Introducing, The New Prevx Edge.

Who are these testers may I ask?

 

I'm not sure I'm allowed to disclose that at this time. I'll be sure to post links to the reviews once they are released (unless someone else finds them before I do )

 

Prevx blocked hpHosts-Setup-Win32.exe on execution - but this is a safe program, right?

Got it from here:

http://www.hosts-file.net/?s=Download

 

matt is testing prevx and the results will be here soon:http://remove-malware.com/:thumb:

 

Hmm, that's no fun.

So when they due then?

 

Yes this is safe - I have corrected the false positive.

 

Thanks - very quick!

 

Not sure - I'm not involved in any of that end. Edge was just released < 2 weeks ago so I'm guessing it will take a bit of time to complete the reviews.

 

I have a question regarding all the false positive work being done not only via the folks here putting the app through it's paces, but certainly you rectifying them on the Prevx side.

Isn't this process a losing battle so to speak? The list of Fp's could be never-ending and constantly growing - is it not possible to attack the aspect of the engines with respect to the root cause of what the engines are reading/analyzing as opposed to what (correct me if I am wrong) white-listing these FPs?

I don't mean to seem unappreciative of the superb support you are providing, I am just questioning if there is no better way to look at it - and this assumes I am correctly assuming what you are doing on the prevx side.

Thanks,
Mark.

 

Hello,
While simply whitelisting the individual file is a temporary patch over the false positive, we then go back and update/tune our rules engines to prevent similar false positives in the future.

However, users at Wilders tend to run into some odd applications which either make strange system modifications or have some very suspicious characteristics to them, so, they tend to get flagged on a number of different heuristic metrics. The number of false positives that users here are experiencing is significantly higher than the average number of false positives found outside of Wilders, but, this is one of the great things about Wilders - everyone here definitely beats AVs to a pulp to find their flaws

 

That's great - thanks for clarifying that for me. I think the operative thing I was not aware of was "we then go back and update/tune our rules engines to prevent similar false positives in the future."

That certainly can help alleviate it being a never ending torrent of FPs....

Thanks again,
Mark.

 

Yes, definitely. While I do enjoy fixing false positives manually to some extent, it is not a very scalable solution We recently tracked back a number of the more obscure FPs reported here to a single overly suspicious rule and have fixed this rule which subsequently made the one-file-at-a-time whitelisting for a few dozen files completely unnecessary as it corrected them all at once.

Our motto tends to be "automate whatever possible" - saves on effort, improves scalability, and it is generally far more interesting than having to do repetitive tasks

 

Excellent - thanks again for the response and information!

Best,
Mark.

PS - Do you have a given name we can use to better "humanize" you? Hate to not refer to you by name....

 

I was named PrevxHelp at birth (it's strange, isn't it...), however, my friends call me Joe

 

LOL - thanks Joe!

Best,
Mark.

 

I already was wondering, why "they" get so many more FPs than my family and me. Now I understand...

 

Oh dear. I see PrevxEdge is reporting loads of FPs again.

It has, today, reported the latest version of 'CCleaner' 2.14.570 as a threat.

This is pretty unsatisfactory and taking 'protection' to a ludicrous level.

 

Could you please send me a scan log by clicking Tools and Settings > Save Scan Results and I'll correct the false positive immediately.

 

I'm not seeing any false positive here - it could be that because v2.14.750 of CCleaner was literally JUST released a couple hours ago, we did not receive enough behavior to determine it as good yet.

EDIT: We've made an important change in some of the FP prevention code which will now handle program updates MUCH better (like the new CCleaner version) for all users.

 

I just updated CCleaner No false positives at Default heuristic settings.

 

I am delighted to hear that. I do hope that AV-Comp is included among the testers. Since AV-C is where Prevx failed, long ago, it would be fitting to ask AV-C to re-test you, this time checking the Edge.

Independent professional testing doesn't usually come free, but the results thereof are FAR more persuasive that tests by hobbiests & enthusiasts & fan boyz, IMO.

There are those whose job tenure depends on selecting effective, highly protective, professionally validated security apps. The fact that someone is "self-anointed", or has a website named for security efforts, or is an "enthusiatic hobbiest", or can win a "nice guy contest", does NOT make him a reliable source for validating the protective ability of a security application.

 

Hello,
Just installed trial and have one short question (because to be honest, I'm too lazy at the moment to read the entire, long thread), assuming you have a community database and so on, I had a Thunderbird update and saw that Prevx was authenticating the files - does it have a file integrity checking mechanism? (MD5/SHA or whatever)
I'm asking, because a situation came to my mind where you have a certain known safe file and it has been tampered with in a malicious way. What then?

Well, actually another question came to mind - what about files with malicious payload like these:
http://secunia.com/advisories/27210/
What are the chances that Edge will block such threats?

Finally, last question - does free (evaluation) version have same MBR monitoring capabilities like paid one?
Any known and proven results against fighting so-called "stealth MBR rootkits" and PoC like newest incarnations of BootRoot etc. ?

Best regards

ps. by the way - I very much like sleek GfX in your products

 

Hello Swordfish,
We do not care about the filename at all and only consider files based on their hashes, so, if a file is modified, it will appear completely differently to the community database.

As for the Secunia advisory - I'd imagine we would block it fine: our engines look for suspiciously behaving code, so, if anything would actually try and modify the outlying operating system from an exploit, we would block it straight away.

The free version does have the same MBR monitoring but not blocking as the full version. We were actually one of the first companies to make a completely generic solution for MBR rootkits which has yet to fail us, many months after the start of MBR rootkits (and we have not had to update that engine at all from its first incarnation). I'm not aware of any actual comparisons of Edge versus rootkits, however, rootkits are a very significant focus in the detection of Edge and we completely block (and detect when active) virtually every rootkit in existence (provided it is not a PoC that only hides legitimate files).

To name a few names of some prominent ones which we block and detect even when actively infecting the system: TDSServ, Braviax, Rustock.a/b/c, Unreal, Mebroot, AK922, Srizbi, phide_ex, and a whole mess of others. Our engine is generic and does not use signatures to detect the rootkits so I'm sure there are many others which I'm just not aware of.

Hope that helps I know my test results are biased/untrustable/etc., but I've personally tested our engines against each one of the aforementioned rootkits in clean system images and we have found/blocked each of them and I'm sure that if someone else runs similar tests that they would have the same results.

 

Off the subject but I have a question regarding licensing. I have the family plan (allows for up to 4 PC's). One of the four PC's (my main rig) is a dual boot system (Vista Home Prem. & XP Home). I have Edge on the XP system (since I use it the most), but can I also install it on Vista? I would think yes since each license is for one PC.

Please advise.............thanks!

 

Looks good.