Future Changes to Prevx

This will be a prominent feature in Prevx 4.0

 

Hehe Very cool! I can't wait.!.

 

64 bit SafeOnline

 

I can understand your reasons for that. However, actions like that tend to make PrevX less secure. I have not tested it (yet) but if I hide (as in disable it) the Radmin tray icon PrevX should flag it, correct?
Could you consider including some sort of checkbox option (which would be off by default to avoid a boatload of confused users) for 'potentially dangerous applications'? Those could include the remote tools and hack tools. Put a big warning on it what happens when the checkbox is checked.

I'm a fan of categorizing threats. This way a user can choose what he wants PrevX to detect
I'm talking out of my hat here (as in I'm guessing you do not have this option yet and I'm not near my PrevX PC) but you could introduce an advanced settings page. I understand your need to keep it simple but Enterprises (and users like me) like many useful options.

Anyway, does this mean that keyloggers like Spector, if installed as per their use (they are meant to be covert), are NOT being detected?

 

As long as I'm making suggestions. Password protect the settings:

• No one can see them without entering the password
• No one can change them without entering the password
• It would not be cool is users could add programs to the exception list themselves...

Why? Some users (mainly an enterprise problem) have a problem with Ultra VNC because they think we use it to spy on them. Some go to great lengths to delete it. Well that would be a useful option if you consider adding the checkbox

 

We have this functionality in place already If you click Settings > Basic Configuration, you can tick the box: "Password protect configuration options" which will lock down all of the configuration to users that aren't authorized.

 

This generally won't, it depends on the installation behavior.

Yes, I agree - a number of programs can be added into this category, like mIRC, ServU, and a handful of remote support tools as you have noted.

The Prevx Enterprise version, however, functions exactly as you mention - you can configure determinations/block programs en-masse or even set up a whitelisting-restricted environment where only trusted programs are allowed to run.

Keyloggers are a different beast entirely in our opinion and we consider them to be malicious in all cases unless the user explicitly overrides them to not be detected.

From the review that PC Magazine did over Prevx:

"In a parallel test using commercial keyloggers in place of malware, Prevx detected every sample and completely prevented installation for most of them." (http://www.pcmag.com/article2/0,2817,2346861,00.asp)

 

Thank you Joe (I may call you Joe I hope ). Your support is really top-notch!

If you don't mind I've got one more question. What is policy for certain hack tools like hash dumpers (PWdump, fgdump ...)? Some of those can be used over the network by roaming users (which would make them harmful in my agenda).
Anyway, I'm getting off topic here sorry. I still hope to see a setting for potentially harmful applications.

I do have a final suggestion for the enterprise app. (if it isn't already present). I may be pushing the envelope here but here goes: I call it the Sophos approach: it catches all potentially harmful program groups:

- Toolbars
- HTTP(s)/SSH tunnel software
- Proxy software
- Cracker programs (collecting hashes or bruteforcers)
- Things like Nmap, Wireshark
- FTP programs

Almost everything that CAN be used to get info out of the network.

On the other hand I just realize, PrevX allows one to whitelist things and flag all the rest. I suppose a 'home' user can't get this enterprise version?

 

I would like to see the ability to stop an app from loading a URL. For example, a few apps will automatically load a web page when you uninstall their software. It would be great if Prevx could block this from happening.

 

Here are my suggestions:

1. Import/Export settings.
2. Safeonline to cover IMs.
3. Having option to automatically update to Beta releases.
4. Option to check how often Prevx will check for updates.
5. Option in Scheduled Scans to scan only when CPU usage and Memory is under certain level.
6. Support for scanning SSL protol .
7. Option to send malicious file(s) directly to Prevx with description.

 

If you originally installed a beta version, then you can get beta releases automatically via the update mechanism.

 

I know that, but what if I install a stable release after testing some betas but want to get betas when they are out?

 

If you install a beta release, it will update to the live release and will continue to update to the next beta release when we have one

 

PDF protection can't come soon enough

Got hit by an interesting variation of PDF/JS exploit tonight: a well-known news site was pulling a banner ad from a compromised host; it was launching a Java applet via HTTPS from some server in China, which loaded a malicious PDF. The only thing that saved my bacon was DefenseWall and the fact that JavaScript is disabled in Acrobat on my machine. I was able to save the PDF and scan it against VirusTotal and Jotti, only 2 engines out of 20-something detected it, so it's pretty new.
The reason I'm posting this is that PDF detection can't come soon enough in Prevx (and Hitman). I understand the legalities of it, but there's got to be a way to examine the file without uploading entire thing to the cloud somehow, to protect privacy and confidentiality. Also, SafeOnline could probably benefit from some advanced methods of detecting abnormal or suspicious PDF loads, like in this case via HTTPS/Java.
Just sayin'..

 

It would be nice to be able to add another 15 minutes of install time. I am aware that there are longer time intervals on the pull-down menu for disabling protection, but some installs take longer than originally anticipated.

 

I think this is a bit overkill:

I cant image anyone will ever need this detailed "time outs"

 

No! It is not a overkill! I have a handicapping software that does not work when Prevx is fully enabled. I have to disable for 4hr when I play the races
live on my computer.

 

Adding technology provided by CallingID would be a nice addition to SafeOnline.

 

Hi
again me with suggestion, i am gamer and i don't like scan when I play, my idea it is a scan when comptuer is IDLE and pending after a new scan.

example : from 5, 10, 15, 20 min IDLE's computer a scan start and an wait 4, 12, 18 or 24 hours for make an other.

example :


9:00am computer is idle
9:05am again idle scan start
...4h...
01:00pm computer is not idle, not scan start
01:10pm computer is idle, last scan is more than 4yours
01:15pm again idle, scan start.


thank you for feedback

 

SafeOnLine working on Chrome4 and for me expecialy on CromePlus a fork that is Chrome4 based

 

although i personally dont use Chrome anymore, i believe it should be working with it, as in my head, its one of the big players in the selection of browsers.

i want the green blob tray icons back lol

and want the 'no more changes allowed for this licence' thing fixed, i hate formatting or whatever and then having to contact support for them to disable my licence, so i can activate it again.

if im able to login to my own 'my prevx', and i can see it with my own eyes 'deactivate', i should be able to click it (which at the moment, is not possible, even though i see it)

id also like to see 'right click - report as false positive' during found items to be checked and fixed much quicker, ie. as quick as if i physically sent in the file via email etc.

 

I have only 1 suggestion to Prevx : stop treating legit customer as a criminal!,today i just got this :

to be honest,prevx being the most paranoid protection i've ever seen,i've bought engima protector for my developed software,so far it's being stronghold without putting my customer in headache.

 

PM PrevxHelp (Joe) with your license and he will fix you up ASAP like he did before!

TH

 

he shouldn't have to though T.H,

its an issue that annoys me greatly too....

 

making SafeOnline easely ON/OFF clicking on the prevx icon on the tray