Introducing, The New Prevx Edge.

There is no beta download as such.

Beta testers are selected and added to the beta program, so only they get the update...For now

 

You have to PM PrevxHelp for the link!

TH

 

Sorry I was out wreaking havok for a bit. There is a picture of it at post #3136...

 

"iexplore.exe.mui " - Detected as cloaked malware

The file "iexplore.exe.mui" was detected this evening as cloaked malware by PrevxEdge 3.0.1.40. I uploaded/checked this file to VirusTotal and am receiving NO detections OTHER than their version of Prevx1 V2...ALL other AV checks return negative. Earlier PE scans did not flag this file...this appears to be a false positive.

The file version is listed as:

8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)​

FWIW: Scans with current databases using Malwarebytes Anti-Malware (1.36) and Threatfire (4.1.0.25) both DO NOT detect this file.

Running: XPP+SP3 up to date + Windows Firewall + IE8 + PE 3.1.0.40 + Threatfire 4.1.0.25 - behind Netgear router.

galileo

 

Re: "iexplore.exe.mui " - Detected as cloaked malware

Hello,
Please try scanning again - I believe the false positive is fixed now

 

Re: "iexplore.exe.mui " - Detected as cloaked malware

...Bingo...scan is now clean......Thanks!!!...

galileo

 

I get an alert during the installation of RJ TextEd. I believe it's a FP. RJ TextEd is a well known editor http://www.rj-texted.se/

Downloaded from the official site...if I remember well during installation Edge flagged Install.exe as a malware. Unfortunately I don't have the time to provide more infos, but I'm sure you'll check this.

Thank you.

 

Thought about something on the GUI, though... the color down to the left and such has a very weird, green color.

Please see the attached image!

EDIT: And while I'm still on it... Personally I think the green circle with a check could be slightly bigger. The space for the "check" looks a little too tight.

 

I am running a scan with beta version 3.0.1.44. See screenshots:

I don't agree with these detections, considering there were no detections with the current version 3.0.1.40, I was using previously.

 

Most likely FPs, Joe will fix them. It is beta.

The new GUI is awesome.

 

It may well be an accurate detection. I believe the new version scans areas that were not scanned previously. Also, see:

http://www.prevx.com/filenames/4042460208085755464-0/RSIT.EXE.html

 

Could you send me a scan log or an entry including the files? I suspect they "may" be FPs but its hard to tell with a program like this which accesses the system (some do it legitimately, some don't but they look very similar )

 

Upload to VirusTotal for a quick check......I received a "cloaked malware" FP last night (see above)...apparently either a database or a heuristics change has occurred in the last 24 hours and has resulted in an increased sensitivity to various "clean" files...

galileo

 

I suppose you meant me, Joe.

Here is the first part of the scan log, hope it is what you need to fix the FPs.

Prevx Scan Log - Version v3.0.1.44
Log Generated: 7/4/2009 23:03, Type: 1,8192
Windows XP Professional Service Pack 2 (Build 2600) 32bit|1033
Some non-malicious files are not included in this log.
Heuristics Settings: Age: 2, Pop: 2, Heu: 2 (Dir: 1)
Last Scan: Tue 2009-04-07 20:26:30 E. Australia Standard Time. Number of Scans: 154. Last Scan Duration: 18 minutes 38 seconds.
[BP] h:\downloads copy\downloads\rsit.exe [PX5: FDC2281D1BB3A911EE270BF6DD664900B84D976D] Malware Group: High Risk Cloaked Malware
[DN] c:\recycler\s-1-5-21-1417001333-2049760794-725345543-1003\dc862.exe [PX5: 740143B42824D854FF6900F59C482F008779C99F] Malware Group: Community.OuterEdge
h:\downloads copy\downloads\artificialdynamicssafespace1.2.107.exe [PX5: 7242C342007867888F75A911D50F8300E6272D8F] Malware Group: Low Risk Adware
h:\downloads copy\downloads\artificialdynamicssafespace2.0.41.exe [PX5: 7242C34235786788A075AE11D50F8300E6272D8F] Malware Group: Low Risk Adware
[BP] h:\downloads copy\downloads\rsit.exe [PX5: FDC2281D1BB3A911EE270BF6DD664900B84D976D] Malware Group: High Risk Cloaked Malware
(ACTIVE) c:\windows\system32\defensewall_serv.exe [PX5: 9766B22400ED6ABC50290160738CF50042CD79D3]
(ACTIVE) c:\program files\opera 10.0 alpha\opera.exe [PX5: 4EFAD42D007EF469B829017B73836900EE370BD3]
(ACTIVE) c:\windows\system32\drivers\dwall.sys [PX5: 81C359C700D686D8DC320A7864362C00E81DCE8F]
[UP] (ACTIVE) c:\program files\opera 10.0 alpha\opera.dll [PX5: E3467D9D00CF925F4E3B3BC7B5C3F9001AE5677B]
(ACTIVE) c:\program files\sunbelt software\vipre\vipre.dll [PX5: E6350F1D28487D4345330480B5718C00A20CE2D7]

