Introducing, The New Prevx Edge.

Rebooting fixed in for now. If it happens again, I will uninstall and reinstall. CPU to normal during scan surprised me too, was just looking for a related hang.

 

Can an official rep please confirm this?

Thank you for answering, ambient_88 .

 

Oops - missed that post The heuristics are enabled in the trial version, but malware is not blocked in the trial. Also note that a lot of the heuristics only apply to real infections in their natural locations so running samples in a malware collection does not completely mimic the proper "shape" of an infection that a user would normally encounter

 

Thanks for the fast response! By 'enabled', do you also mean that the trial version will give alerts (with no blocking allowed) upon a heuristic positive? I had taken a piece of a malware installer that Edge detects as bad, modified it, then run it with the Age and Popularity sliders set to Maximum, but got no alerts; thus I assume that the licensed version would also have given no alert with the same settings and modified malware installer?

 

That is correct, however, modifying the installer could have corrupted it or changed it - could you send me the sample so I can see why we missed it? (I'll PM you my email address )

 

I justed retested by modifying the original malware installer again, in a slightly different manner this time, and this time I already get a 'medium risk malware' message before I even install! This did not happen yesterday. Do you still need the sample? By the way, I should point out, that even yesterday, when I rescanned the altered malware installer after about 10 minutes, Prevx did already flag it as bad; does this count as a heuristic catch or not?

By the way, do we need to manually report false positives here (or by email), outside of already marking as 'false positive' within Edge itself?

 

Ah great That's the benefit of automated analysis

Correcting the file locally will send a recommendation to our researchers which requires a manual process to override it and correct the FP but if you want the file prioritized, feel free to PM or email me and I'll take care of it ASAP

 

Yes very good . Would yesterday's results count as a hit or miss on the heuristics settings though, as I did not get any alert immediately yesterday?

 

Possibly a miss in this case, but depending on the sample, it may take more than one user seeing it to identify it as bad immediately. My guess is that the file was marginally suspicious yesterday but once we got another report of it we were able to track it down more accurately

 

Great - maybe because I tried a few different modified versions .

If a file is caught by the heuristics settings alone, and not flagged as bad in your database, does the alert clearly state the fact that the heuristics settings resulted in the alert?

 

Our database is built primarily on heuristics as well, but the client-side heuristics will result in warnings which are titled: "Age/Spread Criteria Violation" or "Edge Heuristics Warning".

However, we quickly identify malware as real threats so it is possible that something would have been caught by a heuristic warning but it is immediately identified completely as malware and the determinations updated centrally so its hard to say exactly which of our many engines found the file initially from the resulting determination

 

By the way, here is a report on a newly modified version I created, which is now flagged already upon right click in explorer: http://info.prevx.com/aboutprogramt...essionID=A9D6FF45-A2B1-4919-B822-783BEFEC52D9

 

Thanks for the info . I did not see either of these 2 warning titles yet.

 

If it's not a trade secret, what are the different levels of threats in your database? It seems that there is more than just 'bad', 'good', or 'not yet determined'.

 

We have quite a few different levels - we recently started breaking threats down by Low Risk/Medium Risk/High Risk and then infection type (adware/targeted information stealer/fraudulent security program/etc.), separate identification of programs which are identified as rootkits, identification of programs which are held as "caution" instead of outwardly malicious (unwanted software instead of malicious software), and then the heuristic determinations as well, and a separate category for infections which we cleanup for free.

Hope that helps!

 

It does, thanks!

Are all of these different levels also presented to the user in alerts? Or, if not, will be someday?

I'm glad to hear about the 'caution' level, because I believe most of my false positives ought to be classified as 'caution' programs.

 

Hi

Not sure if I should post this on this topic. Moderators please move if post is in the wrong section.

Below is copy of message sent to Prevx :

"New customer - great application by the way.
Have been using Prevx Edge for about 2 weeks before my purchase.
Have just received an e-mail from Prevx advising of system infection.
Previous scans have reported my system is infected. The offending files are:-
(a)wscui.cpl
(b)winhttp.dll
I treated these files as false positives and searched google to confirm that these are essential Microsoft files.
I am running Windows 7 build 7057 for evaluation purposes.

Would appreciate if you could confirm above and avise what further action is required on my part.

Regards

xxxxxxxxxxx "

Have any other users had similar problems with above 2 files. They reside in
Windows- System 32 on my comuter.

Any advice/assistance would be appreciated.

noel1947

 

Wow, I had no idea that was an option. Should I have been able to see this in the trial version?

 

another question....

1> I'm using KIS2009, do i need to add PrevxEdge as KIS trusted application?

2> Is there an option also under PrevxEdge setting that i can add KIS as trusted application?

3> Is it advisable to add each other as trusted application? I don't want the time comes when there's incoming malware and both of them are fighting each other to detect the malware......while the malware is already doing bad thing on my laptop because of duplicate functionality & conflict of PrevxEdge & KIS.

 

You don't need to add KIS to the Edge list, but KIS will warn if Edge is installed when you first install KIS. We're trying to get them to change this, but for now, you're going to have to uninstall Edge if you need to reinstall KIS.

We've developed Edge to be compatible with other security software so you don't have to worry about incompatibilities when malware is detected

 

This is only available in the registered version with a license key using our "My Prevx" console where you can get reports of infections, manage PCs, and view the status of all of your PCs whenever you like

 

Hello,
We have not yet whitelisted all of the Windows 7 build 7057 files but the research team will respond to you tonight or tomorrow from the support inbox about your report

 

PrevxHelp

Many thanks for your reply.

noel1947

 

Most of the levels are differentiated to the user except for the caution level currently but we are going to be changing the reporting for caution programs shortly to better differentiate and clarify the intent of the detected programs

 

Hmmmm, thanks for response. Sounds miiiighty tempting.