Introducing, The New Prevx Edge.

Based on the fact that Spyware Blaster 4.2 was just released a day or two ago and considering what it does to IE, I'm not surprised or in the least disappointed that it causes FP in Prevx.

 

Oh, don't worry, I've beta tested lots of software and know what it's. ) )

Let me take an example... TF, which is also proactive based, didn't produce ANY FPs when they'd their new 4.0 beta up - yes, can you believe it, another beta product I was part of, what a surprise! (No, I definitely don't know what it's.)


Don't worry, underestimation is just one of my biggest weak-points when it's aimed at me.


I'm not saying it's not acceptable - but it's something which should not be happening anyway.

 

Please, can you try scanning again?

Thank you

 

Removed the detection override which was FP for the SB detection, and it seems to be fixed.

Thx, Eraser!

 

Just a general question... so, after the beta, Edge will simply be called Prevx (3.0), just like it was Prevx 2.0 before?

 

We have this as a security feature to prevent any keyboard automation, but I'll see if we can have it accept an enter key for the dialog

 

Yes the protection will be called "Edge Realtime Protection" but the product will be Prevx 3.0.

A note on the false positives - new versions of security software tend to cause false positives because they do root themselves deep into the system/modify areas that normal programs don't. We have exactly the same thing happen against us from a great deal of companies (ESET, Kaspersky, Panda, and eSafe generally have false positives on new releases of CSI and Edge).

The only way around this is to whitelist them once they're released as, in most cases, they look identical to malware.

 

If the page contains exploits which try and infect your computer, Edge will block them immediately but we don't have HTTP scanning because it is a largely unnecessary feature which slows down browsing without providing much real additional protection at all.

Hope that helps

 

Yes, I can understand that. So this also means you can't simply whitelist whole applications, like SpywareBlaster, which are being detected? Does for example TF not detect it because it's purely looking at its behavior first?

 

It really depends on the software and how significant the update is. Technically every AV/AS/etc. app should trigger an alert but we have measures in place to prevent it in most cases. I'm not sure why TF would not detect it, but security software almost always has an identical behavioral "footprint" to malware - hooking low-level system services, loading drivers, preventing its processes from being terminated, accessing the disk at a low/raw level, traversing the file system/accessing programs, etc. all of which are frequently done by malware.

We generally don't whitelist whole programs automatically by choice because it can lead to false negatives if the digital certificate is compromised or if the program does turn out to harbor malicious code so we usually just let the database sort it out automatically after getting enough behavioral data

 

Another note on my previous post - the age of a program is taken heavily into consideration as well as the popularity of it, so, when a new version of a program is released, or a beta version (which many users here use frequently), we tend to have more FPs against it just because it isn't an official release and isn't used by the whole userbase.

A program that has been seen by a very small handful of people that modifies core system areas is hard to automatically trust so we take a suspicious stance in many cases

 

That is understandable!

TH

 

Here is the thing... TF works in a different way. It really checks "what is this program actually doing", even before it checks it against its black- AND whitelists.

Now-a-days I never experience FPs with it, but if there's real malware - oh boy does it detect it.

 

I mean, I saw it myself here when testing real malware, the first result at a torrent-site when searching for Norton crack. It was disguising itself as a real, working trial reset crack. That didn't lure TF at all - it would prompt me for every action it did when I clicked to still allow it. It was that persistent and detected new after new trace, keeping the ones it detected before in the same list. Registry entries, files, processes - being modified, deleted, created, everything. Prevx on the other hand didn't do a thing - but you probably already know which case I'm talking about. - And we both do know that Prevx did NOT detect it at first, even if the real-time protection was faulty at the time. TF excelled by looking at all the behavior, it was catching every move and has yet to fail.

That's one reason I take TF before Prevx - it simply doesn't miss and doesn't produce FPs.

 

3.0.1.50 running smoothly here with all my signature apps.

 

wow thats a lot of heavy duty apps in realtime, ud probly be best if u dropped one of them :/

 

Doesn't look too bad to me - you should see that most of them are noted as on-demand.

 

i know, but a lot of those realtime apps are pretty heavy duty with like OA Hips + FW, ASquared AV + AS + BB, Edge AND Defensewall

that seems like an awful lot

 

Yeah, well I don't use a FW, nor HIPS, so I'm all good. Properly configured Hardware FW and layered malware defense, which includes both BB and strong heuristics and incl. a light AV does the job for me. Saves me the hassle and keeps it light, but still effective.

 

Quick question here. I updated my license to add coverage for another computer. However, when i try to activate prevx on the new computer, i get an error that all licenses are in use. How long does it take for the system to update? I just updated about 20 minutes ago. I'll wait and try tomorrow. If not, what then?

 

Yeah, I know. Why bring a knife to a fight when you can bring a Battleship instead.

 

Good point

 

The prevx support on here will sort it out if the license doesn't work by tomorrow.

 

Hi, the update should be instant - therefore either feel free to send myself of PrevxHelp your license key which we will investigate, or alternatively sign up to MyPrevx which should allow you to manage your license key and delete off any old / inactive machines which the license might think it's still valid against.

 

Hi all,

PrevxHelp, the answer you posted on #3335 was well explained and understood.

Thank you.

Webby