Introducing, The New Prevx Edge.

I am having none of the problems with 188 that have been described above. I just suspended Edge, and installed 188 over the top. Everything has worked perfectly.

 

Is it me or are there a lot of FP's generated by Edge?

 

I've gotten 7 in total that were all fixed within the hour. None now.

 

That seems a lot to me. I suppose it's early day's for the community database.

 

Hi Clive

If you get what you believe to be an FP you should be able to record it as such in which case the information should be transmitted to Prevx so that they can review/adjust their definitions/white & black lists, etc., but it should also log the override in Detection Overrides. That is what I have done wit a couple of what I believe to be FPs and this appraoch seems to have worked really well for me!

 

gasp! you mean someone would actually want to block that?!?!?

okay, well i think i've got it, but i have thought that before! thanks.


Mike

 

I scheduled a scan at 5pm or next boot up. I booted at 6.30pm and never noticed a scan and in the Prevx window it said 'last scan over ten hours ago' (Can't remember exactly how long ago it was but it was something like 12 hours ago). I was using the .172 version (the one previous to .188 )

 

Based on observations of feedback here? and/or on your own PE3 experience?
In both cases related to what specific HEURISTIC settings on what version(s)?

Number of FP's compared with what? Even PX2 still throws the odd FP and in earlier days had (IMO) subjectively an equally high number (if not more in relation to age of product) to PE3? However I personally always found the response via either the forums(Castlecops) and/or direct to Px TS was superlative with FP's resolved in hours or worst case within 24hrs even during PE3 development when PX forum presence was greatly diminished.
To date Joe seems to be angling for a well deserved Xmas bonus by reducing the FP TAT to minutes!

I suspect those that complained previously of tardy technical support were either less than diligent in initially providing basic environmental diagnostic information on versions,OS,source,PX5/MD5 id's and any comparative testing with other products or were singularly unlucky in perhaps having their emails (ISP's) blacklisted by Prevx mail servers(or vice versa)?

Point is I suspect the backend AI and thus ultimately the local heuristics (rules updates) will always be subject to "tweaking"/"fine-tuning" as that is inherently the "nature of the beast".

I would suggest what we should be really concerned about is any false-'ves !!!

 

Have rebooted a significant number of times since installing 188 and so far have not come across any of those 'Prevx is unable to start and requires a reboot' events that I have suffered from in the past.

As I said in a previous post...looking good...Well done the Prevx Team...seems to be a good'un!

 

To Prevx:

Just noticed spyware terminator is listed as a problem file.

 

@Clive_T: Safemode may cause difficulty during installation, we will take a look into reproducing it. Could you click Tools and Settings > Save Scan Results and send me (or PrevxMalwareHelp) the log entry of the legitimate script activex component which we are falsely detecting?

RE: False positives in general - as Horseman has said, our new heuristic engines are constantly being tuned and as Edge becomes more widely used, it will have a lesser number of false positives just because of the more complete picture of programs from the community.

I do keep a close eye on false positives and forward them over to the malware guys who update/modify the rules to help make things as seamless as possible Edge just sees programs differently than P2 did, so, there are going to be marginally more false positives early in its life.

 

Hello,
We stagger scan times based around bootup to make sure that we don't accidentally overload a large enterprise network by having every computer scan at once. Generally, the scan should start within 1 hour of bootup if the scan time was missed and if the last scan was > 1 hour ago. If you could let me know - did a scan start sometime before 7:30 (the last time scanned should now be < 10 hours if it did)?

The logic is quite complicated to control the scan, but it is carefully designed so please let us know if you are still experiencing something out of the ordinary

 

It was based on feedback on this forum. I personally have had no FP's. However, one member did have 7 which does seem a lot to me. PrevxHelp posted on this forum that one of the strengths with Edge compared with HIP's is that it does not rely on the user to make decisions.

PrevxHelp quote "The problem is that while you are inclined enough to make decisions on whether a file is good or bad based on the HIPS prompts you receive, there is a very large percentage of users that haven't the slightest idea what "modifying process memory" or "querying for direct disk access" means. Our "big brother" approach allows our centralized heuristics to work like a team of AV researchers, analyzing every behavior that comes in and deciding what the file should be determined as."

That is great if the team of AV researchers and experts also make the right decisions. If not, the ordinary user who may not know any better, may have wiped out some legitimate files that now causes serious problems.

Having said all that, I understand that it is early days for Edge and yes, I agree that false negatives are even more important.

 

I'll have a look out next time I reboot!

 

And also, if its any consolation, the 7 false positives consisted of some duplicate files (yielding only 4 real false positives) and they were all on somewhat obscure programs. Every AV has false positives, and that is something we will never be able to avoid (even some extremely popular AVs which have been around for many years longer than us, if you read recent news).

We are adamantly working on improving the false positive resilience and we do thank everyone for reporting the FPs to us, as it allows us to tune our engines. I think we will see FPs improve significantly over time - we're just in a small transitional period currently which will end as soon as Edge gains more foothold on the market

 

One thing I would like to see is cusyomizable contect menu entries. Wuth those the context menu need not be so wide; I can use "Scan wiith Edge' as opposed to "Scan with Prevx Edge. As it is now the latter will just be recreated. Also, putting those entries in places where they cannot be of any use, ie the recylcle bin, or "My Computer" is needless because no files from those areas can even be scanned. That just seems like a lazy approach to adding the entries; all at once versus individually.

 

I got a FP while installing KeyScrambler 2.3. Edge flagged the installer KeyScrambler_Setup.exe as an infection.


Kid Shamrock

 

The scan ran 55 minutes after it was scheduled. The PC was running all afternoon and night so it decided to scan at 5.55pm when I set it for 5pm. Not a big deal to me, perhaps an option to run exactly when scheduled or a staggered scheduled scan for a large enterprise network is worth considering if enough people request it.

It runs very light and I've had no FP's despite running everything on my PC.

 

Thanks for letting me know. I'll ask if we can make an option to configure exactly when to schedule the scan

 

We have corrected this false positive and similar false positives will be corrected in the future.

 

Windows considers the Recycle Bin and My Computer to be legitimate folders, and therefore applied context menu entries to them that apply to normal folders.

I have yet to see "Scan with Prevx Edge" extend the context menu past what it is at by default on plain Windows installations - could you please send a screenshot showing it extending it larger than necessary?

 

If "Scan with Prevx Edge" is the longest thing in the menu then the context menu will be wider. If not then it will be as wide as the longest item. For me it is. It would be nice to be able to edit the entry to whatever the user wants.

 

I'll add this to the "consideration" list, but that is a feature I honestly don't see ever being used by any more than a handful of users - it is just far too technical for any user to understand what it means.

 

Confirmed. KeyScrambler and Prevx Edge working nicely alongside each other!

 

Is anyone else getting the disabled icon again and needing a re boot or is it just me. I had one yesterday and another one today. Any suggestions please?