Freeware version question

Discussion in 'Prevx Releases' started by Kees1958, Sep 11, 2009.

Thread Status:
Not open for further replies.
  1. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    The freeware version has
    - a scanner
    - real time infection monitor

    When I set up the real time infection monitor, I have some questions (bold in red)

    a) Heuristics HIGH, applied after AGE/POPULARITY
    Meaning it closely watches program behaviour when selected options of Age and Popularity are valid, the high setting only generated marginally more FP's. When high generates marginally more FP's why is this not the default setting?

    b) Age set to medium: HIGH
    Only the latest programs are checked [So others are not monitored] and programs /objects which are untrusted When is a program untrusted?

    c) Popularity HIGH
    Alert when this program has not been seen by the prevx community [So it acts as a community whitelist? Does teh colour of the pop-up indicates whether it is a message from the blacklist or from the whitelist]

    My wife very rarely installs new programs, when I understand it correctly PrevX monitors with the above settings:
    - looks only at the most recent programs, so ignores existing installed application base, eating very little CPU cycles
    - applies advanced behavioral heuristics of untrusted appplications (digitally unsigned applications from unknown vendors)
    - checks its in the cloud data base and warns when it has not been seen by the community as okay



    When its finds something, it does not stop, only throws a pop-up warning, correct?

    Thanks Kees
     
    Last edited: Sep 12, 2009
  2. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    We've tuned the default settings to be as accurate as possible with the lowest number of FPs possible. It is possible to get more detection by raising them higher but our goal is to create a balance of protection rather than producing unnecessary warnings.

    Programs have to earn their trust - all programs start off untrusted and are generally automatically trusted after an analysis period which depends on the program itself.

    The detection will read Community.OuterEdge if found from the age/popularity heuristics, the other detections are based on the additional centralized/community heuristics.

    Prevx checks the existing application base for known threats and continues to monitor it in the event that something is found to be malicious. Just because a program is digitally signed doesn't mean that it should be trusted so we don't automatically trust programs just because they're from a trusted vendor.

    Yes, you'll see a small popup in the bottom right corner labeled "Active Threat" and the detection will be added to the list of threats.

    Let me know if you have any other questions! :)
     
  3. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    So when I set popularity to MEDIUM it checks the central PrevX (blacklist)?

    Regards Kees
     
  4. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    Every check is made within the Prevx database. The settings are referring to the volume of programs seen across the Prevx community, which is managed/stored in our central database, along with the signatures/behaviors from each of the programs. The central database has some blacklist/whitelist attributes but is not made to work like either of those: it is the central processing and analysis of Prevx to determine the intent of programs as they're seen across the community.
     
Thread Status:
Not open for further replies.