I think that Prevx has too many FPs.

Prevx detects viruses which no other vendors can. When I uploaded these "viruses" to Virustotal,the result often could be 1/41.

Today I uploaded a "virus" detected by the updated Prevx CSI to VT,the result is "0/41".

And in the Prevx's website,they also provide detailed virus information like what this virus do etc. So has this virus already been analyzed by them?

I often heard that Avira has many FPs but to me it never gives a FP in my pc since version 8. But I seldom hear complaints about Prevx's FPs which is really strange to me.

Now I'm the one who wants to complain that "Prevx has too many FPs." By the way,the GUI is not user friendly either.

I like Prevx. But I hope you make it better.

 

if they provide detail information for me seems they have analyzed it

all products have FP

if you never got Avira's FP is good , but keep in mind that many Prevx Costumers also never get any FP

the GUI is under development and many more features are going to be implemented soon

 

Is this file under system32 a virus?
File Behavior

WLGPCLNT.DLL has been seen to perform the following behavior:

* The Process is polymorphic and can change its structure

WLGPCLNT.DLL has been the subject of the following behavior:

* Created as a process on disk

Country Of Origin

The filename WLGPCLNT.DLL was first seen on May 5 2008 in the following geographical regions of the Prevx community:

* The EUROPEAN UNION on May 5 2008
* SPAIN on May 5 2008
* CANADA on Nov 14 2008
* KOREA, REPUBLIC OF on May 1 2009
Vendor, Product and Version Information

Files with the name WLGPCLNT.DLL have been seen to have the following Vendor, Product and Version Information in the file header:

* Microsoft Corporation; 802.11 Group Policy Client; 6.0.6001.18000 (longhorn_rtm.080118-1840)
* Microsoft Corporation; 802.11 Group Policy Client; 6.0.6002.16497

File Type

The filename WLGPCLNT.DLL is used by multiple object types including objects,Dynamic Link LIbrarie

 

I used Prevx about 2 weeks and I had 5 FPs, no problem for me so far. But ordinary Joe (my wife ) would ask all the time: Is it malware? Is it a virus? What have I done?

I think a behavior blocker is the better choice for ordinary Joe

 

Wow... 5 on two weeks? That sounds like quite a lot... For the ordinary Joe I would rather install something that's completely automatic. If it wasn't for the FPs of Prevx, you could've set that to automatic operation in the settings.

 

If a product has serious FPs or interruption - then I avoid that product. As simple as that. FPs is not something you can live with all the time if you want everything to go smooth - therefore it leads to interruption.

 

I'm sure PrevxHelp will be able to provide a much more detailed explanation, but you should be aware that VirusTotal is using a very much "stripped down" version of Prevx, with no behavioral analysis (probably Prevx's key strength), etc. Therefore VirusTotal results will be seen to create many more FP's compared to actually having Prevx 3.0 installed on your machine and coming across these same files.

 

With any security program you install, you run a full scan, open up all your regular programs, fix/ignore any false positives, 20 minutes later, you're away to go.

I don't see it as a big inconvenience. Some programs on the other hand, can be so silent, all sorts of malware gets through.

The problem is the type of user. Us here, we're always testing out new, relatively unknown programs, so a small number of FPs are a given.

 

Oh also...

Feel free to send me a PM with any suggestions for improvements to the GUI, or reasons why you think it's not user-friendly, and I'll see what we can do

 

Hello all,
The engine at VirusTotal is significantly different from the one that the consumer product contains and therefore tends to generate more FPs. The reason behind this is that at VirusTotal, we don't have the ability to analyze behavior so we have to make a "best guess" about what the file does, and that causes a lower number of real detections and a higher number of FPs, just because it isn't as accurate as actually sitting on a user's computer and analyzing files as they come through.

5 FPs in 2 weeks is extremely high - a vast majority of our users have never experienced a FP and I'd tend to expect they're all due to some underlying factor (maybe beta software or Windows 7?)