 

Oddly enough.... those files are each quite suspicious, after looking at their entries in the database. Could you email the files themselves to me so I can analyze them manually? (Sorry for the runaround, if they are FPs I want to get them fixed, but they are doing some things that programs "shouldn't" do )

 

I think the color looks a bit odd because it is a "mesh" rather than a solid color. Our graphic designer is going to be looking into GUI changes to make everything a bit slicker/less washed out and I'll be sure he's aware of this observation as well

 

I THINK I had an issue with the beta... not 100% sure.
I installed the beta, it then found a trojan (which in fact was not a trojan...), it then told me that the PC must be restartet, what I did, and it stopped at the login screen. I could not go back into Windows.
I then started Windows in safe mode, and did a system restore.
Now it boots fine, but it also reverted to the 3.0.1.40. I did not try to install the beta again.

 

You can save latest scan log and send it to PrevxHelp to look what may cause that

 

Could you let me know some information to help diagnose what might be going wrong? I'm interested in what OS you're using, what other security products you may have, what your self protection level is, and if you installed the beta over your existing installation or if you uninstalled/reinstalled.

Sorry for the inconvenience this caused

 

so what I want to know is, since the beta, there are numerous reports here of possible FPs. Joe feels there may be some actual reality to these detections. Joe please let us know what you determine because I am hoping for actual detections. If FPs are real then what became of this statement.

"Hello all,
Just wanted to let you all know that we just completed a complex new module on the database which will dramatically reduce the number of false positives. This change is, by far, the widest reaching false positive reduction improvement we've ever implemented. It comes after a great deal of analysis over the data from the first 3 months of Edge being "in the wild". We've engineered this improvement so that it will not affect protection but only false positives - especially the ones reported here frequently with the age/spread warnings.

I do enjoy fixing false positives quickly, but I'm sorry to say I won't have to do it as often now I'm still here, of course, if you need any other assistance or if you do experience a FP which escapes our new "trap" for them"
!

 

That still holds true. In light of Conficker and a number of other threats surfacing now, we've bumped up our heuristic levels on the server which have generated a handful more FPs. Most of the FPs reported here in the last few days are from the same files (iexplore.exe.mui for instance), or from people with heuristic settings on Maximum, or files that are simply so suspicious that we actually do need a sample to see the intent.

Its impossible to judge the FP rates of a program from forum posts where there is a wide range of users using abstract/unpopular/system-level utilities Across "normal" users (no offense intended ), FPs are down dramatically

 

that would make perfect sense. Thanks Joe.

 

Email sent.

 

After some careful analysis, the files ARE legitimate (a few other security vendors don't think so, however ) but personally I don't blame Edge for detecting these because they really are quite suspicious looking

Let me know if you find anything else!

 

As much info I can give:

OS: Vista Ultimate 32-Bit SP1
Other Security Products: NOD32 V4.0.417.0, DefenseWall V2.53, Vista Firewall Control
Self protection level: Medium
I installed the beta over the existing non-beta

It MIGHT have been something else, who knows, and just happen at the same time. I will just observe and will install the beta again.