Is Prevx good?

There is granular control, but not behavior-blocker type control like: "block all access to HKLM\Software\Microsoft\Windows\CurrentVersion\Run". Those features are complex and difficult to use accurately. Plus, far less than 1% of users ever even touch them.

You have 2000+ posts on a computer security forum You are an advanced user There are hundreds of millions of computer users out there who simply don't care about computer security (not that they don't USE security products, but they don't spend time tweaking/changing/etc.)

If the program you're installing is legitimate, we won't prompt you for it. Our database can determine the behavior of a program and interpret whether it is going to do something suspicious or not, therefore, we eliminate the unnecessary step to ask the user "do you want to allow this program to modify x" and just know that THIS program should be allowed to modify it, but a piece of malware, for instance, shouldn't.

Sorry to say it, but users make the wrong decision > 50% of the time Showing a popup asking the user if they want to allow or not is the wrong approach to developing a security product. The product needs to be able to decide, by itself, whether something should be allowed or not.

In v3 (and in v2 for that matter), behaviors are tracked and analyzed centrally and decisions are made automatically based on the analysis performed. We have configuration options in v3 which let you control each element of the heuristics, but we do not, for instance, have features like 'Program Monitor' which are very techie and frankly, they're done well enough in v2.

Yes - we are still supporting Prevx2 and will continue to do so. Prevx2 is very reliable and very stable. If you want to use the 'Pro/Expert' features of Prevx2, I would highly recommend renewing.

 

Flattery will get you...
Quantity aint = quality

High level trust required here
What if I want to know whenever any 'new' .exe or camouflaged .jpg, whatever, wants to run?
What if it's not in the DB @ PrevX?
What if it looks like it's doing something legitimate TO YOU, but I dont want it?

Encouraging

Are you talking about dropping these settings : see screeny.

So this is the essence of the major lateral move in the workings of PrevX V3?
( have to explain it in simple terms for me: slow brain waves down here)
I suspect I can get all this from NIS
What I wanted was some thing more specifically HIPS/IDS which is what I think is PrevX v2.

OOI, where does CSI stand wrt to PrevX V3: integrated or stand alone separate pay for tool??

 

If you do want to be warned in that level, you would fall under the level of people which would like our customizable levels of heuristics. Basically, in a nutshell, the new heuristics engine takes into account the raw community data and we let the user configure to, say, block all programs seen by a very small % of the Prevx community. Being that we have upwards of ~2-3 million users, this should immediately rule out all legitimate programs and bring all highly suspicious programs very quickly.

Yes, precisely. This screen is now redundant with the logic that takes place on the community level. If you actually want to block specific behaviors, there are other behavior blocker products out there (or Prevx2 when configured specifically). Very very very very few people actually use these features, and many of the people that do tend to cause more damage than help via unnecessary warnings.

Prevx2 is a classical HIPS with a community spin. v3 is a combination of a number of different technologies, along with HIPS/behavior monitoring, but done in a way that it is transparent and appears like a standard black/white normal AV to most users.

CSI's rootkit scanning/low level analysis/scan engine is built directly into v3, and you get a cleanup license as well as a realtime license. It will remain as a separate product as well for the users that only want to clean up and not receive protection.

 

Thanks for spending time here answering these Q's
I am being a bit of a pita I know, but just trying to get a grip from my simple end-user POV.

Hate to say it, but there's a big difference btwn 2 mill and 3 mill users.
Unfortunately, that is a drop in the www bucket.
I assume there is another data collection base?

Seems like the V3 with whatever engine improvements is PxV2 set at ABC level with CSI attached
??

 

seems as though Pinnacle has completed the journey Prevx 1 & 2 started. looking forward to experiencing this evolution first hand. would you ball-park the arrival of the Pinnacle public-beta?


Mike

 

I honestly don't know how many users we have - that was just a guess and is probably grossly inaccurate I know about 6 months ago or so we had about 2 million CSI users, but I couldn't begin to estimate how many Prevx 1 or Prevx 2 users we have had since our conception. The benefit with us is that every additional user is an additional node within the community, so, while conventional products can't really benefit from large scale, we are able to quickly leverage all of the data from a vast number of users, immediately benefiting the rest of the users.

That would be an accurate interpretation in a nutshell, however, the engine improvements are very extensive and you will be given the ability to fine tune the heuristics settings so you could easily mimic the more touchy detection of Pro/Expert mode but we don't explicitly allow you to configure which individual behaviors trigger which warnings.