If anyone has any FPs which are still detected, please send them to me via PM and I'll get them fixed ASAP Regarding WLGPCLNT.DLL, there are pieces of malware named WLGPCLNT.DLL so searching for that filename itself doesn't necessarily mean you're looking at the one you're looking for (if that makes sense ). In another example, there are many infections named svchost.exe so a search to a Prevx Filename page would show that it could be malware, while it is also a system component.

Hope that helps! As always, let me know if you have any other concerns, questions, etc.

 

No,the result is that my Prevx CSI detected a "virus" while the Prevx on VT says "negative".

I tried Prevx on Vista before and now use it on Windows 7.
I usually get 2 or 3 FPs on my system from Prevx while Avira give none. And Avira saved me several times from real viruses.

I didn't search for the file on Prevx. Prevx told me that wlgpclnt.dll under my system32 archive is a virus. I clicked the link for more detailed information. And I see those descriptions for the file. I uploaded it to VT and the result was 0/41.

For the GUI:
1. Too many clicks in settings.
2. Too many steps when I want to quit Prevx from Real time monitor.

 

We have been generating a few FPs on Windows 7 builds just because there is so much new data coming in and a lot of Microsoft components do perform suspicious actions. If you could send me a scan log (by clicking Tools > Save Scan Results) of any FPs you've experienced, I'll be able to correct them immediately and tell you why they've happened

 

We're considering making it easier to disable the realtime protection, but this is a one-time-action which very few users ever use.

What steps are you finding too numerous in the settings? Short of making the status screen a list of checkboxes, I'm not sure we can minimize it much further

 

You can achieve this by right-clicking the system tray icon

 

Early days yet, but I have yet to see one FP in nearly 2 months of use.

A lot will depend upon your software mix and the heuristic setting.

Brings back memories of complaints of high FPs against Dr Web, VBA32 and Avira. I see/saw very few FPs with any of these AVs in years of use.

 

I don`t see many FP`s in Prevx. In fact i think heuristics just does what it is supposed to do. "Hey, check this out, it could be dangerous". That`s not FP`s in my opinion. Yes, you could remove many of these detections, but you would lose a lot of security.

 

I've fixed the FP reported by bonedriven - it is a legitimate FP and it does indeed share many characteristics with a large group of infections, most likely because of the software protection they have on the program itself.

I've checked the heuristic rule to see if there are any other similar FPs and there were a few (granted, they had only been seen by a small number of users). One of the triggers which set off this detection was an identification of remote code injection (process hijacking) which looks to be accidental because of the software protection but because of this and a handful of other factors including registering itself to load on bootup, modifying IE's memory/registering a BHO, and making some obscure outbound internet connections, we flagged it.

This is one of the many cases where good software can really seem quite bad, and its very difficult to differentiate between them in some cases, which is the main reason why AVs generate FPs.

Hope that helps clear up some of the confusion

 

It has no more then others.

 

Yes, I think the FPs could be lower. I get more than any AV I have had. I think they will continue to work on this, though.

 

Thanks for the quick response.

An anti malware program that wants to detect those other AVs miss may certainly result in more FPs.

I just want to let you know that there are unsatisfied customers when most of the sound comes from applause.

 

I've an insisting FP on Nirsoft's regscanner. It has stayed that way the last week.

 

I don't think the number of FP's is an issue with Prevx.

I think from my experience that it depends greatly on the frequency of new installations you do and what kind of software you install.

There is quite a lot of software nowadays that have behavior of malware.

My last example are the Nirsoft Utilities. There are quite a lot of them that trigger the warnings of Prevx what I fully understand why.

Usually what I do is to exclude the files or folders involved.

 

It does depend on the software involved, but Prevx can still do a better job of differentiating - in my experience.

 

Thanks for your reply.

OK did so (exclude files)

Can I reduce the FP's by other than default settings in Heuristics then?

 

The reality is that there will always be someone somewhere not happy with a product. I have yet to have a FP. Great product, great support.