Is Prevx good?

That is exactly what I mean with "strongly improved ProcessGuard": only those unknow files are flagged, that have not yet been classified as safe (reducing the number of popups greatly). I hope I can continue to use also V3 this way.

 

I haven't looked at Drive Sentry, but from my own experience using Prevx it does a pretty good job nailing new stuff just on default setup.

 

Definitely - all of our updating is done silently now (well, pseudo-silent: it will show a small progress bar in the corner while it is updating), and there is no user interaction required.

(And, as always, all definition 'updates' are just done community-side, no need for any downloads )

v3 is definitely "mother friendly" - that has been the mantra we've used throughout the entire development process of it - the one thing I hate most is getting calls at random hours from people trying to respond to a popup.

 

I think our implementation in v3 will fit your description here. We're still working on tuning the heuristics to cut down the number of popups even further, but we're giving the user granular control over exactly how strong they want the heuristics to be so we should be able to tailor to your needs fairly adequately.

(FWIW - we're configuring it so that the out-of-the-box settings are recommended and adequate in a vast majority of cases, basically for everyone except people that want to be shown popups ).

 

I shouldn't have to explain the progress bar too often. I've almost got her convinced that the "Welcome" screen at boot up is a good thing.

 

I still haven't gotten that far! Mine has almost mastered the ability to copy and paste.......

 

Great! I'm looking forward to start testing the v3 beta!

 

I went one step better and bought mine a new Vista Home Machine,so far she hasnt figured out how to turn it on.

I figure i got another good 3 to 4 months before she figures out where the power button is and by then,Ill have her use to Debian.

 

Well, here is what I have, I finally obtain the process in it's passive state, and the dead end as described bellow...
All scans I performed came up negative in passive state, however I'm wondering why these are cloaked when active?

Let me know how you want those files delivered!

Here is some more info for those of ya's interested...
I cant log into my Bit9 accounts to match those MD5 so if someone can run them through...

ATIODE.exe
Virus Total Scan:
File ATIODE.exe received on 10.08.2008 22:21:31 (CET)
Result: 1/36 (2.78%)
~Virus Total link removed per Policy. - Ron~

Prevx Info:
http://www.prevx.com/filenames/1095359873981453245-0/ATIODE.EXE.html

Process Library Info:
http://www.processlibrary.com
Oooops... Process Not Found
http://www.processlibrary.com/search/?q=ATIODE.exe

ATIODCLI.exe
Virus Total Scan:
File ATIODCLI.exe received on 10.08.2008 22:18:08 (CET)
Current status: finished
Result: 0/36 (0.00%)
~Virus Total link removed per Policy. - Ron~

Prevx Info:
http://www.prevx.com/filenames/180911876374742844-0/ATIODCLI.EXE.html

Process Library Info:
http://www.processlibrary.com
Oooops... Process Not Found
http://www.processlibrary.com/search/?q=ATIODCLI.exe

 

Hello,
If you try scanning again, the false positive should be fixed

Please let us know what you find.

 

Dont you need the file for reverse engineering?
No interest as to why this component is "Cloaked"?

You guys know something I don't? mind sharing?

 

We actually found a copy of the exact file (the first one) and it is legitimate by itself. There could be any number of reasons why it was accidentally reported as a rootkit, most likely other software interfering, but, there should be nothing to worry about.

If you are still concerned, you can drop me an email with a new log after scanning again and I'll check it out manually.

 

Legitimate, that it may... I still saw the cloaking behavior protecting this file and I'm incredibly curious as to why it's not signed or registered, and since I"m completely unsure of it's purpose...

However, it certainly looks like it's either an obvious FP, or no one knows what the hell the file is or what it does...
I'll just take your word for it...

Thanks a bunch!

 

Quick question before I post my main question.

Would it be okay to also inquire about PrevxCSI in this post as well for FPs?