 

Pinnacle actually isn't the name of this release - that was the name of a prior release (unofficial name). We have kept the name very close guarded so far, but we're going to open it up for beta testing soon. We're actually making some rather extensive server hardware upgrades to handle a large influx of users once the press release comes out, but, once those are complete and as soon as we finish the private beta testing, we'll open it up more

This product has really been tested to death - we finalized most internal testing a few months back and have been slowly leaking it out to partners/resellers/corporate friends Now we're just playing the waiting game while we amalgamate all of the reports and finalize everything.

 

OK so waiting...

Hi Mike: good to see you're still watching .

@PrevxHelp: Tx.

 

Isnt a realtime protection for CSI in the pipeline? I kinda hope CSI will turn out a new gen sas/mbam with community protection that i cun run with my current setup without having to worry about under the hood conflicts.

 

Mhhhhhhhhhhh, let's see if v3 could be used where i work............we produce our own executables to do every kind of action on our network workstations.

This kind of programs are seen only by our internal network........let's say less than 20 machines.

Right now i allow them in prevx2 and remember this choice.

Will i be able to do that with v3?

Thanks in advance

 

Yes, you'll be able to exclude your own softwares from detection

 

Yes - this is definitely what v3 is. We've been working for countless hours to get v3 completely compatible with other AVs. You <will> be able to run it alongside your existing AV, even with both in realtime protection mode.

Granted, there is a race condition when blocking malware, so, if you have another AV installed and active, it may block things before v3 or v3 may block things before it, BUT, you will be able to use both in realtime without system lockups or any conflicts.

 

Yes, most definitely. We have special settings for software developers and companies with internal programs. You'll be able to exclude certain folders, specific files, or temporarily disable heuristics while still leaving the core protection on.

 

Well, this is definitely interesting, and not really expected behavior

v3 monitors loading code, so, it would generally not throw up a warning after downloading when a file is dormant and not malicious, but if you were to try and execute the downloaded file, we would block it straight away, before the OS had control and long before it had any chance to infect.

There are some exceptions to this, and we are working on some features which will come out in v3.1 that provide passive monitoring for created files, but this has limited benefit over monitoring loaded code.

 

Wait im confused, Prevx 3 and CSI 3 are 2 products coming out?

 

The Prevx v3 mentioned in this thread refers to v3 of our realtime protection. CSI is currently live and available as version 3.0 currently as well. Both CSI and v3 of realtime protection have a large amount of overlap, so, the version numbers will be in sync in most cases, the difference in the functionality is defined by the licenses.

 

From reading parts of this topic, my understanding is that you're not eligible for a free upgrade from v2 to v3 when it comes out (license-wise). Is that correct?

Cause even if I would like the new upcoming version, I was never happy with v2 and felt the money was all a waste - and it practically is since I'm not running it on my system anymore! But how could I know? I ran it for one day cause that's what the trial is and it seemed great, but after running it longer it wasn't what I expected it to be. Money gone - no money-back-guarantee. Yes, I'm feeling tricked, and it's all just hard to explain, but if it's actually not free to upgrade it really just makes things even worse...

 

There are very few products which offer a free upgrade. A majority of products offer a discount for a new version, but a free major upgrade is rare. We do, of course, offer updates/bugfixes/new features during the life of the product.

What issues did you experience with Prevx 2 and is there anything I can do to help you resolve them?

 

Ok so no problems with my av then, how about DSA wich is integrated in my firewall, i dont know if its a bad idea to combine 2 things even if they differ in function, Dynamic Security Agent being more of an easy to use classical HIPS - at least thats what i understand of it and Prevx being an intelligent behaviour blocker type of HIPS. That's y after having used Prevx 2 wich my license of it is in use elsewhere but almost subscribtion ends, im thinking of adding CSI (paid) instead of SAS or MBAM once there is support for Vista 64 and realtime protection. I feel the " in the cloud tech" might be smarter and faster on new malware then other AM's / AS's. I dont mind wich catches the baddies first but i do not wish to create conflicts either. The idea is to improve my setup and not harm it in any way.

 

I think that would be a good choice. I'm not sure about DSA, but it would be worth testing just to see - what firewall are you using? We will add it to internal QA to see if there are any problems supporting it and let you know what our results are.

 

\

That would be great! Privatefirewall from Privacyware, DSA integrated. It's also in my sig

 

True Didn't notice it there!

I've made a note of it to the QA team and they should be able to start testing with it tomorrow.

 

Many thanks for your ***Super Service***

 

No problem!