Does Prevx add files/objects to "Detection Overrides" ?

I've reported a false positive regarding Sandboxie. I added the "detections" to the "Detection Overrides".

Moments ago I was going to removed them, and see if the false positives were no longer happening. To my surprise, I saw a couple entries there as well, namely for:

C:\Windows\System32\rtutils.dll and C:\Windows\System32\portabledeviceapi.dll

These were not added by me, in any way. (I'm also been running Prevx for awhile now, so that I can see if I get the same problems as my relatives do.)

Does Prevx add entries there by itself?

 

It's possible that files similar to the files you've marked as a false positive were added or files which match some of our familial signatures were added automatically.

It might be helpful to send a scan log to report@prevxresearch.com so that I can take a look to verify what you're seeing

 

It would be cool if it was now self-sufficient.

 

Hi joe,

this should be added to the Prevx application, too.

So that for paying customers, there is no need to send email within a webmail client or so to you..

Simply within the Prevx application.

(Only working/available with a license..)

regards,

iNsuRRecTiON

 

While I agree with the suggestion, I disagree that it should only be available to paid users. This way, all three parties wouldn't be benefiting from each other: Prevx, paid users and users of free/trial version.

Prevx would only be getting false positives from the paid users; but, my guess is that many other people are using their facebook version or trial (kind of free) version as well. Prevx wouldn't be benefiting from such users. The more users reporting false positives from within Prevx UI (Let's face it, having to send an e-mail every time is kind of boring...) the merrier, right?

 

I seem to be responding to the same posts in different threads

 

It already work for all users of Prevx, but without priority..

With email you get priority support, but why have users with an license to use the extra work and time of writing an email, this is no good email support.

For details see here: https://www.wilderssecurity.com/showthread.php?t=289460

Yeah I know, hehe.

Two are better than one!

 

Yes, I know it works for every Prevx user. I actually asked about it sometime ago. I thought you wanted Prevx to give that option only to paid users.

But, my opinion still stands. Whether false positives are related to Prevx via UI or e-mail, both options should be available to both users of free and paid versions. It benefits all sides.

The same way paid users may feel bored having to send e-mail, so would users of free/trial version. In the end, if not possible for users of free/trial version to send false positives via UI, then Prevx wouldn't benefit from those who wouldn't send an e-mail, nor would paid users benefit from such.

It's all a matter of keeping a balance between what Prevx offers and what users can give back, having usability in consideration.

Just my opinion, though.