Introducing, The New Prevx Edge.

I agree whole-heartedly that a Prevx Forum is much needed and would be awesome!
What has to be done in order for this to happen?

 

Another vote here for a Prevx forum.

 

Lets break the record first

 

Hi
I´ve got two short suggestions.

1.) How about asking for a password before you´re allowed to completely remove Prevx from your system (if setting "password control" is enabled)? It would make sense to prevent from unauthorised access.
2.) It´s not possible to stop the realtime-protection beyond first reboot. It wasn´t easy to install the SP2 (Vista) without having troubles with FP´s**. How about offering an option where you can completely disable rt-protecion till you activate it again?

Apart from that I´m still very satisfied with this great software. There were some false positives after installing SP2 (Vista) with highest heuristics, but that´s my own risk** .

Edit: Sure. Here´s another vote for a Prevx forum !!

Regards
Nightwatch

 

I agree, another vote for Wilders Prevx forum.

 

We don't do this because of the customer service nightmare that ensues when the user can't uninstall because they've forgotten their password It happens surprisingly often and there isn't a way to recover the password if forgotten so we have allowed the uninstall function past the password protection only if the user is an administrator. If the user is a limited user account and password protection is enabled, they will be unable to uninstall it.

We do have this option, albeit a bit non-visible. In the "Stop Protection" dialog where you have the options to suspend protection for 15 minutes, click the down-arrow and then scroll down to the bottom of the list and select the last entry named: "Remove Protection". This will completely remove realtime protection/monitoring and you can then reinstate it when wanted (it may need to perform a new learning scan, however).

Thanks all for the votes

 

Sure it is.

Tools\ Suspend Protection\ drop down menu to choose length of time to disable\Stop protection

Then simply select Enable Protection to start it back up.

 

Thanks . That´s an comprehensible argument.

@PrevxHelp / Page42
Thanks for the screen an your description, but I still can´t find it .

This is the last choice when scrolling down (-> Enable on reboot) :
http://www.abload.de/thumb/prevx49hy.jpg

There´s no option continuing disabled protection after first reboot. Or do I still miss it?

Regards,
Nightwatch

 

I misunderstood your question. Now I understand. Good question. I wonder if "Remove Protection" does what you are looking for?

Edit In: I just noticed that PrevxHelp stated this above...
"scroll down to the bottom of the list and select the last entry named: "Remove Protection". This will completely remove realtime protection/monitoring and you can then reinstate it when wanted"

 

Hi
Jepp, that´s what I´m looking for. But the last entry here is "Enable on reboot". I don´t have this option "remove protection". I´m using Prevx 3.0 full version.

EDIT: Version 3.0.1.65


Regards,
Nightwatch

 

Sure I could, but what if the exe will get infected the moment I create it? I would not know about it and my clients will kill me when I send them an infected exe... why having an AV when I have to exclude so many folder (I am not talking about 1 folder, I have about 400+ application which I maintain).

Prevx should analyze the import table to figure out what api calls the program is doing. It would quickly figure out that no critical api's are used, no hooking and no nt... functions.

Sorry, but I don't get it why the programs are getting flagged just because they are compressed and seen only once by prevx, even there is no malware behavior, no critical apis used, no hook, no nt... api functions.

Its like somebody knock on my door, new in town, first seen by me, and I just shot him and get his identity after that...

 

I don't think so, because when I do not compress it, its still one time seen, and new, and its not detected...
I believe whatever is packed (good or bad), and is new, is blocked. This is NOT right in my opinion.
And PX is the ONLY scanner which block it. Maybe the other do a little analyzing in the background and decide after that either its bad or not...?

 

Sorry, but here you will find more grief...

http://www.threatexpert.com/files/hfs.exe.html

 

That's not my file at all... if a malware is using the name hfs.exe that will sure not mean that I will rename my products...

 

I realise that

But I did a google search of that exe found by prevx and that is what I found .
What I'm trying to say is that another user downloading your product, having it scanned with prevx may come up with the same result, believing that your product is malware.
The problem is not all users would be aware of this thread

Like I said more grief..

 

... and you got another vote for a dedicated Prevx forum at Wilders here.

 

I had forgotten we added a check in here If you are using maximum self protection, you can't remove the protection completely (so malware trying to click through the screens can't automatically remove the protection). Can you try setting self protection to medium and then clicking the list?

 

You aren't understanding the concept of Age/Spread detection. This check occurs before any other checks - if the program is less than x hours old and has been used by less than x users and we have even a hair of a suspicion about it (i.e. if it is packed), we will show an "Age/Spread Criteria Violation Detected" warning which is correct to show.

We were unable to have this protection in the past because our userbase wasn't large enough but now this is a very strong first line of defense on your system. Imagine a server-side polymorphic threat like Conficker or the Storm worm, changing itself so that it is different on every PC. AV companies have to manually create complex signatures to detect these files, however, we just invert the problem and say that users use software that other users use. The only time that this generates false positives in the real world is on security software, alpha/beta software, or software developers and for the "sake of the community" we aren't going to dilute the protection just because a small subclass of people run into FPs. Those people should know that if the program they are running is a test version, seen by a very small number of people, it has a high chance of being caught by something. With your freeware, once it is seen by "enough" people (this number is dynamic), it will be trusted past the Age/Spread detection automatically.

 

Hi!
No problem . Thanks! Setting self protection to "medium" works.

Regards,
Nightwatch

 

Are we voting?

 

I understand your point of view, but understand also mine.
Anyway, I have based on your suggestion ordered a code signing certificate which is already validated and I just have to wait for their call on their next business day (whenever that is). Once I have all signed, how will PX behave, when it detects again the packed, but signed programs?

 

How does PrevX Edge handle the 'code red' type of malware.
The ones that execute in memory rather than writing to disc (cache) first.

 

We can trust your software by the signature - just send me a signed program once you have it and our researchers will add an exception for the Age/Spread detection for your signature

 

softtouch why don't you disable age and popularity heuristics?

 

About that... would disabling this kinda make the software like ThreatFire in the future - not caring how old or new something is? That's what I like about it - all it cares about is "what are you trying to do right now. I don't care how old or new you're".

Also, what was the other, that's, not Age/Spread detection, but...


The Outer.Edge detections and slow processing of data have always been my issues keeping me away from using the software.