Introducing, The New Prevx Edge.

"Protection is active"

Otherwise, those inclined to do so will question whether Prevx can really claim that the "system is protected".

philby

 

Either would be okay - but I would think something like "no threats detected" would be more logical / make a better statement "system is protected" is possibly a bit meaningless in the true sense of the ststement -do you mean in absoloute terms protected (Impossible!) or to the best of the systems ability to determine / provide protection?

"Protection is Active" also seems to be a bit vague? I would prefer a statement along the lines that Prevx has not found anything - or perhaps "system is protected by Prevx"

Anyway, Im off to have a couple of bottles of Leffe and watch an old black and white horror or scifi film!

Night all.

Puss

 

However, the system is indeed protected - we aren't saying that we're protecting against everything, we're just saying that we are protecting it (from the threats which we protect against).

 

what the hell is a Leffe, Boy, you need to get yorself a good ole Nascar Budweiser. Lol

 

The only problem with "No Threats Detected" is that people wouldn't think there is any actual protection enabled - just detection.

IMO "System is Protected by Prevx" is a bit redundant being that the GUI says Prevx all over it. I personally think that "System is Protected" is the best balance between stating that we are protecting the system (which we are indeed doing) and saying that we are protecting against everything (which we are indeed NOT doing )

Enjoy! Thanks again for the suggestions

 

Retadpuss, truer words were never written. The statement “system is secure” leaves little to the imagination, and is exceedingly straightforward. (Not a case of “shades of blue,” in my opinion.)

PrevxHelp, "Protection is Active" would be fair statement.

 

Leffe, Stella and so on.

http://thebrewclub.com/2008/11/30/beer-review-leffe

 

"Prevx Protection is Active" works well, if you feel you must alter what is there now.

I actually think "System is Secure" is fine, inasmuch as it pertains to Prevx software, and everyone viewing those words knows it pertains only to Prevx. It is a given. That is, how could "Prevx v3.0.1.65 - System is Secure" pertain to anything else?

For example, most Wilders members use more than one security application, right? Any one of these apps might think the system is infected, or not secure. And they are of course free to make that claim. But in doing so, we don't see an AV program going into any disclaimer-type detail when it finds what it thinks is an infection.... "as far as Kaspersky is concerned, System is infected". That's ridiculous. As ridiculous as it is to suggest that Prevx stating the system is secure should be accompanied by a qualifier.

"System is Secure" is fine and 99.9% of the folks reading that understand it for what it is saying.

 

mmmmm, lekker!
En voor ik, Duvel ook!

Sorry, folks, just the odd American spoiled by a Flemish wife and Belgian beer.

 

You know what is confusing for me?
When it detects something, it shows the screen attached (they are FP, but anyway).

The red button "View Threats" does not show the detected threads, it will just rescan again! I had NO way to see WHAT it had detected...

 

That indeed sounds like a bug - we'll look into what is causing this shortly

 

Sadly I think "Rescan for threats" is a little too long to be written out on that tiny space, cause that's exactly what it does - check if the threat(s) is/are still present.


Funny thing is, it's being stated a number of times that only a few users here are going to see these FPs - yet the reports only continue rapidly.

Now, in the new version, except for a bunch of new features being integrated, can we (or more like I...) expect less FPs and a faster process when it comes to new files or data? Oh wait... my mistake... (okay, lol, not really to be fair ) it's also when it just scans in real-time when there's a threat. I experienced this when testing around with some malware in evaluation mode. (God, I wish it would have that same seemingly automatic operation by default with that kind of small window reporting. )

It's definitely not a micro- - or millisecond for that part, and I still don't believe that it would be my connection. My location? Now THAT would be pretty lame. It does indeed have to be program- or server-wise in some way...

 

your whole post is jibberish.

 

All of the recent reports have been either from a beta operating system or from other security software which we inherently will detect if they release a new version (and they do the same against us).

A majority of the features which we are adding are behind the scenes rather than actual new features for the user. You will definitely experience less FPs and more detections as we are now collecting significantly more behaviors and data while optimizing the actual structures which we send them up.

