Introducing, The New Prevx Edge.

When given those Alert boxes, how can we do to NOT clean them (test files) up?

I don't see any other choice than to push this "Cleanup Now" button. It seems to me that this box should also give us at least an alternative...

 

Shrug... Default install with settings untouched... In fact, this was detected on the initial configuration scan, so no chance whatsoever to chance the settings.

 

In the small window - click the "X" in the top right. Then in the main window you should be able to click "Back to Status Screen" if you don't want to cleanup

 

are there check boxes? i don't recall off-hand, and myself am experiencing a disappearing GUI.

 

By any chance, were you in the process of downloading the Norton Removal Tool when the scan was running? This is Edge's rootkit scanner generating a false positive, definitely something worth looking into.

EDIT: Disregard the rest of this message - I sorted it It won't happen again - thanks for the submission!

 

for that obvious of an FP, i would have guessed maxed out heuristics. sorry.

 

I got your email and I'm not really sure what would have caused that to be honest If you try rebooting and can get it again, that would be excellent.

There are a couple different malware alert screens, and if it doesn't have checkboxes on the screen, then clicking Cleanup Now will not immediately clean it up. (You are always given the option to deselect files)

 

We are in the process of adding this feature and will have it implemented in the next release

 

I'll contact you by PM to get this sorted

 

No, not downloading at all... the file has been sitting there for a couple of days already. Anyway, the only relevant line in the log is:

Code:

[R<R00000098>] C:\Install\Security\Norton Removal Tool\Norton_Removal_Tool.exe	[PX5: 2A7925670038A6621085252C4F0F5C007832CB35]	Malware Group: Caution.HiddenFile

Also, note that the location is incorrect in the log for whatever reason. It's D:\Install\... in fact, not C:\

 

I'm going to be analyzing your remaining samples shortly, just to check that they are malicious, and then I'll add them into the DB

 

This definitely looks like a false positive - right clicking on Report FP will send it to the research team, but if you want it fixed immediately, click Tools and Settings > Save Scan Results and then send me a scan log - I'll get it corrected right away

 

Thanks for your reply, but I already know this way of doing it. I was just suggesting that it could might be a good idea to add an alternative choice for the user, other than by closing/ignoring those alert boxes.

 

The full scan is generally an unnecessary feature to use when realtime protection is enabled. We highly recommend just using the Deep Scan as it is nearly as thorough and takes far shorter to complete.

 

A CSI cleanup license will currently not work for Edge, as it is a cleanup-only license. I don't believe we have an upgrade from CSI Cleanup > Edge yet, and if you do want to install Edge, you have to first uninstall CSI or put an Edge license into CSI (it will convert it then as well).

 

Yes, that's true. A "cancel" button on there would be useful I'll add it to the infamous ToDo List

 

hey Joe,

a reboot brought the GUI back. strange, but stuff happens. back to running keygens


Mike

 

good

i think Marco might be dealing with it though.

again, good

ive noticed here and there, that during new scans, my Prevx picks up on a couple more infected files every few hours when i re-check it.

 

For those who are interested,

I purchased Prevx Edge(PE) 3.0 yesterday and tested it against the same 77 malware samples that I tested against Primary Response SafeConnect(PRSC) 3.5 beta. FYI, this 77 sample test set consists of a good variety of new and old malware(keyloggers, rootkits, trojans, viruses and worms);(ex. - stealth/obfuscated, ransomware, exploit, password-stealers/banking, botnet, SSDT kernel unhookers, MBR/low-level disk, system-modifying, security program disabling, rogue anti-virus/malware, file infector, autorun, downloader, etc...)

Under Vista 32 SP1 with UAC disabled and hardware DEP(OptOut) enabled, PE with default heuristic settings detected 62 out of 77 samples for a detection rate of over 80.5%. In contrast, PRSC 3.5 beta detected only 25 out of 77 samples for a detection rate of over 32.4%.

In conclusion, despite the impressive results of PE, it is my opinion that one still needs to run it alongside a sandbox and/or limited-user account(LUA) + Software Restriction Policy(SRP) for comprehensive protection.


Peace & Gratitude,

CogitoErgoSum

 

Hello

Thank you for your test. Could you test even higher heuristic settings? And, moreover, would you be able to share undetected samples with us so that we can better tune our heuristic engine?

Thank you

 

Hello Prevx,

Does Prevx Edge(PE) protect against buffer-overflows such as Prevx 2.0 does? Does PE have outbound network control such as Prevx 2.0 has? Until proven otherwise, I assume that it does not have the latter. Thanks in advance.


Peace & Gratitude,

CogitoErgoSum

 

That is automated research for you I think Marco will be adding the rest in shortly if they don't all get automatically blocked by behavior in the meantime

 

We detect threats employing buffer overflow exploits, but we do not have any network control. Network control duplicates functionality seen in free firewalls which we are compatible to run against, so, we recommend that if the user wants monitor/control outbound network access that they use one of those 3rd party firewalls.

Thank you for your test as well If you get a chance, send those samples over to Marco or myself and we'll get rules added into the database to block them

 

That's not too shabby for default settings tho. Try it again at Max/Med/Med on the sliders and see what happens if you have the time, Cognito. Thats what settings I have been using all along.

 

Hello EraserHW,

Yes, I will retest the missed samples with higher heuristic settings and would be more than willing to share the missed samples with Prevx. Where specifically do I need to send these samples? Thanks in advance.


Peace & Gratitude,

CogitoErgoSum