Clifford

 

Hello,
Yes - both of our products use the same database on the back end, so, please let us know whatever you have found or if you have any other questions

 

Well I did send the information through the website support help and got a reply, but me in my infinite wisdom, I scanned my PC again before I took a log or screenshot. <feeling a bit like a moron here>

I did get another listing for a program that I did get on a subsequent scan this very same day. It was for Produkey.exe and I did save the detail.

I'd attach a screen shot here if I could figure out how and attach the file of the log here, but I cannot see how to at this minute. I will send the log through the site. I wish you folks utilized email support instead of through your site. With email I could track what I sent, but that is the way it is so I'll comply with your preferred methods.

Clifford

 

Hello,
We have fixed your false positive - if you scan again, it should be corrected.

As for our support site: it's a lot easier for us to have our own web-based system for tech support. This way, we have your license key and any past communication right on hand rather than trying to wade thru emails.

If you have any further questions, please let me know!

 

Ah, thank you for the resolve and the clarity on the web based support. I can understand now that you make it clear.

I really appreciate the quick response.

 

No problem

 

If you are the same nice person who responded to my online support request through the web page, which false positive did you change?

The psires.dll or the produkey.exe or both?

 

Hello,
I fixed your produkey.exe false positive, however, the other one was handled by another researcher, so, you should no longer experience any problems with either file (if you do, let me know )

 

I'm a registered PrevX2 user.

Coming to the v3 version of Prevx mentioned a few posts ago i'd have a question:

There'll be a mode to be able to set the security option in a similar way of Pro mode of PrevX2?

Only to make an example: will it have Network Outbound protection so you can be alerted and be able to set outbuond permission or deny even for trusted application?

thanks in advance

 

Hello,
That feature, and similar features, are complex and for advanced users who want to cause antivirus popups on their system . Our goal in v3 is to make it as simple and transparent as possible, so, we have not included more advanced features such as network outbound protection. If you really want network outbound protection, you may want to consider getting a firewall In the end, if something malicious was trying to connect out, we'd stop it far before it ever got the chance to.

We've moved virtually all of the decision making into the database back end so that we will rarely ever prompt the user for anything. If you do like being prompted, you can continue using Prevx2, which is more of a classical HIPS approach than v3 which is a very fine tuned "tribrid" of intelligent blacklisting, intelligent whitelisting (i.e. - not just plain 'block everything you don't know about'), and Community-based analysis that suppresses any unnecessary popups or warnings.

The real valuable technology in v3 is under the hood, and the best way for users to see how valuable it really is would be to install it on their mother's PC and check back in a year and see that she had not gotten infected even after downloading 'Digital Bingo' (aka a polymorphic worm via 0-day exploit, probably not what she was expecting!)

Hope that helps!

 

Umm..I don't want to jump in too early or too strongly here, but I find the last post from PrevX Help a bit unsettling: bear with me if you will: while on and off in the recent past I've been po'd by various issues with PrevX: I have been a long time (although occasionally strained to the limits) supporter, and so in that vein..

? What: no granular control?
In my limited experience 'simple and transparent' in software equates to user control, not an invisible barrier configured on a server doing unseen stuff ??
That server always up ??

Ummm.. how will we know what is happening ?? and what was trying to connect out or run ??

What: installs??...nothing ??

Hhmmm not sure I like that: care to elaborate

Sorry, don't like meaningless neologisms mixed with bizarre marketing speak

Unsubstantifiable hokum at this point in time IMHO: be too bad if Mum's had her ID, credit card and bank accounts hacked
LOL, my mum for one gets lost in the oddest places in the web

Hey mate: I use pro settings are you suggesting I'm an advanced user : cool
Or are you suggesting that advanced users need not apply.

Before this post gets out of range: Please, a lot of peeps ( even maybe some of the non-wilders users !! ) have had a lot of patience and faith on the line with PrevX: we are hoping for an improvement not some high spec spin job that will own our box: MS already tried that.

PS: my current license expires in 3 days: do I renew
Regards