be malicious, then block the process. Obviously, a white-list would be needed for legitimate processes.) Well, for now is all I can think of... It's already 3 A.M and I'm sleepy! Feel free to enhance this suggestion!
V4 will have some offline protection and we are all waiting patiently to see what Prevx comes up with! TH