The protection is being re-engineered from the ground up - massive changes starting in the drivers all the way through to a the communication to the database.

Although the product will look the same, the feel will be significantly different - much for the better The reason for all of these changes is that about a month ago we had a breakthrough in behavior monitoring which has made everything much easier to work with, while actually improving system performance even though we're doing more behind the scenes.

As well as these changes, we're adding offline support and more granular control over local protection. The secure browser should also be in this next release as well which includes keylogger, screengrabber, clipboard stealer, etc. protection around the browser as well as seamless malware protection from the browser into the rest of the OS (built upon our new behavior monitoring). Also, when monitoring behaviors, we will also be saving the state of the system as an untrusted program runs so we can quickly undo any change which a program makes if we do find that it is malicious.

On top of these there are some dozens more of behind-the-scenes improvements, all which will be shipped out to existing users as soon as they're done and tested

All around it is quite a large volume of changes which is why they're taking a while to complete

 

... and again it's only personal experience. You can't decide when it comes to that, even if you wanted to.

 

Our hamsters who are developing Prevx went on strike because they want better food and nicer cages

 

I really appreciate your post, Joe - it's most informative. I can see why the FPs occured now as I can only imagine what a pain in the butt all the released Win7 builds must be. I definitely believe that this will be improved.

It will still be different compared to a sandbox, right? That's, you would be able to seemlessly install new software, even if malware is restricted to have any kind of access to your system?

I SO hope that it'll be browser independent or that you will still support Opera, cause we users of the web-browser sure miss out on a lot.

Overall the improvements sounds most impressive, and I really hope that I'll have the opportunity to have a trial-key and a beta to participate in.


Best of luck!

 

HAHA - that sure made me LOL.

 

indeed Between Win7 and Vista SP2 we've had around 50k new Microsoft files come into the database, all having been seen by a small number of users so its a nightmare for FPs because a file existing in a system folder which is parading as a legitimate system file tends to be quite suspicious

Correct

Yes The protection is actually application independent but for now we're focusing on browsers (you could apply it to Microsoft Word if you wanted to prevent any program from reading the keystrokes typed into your document )

Of course!

 

About that... does the user have to make those settings, or is it handled by the software on its own? Maybe I just got confused by your message.

 

We're still deciding exactly how we'll roll out the protection - we don't want existing users to be confused by new dialogs/functions so we may end up automatically enabling the new features only for new users installing fresh (of course you can just tick the configuration boxes to enable it, but we want to make everything as seamless as possible).

 

Please add a proper detection for UPX or PECompact compressed exe files.
EVERY time I run a UPX or PECompact compressed file (I thought its just my file, but ANY), it trigger an alarm and prevent me from running it, but ONLY once. When I start it again, it works.

This happen with ANY downloaded file which is UPX or PECompact compressed... and most shareware authors compact their exe today...

And in my situation, is even more disturbing. Every time I compress my delphi applications after compiling them, I cannot run them for the first time...

It looks for me that prevx first just block it, and AFTER that analyse the file, which should be the other way around...

You can check 2 of my applications:
Alternate Data Streams Scan Engine - http://www.delphifreeware.com/downloads/ads.exe
Hidden File Scanner - http://www.delphifreeware.com/downloads/hfs.exe

Does not help to fix it for this 2 programs, because when I compile them again in a while, it will be again detected.

 

Ok, please, can you compile again files and send me a log file when Prevx detect them? I've sent you by PM my email address

 

What detection are you receiving with these files and what are your heuristic/age/popularity protection settings?

We don't just block every PECompact/UPX exe as this would be a huge volume of programs. I suspect you are either using very unpopular software which is being caught conceptually by age/spread protection or you just have some other characteristic in your software which is causing us to catch it.

The solution to this would be, as I've said many times before, to digitally sign your software as virtually all legitimate software developers do today

 

As well as secure ofc. I can see that the new FPs reported indeed seem to be some kind of security softwares.