Freeware version question

The freeware version has
- a scanner
- real time infection monitor

When I set up the real time infection monitor, I have some questions (bold in red)

a) Heuristics HIGH, applied after AGE/POPULARITY
Meaning it closely watches program behaviour when selected options of Age and Popularity are valid, the high setting only generated marginally more FP's. When high generates marginally more FP's why is this not the default setting?

b) Age set to medium: HIGH
Only the latest programs are checked [So others are not monitored] and programs /objects which are untrusted When is a program untrusted?

c) Popularity HIGH
Alert when this program has not been seen by the prevx community [So it acts as a community whitelist? Does teh colour of the pop-up indicates whether it is a message from the blacklist or from the whitelist]

My wife very rarely installs new programs, when I understand it correctly PrevX monitors with the above settings:
- looks only at the most recent programs, so ignores existing installed application base, eating very little CPU cycles
- applies advanced behavioral heuristics of untrusted appplications (digitally unsigned applications from unknown vendors)
- checks its in the cloud data base and warns when it has not been seen by the community as okay


When its finds something, it does not stop, only throws a pop-up warning, correct?

Thanks Kees

 

We've tuned the default settings to be as accurate as possible with the lowest number of FPs possible. It is possible to get more detection by raising them higher but our goal is to create a balance of protection rather than producing unnecessary warnings.

Programs have to earn their trust - all programs start off untrusted and are generally automatically trusted after an analysis period which depends on the program itself.

The detection will read Community.OuterEdge if found from the age/popularity heuristics, the other detections are based on the additional centralized/community heuristics.

Prevx checks the existing application base for known threats and continues to monitor it in the event that something is found to be malicious. Just because a program is digitally signed doesn't mean that it should be trusted so we don't automatically trust programs just because they're from a trusted vendor.

Yes, you'll see a small popup in the bottom right corner labeled "Active Threat" and the detection will be added to the list of threats.

Let me know if you have any other questions!

 

So when I set popularity to MEDIUM it checks the central PrevX (blacklist)?

Regards Kees

 

Every check is made within the Prevx database. The settings are referring to the volume of programs seen across the Prevx community, which is managed/stored in our central database, along with the signatures/behaviors from each of the programs. The central database has some blacklist/whitelist attributes but is not made to work like either of those: it is the central processing and analysis of Prevx to determine the intent of programs as they're seen across the community.