Introducing, The New Prevx Edge.

Just curious... if this is an automatic process, why is it detected in the first place? Is it because the database looks at the behavior analyzed and when it's deemed completely legit and safe it gets whitelisted? Are you often personally involved in the process at all?

 

Prevx still detects temp files from the new AntiVir beta - I don't have the log now, but has this been reported?

 

No one actually clicked anything to determine the file - the file changed from being "new/suspicious" to "good" after enough data was gathered (And note: the new change we've rolled out over the last day or so will prevent almost all of these FPs from happening in the future )

 

I'm not aware of it - could you make a log so I can see why they're being detected?

 

That is how most if us are finding using the Edge...don't know its there and SUPERLATIVE support!

 

The log does have some of the entries after all - it detects them as Community.OuterEdge. I'll send the log file now so I don't forget - what post had your e-mail address to send?

 

I PM'd you my email address - note that "Community.OuterEdge" in the log does not necessarily mean that Edge blocked/detected the files, just that they have that characteristic.

 

It did block before, though, something about the age/spread again.

 

I sent you the log.

 

Aww... this still makes me scratch my head (or not actually - why screw with my hair, I'm just thinking, LOL! )... How can it determine that if mostly good things are being done, but suspicious things like accessing or modifying in sensitive areas is happening, a file or similar is indeed safe - just as an example?

EDIT: Hmm... this is interesting... I downloaded the first crack for Norton I saw on a torrent site to test, opened it and here's the result: Prevx scans the file first for a while, returns no alert. Then TF pops-up (you're next! ) with a VERY HIGH rating. It's trying to copy an executable file to a sensitive area. I open the details and take a screenshot of the windows - this is refering to my "Not completely confirmed for me yet" post.

I obviously chose to kill and quarantine it. Take a look at it and see what you think.

 

No protection is 100% - whether this file is actually malicious or not is yet to be determined, all that Threatfire is warning on is copying a file into the system directory... which isn't anything too out of the ordinary. If you want, send me the file and I'll analyze it to see if it really is malicious or not

 

it is a crack so maybe it is malicius

 

Symantec would certainly think so, but seeing the file would be more helpful

 

yeap agree ofcourse

 

It sure is common Symantec detects all sorts of cracks and keygens - testing it has shown that, but this is TF detecting through behavior, though I ofc get your point. Should I send it to you by e-mail?

 

Yes definitely

 

Sent

 

I just bought :
5 PC 3 years Prevx Edge
and when i activate it it shows Expiration 365 Days only

is it a bug or what do i have to do
thanks

 

Could you try running a scan and see if it corrects it to your 3 years duration? If it doesn't, let me know and I'll see what's going on

 

That was Quick and it worked lol
Thanks!

 

I checked out the file and it is indeed malicious, but the reason why Edge didn't grab it is because you were the first user to see this variant and Threatfire blocked it before Edge had a chance to analyze the behavior at runtime.

There appears to be two other variants of this infection (which are a ~90% match to this file) - both of which are found as "Malware Dropper" already but they were released back in February. This seems like a relatively new infection - I've marked it "bad" for now and forwarded it to the research team to see if they have any thoughts on updating a rule for it

 

So, you're saying that Prevx would detect it after that through its Heuristics, which are set to default here; Medium. Did you get that result yourself?

 

Yes, I believe it would - I didn't actually test it as I'm a bit short on virtual machines at the moment but based on the way that it drops files, it does look like it would be found heuristically.

 

Avira 9 Beta

 

cool,thanks may solve my problem here too