Introducing, The New Prevx Edge.

Would there be any advantages to using this alongside Avira premium? as the website says it can work alongside any security software.

 

I'm currently running Avira Premium and Prevx 3 on my XP Pro SP3 box. If you already are running Avira, you certainly can't go wrong adding Prevx, IMHO. Great one-two punch, and they work well together.

 

Ok thanks, might give it a go

 

A few questions:

1. Is there ANY way to give us quick access to the complete history of the threats that have been removed via the main screen? The log feature does not accomplish this (too many steps and time searching for log files IF they were saved). On the main screen where you have it showing 'Total infections cleaned:' would be a good place to link to the threat removal history (threat name, location it was detected at and how threat was dealt with).

2. When I do a manual scan the percentage goes to 23% and stays there for the remaining scan until it displays 98%, then it finishes. What can be done to accurately track the percentage throughout the entire scan? Is it a deal breaker, no, is it annoying for me, yep!

3. Is the threat database you maintain only populated by Prevx users or are you able to track threats in the wild from non-Prevx users?

4. How long will non beta users be at version .40?

Thanks!

 

Beta version is at .50.

 

A few answers

1) You can view the cleanup history by clicking Tools > Undo Cleanup > View Cleanup Log. That is definitely a good idea to link the threats cleaned to the cleanup log We'll have that in the next version!

2) Could you clarify if the progress bar goes to 23% or 63% and then jumps to the end? At 63%, files are finishing being checked with the database. If your internet connection is fast, it will jump from 63% to 100% quickly, but if you have a lot of new files to analyze, it will hit the percentages in the middle as well. 23% is approximately after the rootkit scan finishes so it shouldn't be a bottleneck area, but if it is, let me know and I'll investigate further

3) The primary database is from our users but we have a large crawler system which looks for new malware and a system which analyzes submitted/collected files. We also get feeds from popular sample submission services which are analyzed centrally to proactively protect users even if a Prevx user hasn't seen the file yet.

4) We are planning a release within the next week - just finishing up some final features and improving everything

Let me know if you have any more questions!

 

Getting close now

 

me i have question...
only orevx make PX5 hash ? or who generate PX5 for my program that make ?

 

PX5 is a proprietary algorithm which we use that gives us a unique signature of a program. We have many many more signatures which are used "behind the scenes" but this one allows us to look at unique files to track down what other signatures are from the file

 

ok
there are software or other system for see the PX5 ?

 

No, its only used internally and we just show it in the log for malware reporting reasons

 

ok thank you....

i think bug or not in 3.0.1.50, i have not in my menu "scan with prevx...."




bug or not ?

ps : this file it is messenger worm :

File IMG9371478991721141-GIF.EXE received on 04.11.2009 19:10:08 (CET)
Current status: finished

Result: 5/40 (12.50%

Prevx1 V2 2009.04.11 -


Additional information
File size: 98816 bytes
MD5...: d163bf2b8fca0c84504fedebb8b51136
SHA1..: 0f3765e061322f423d44927c1500b2ab31448b59
SHA256: 97e49dbdb12e60fd631c877a845525653e0daeb3905ac060e2c600ee605ed956
SHA512: b75d5688099bc7fb7b146bff0b86a97d04aeb77c1a2e3465a7bd09ad69d88084
350fa12ebba791a4107b70d61876e7e797045d89e2155c5b60d091d828f7b459
ssdeep: 3072:wEH+GiEs2SMylNOjyFbxJU5h1u1h+riPAz:wsehzRFM7riP8

PEiD..: -
TrID..: File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x5d3c
timedatestamp.....: 0x3e800062 (Tue Mar 25 07:08:18 2003)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x8f74 0x9000 6.62 50bebbd725b0400e6006b223073d8f44
.data 0xa000 0x1bec 0x400 4.25 b67e6b028734fe3692a3080d8ebfe3b1
.rsrc 0xc000 0xe814 0xea00 6.81 e1f7eff97b1ed9a845890d2052418503

( 6 imports )
> ADVAPI32.dll: FreeSid, AllocateAndInitializeSid, EqualSid, GetTokenInformation, OpenProcessToken, AdjustTokenPrivileges, LookupPrivilegeValueA, RegCloseKey, RegDeleteValueA, RegOpenKeyExA, RegSetValueExA, RegQueryValueExA, RegCreateKeyExA, RegQueryInfoKeyA
> KERNEL32.dll: LocalFree, LocalAlloc, GetLastError, GetCurrentProcess, GetModuleFileNameA, lstrlenA, GetSystemDirectoryA, RemoveDirectoryA, FindClose, FindNextFileA, DeleteFileA, SetFileAttributesA, lstrcmpA, FindFirstFileA, lstrcatA, lstrcpyA, _lclose, _llseek, _lopen, WritePrivateProfileStringA, GetWindowsDirectoryA, CreateDirectoryA, GetFileAttributesA, ExpandEnvironmentStringsA, IsDBCSLeadByte, GetShortPathNameA, GetPrivateProfileStringA, GetPrivateProfileIntA, lstrcmpiA, GlobalFree, GlobalUnlock, GlobalLock, GetProcAddress, FreeResource, LockResource, LoadResource, SizeofResource, FindResourceA, CloseHandle, WriteFile, SetFilePointer, SetFileTime, LocalFileTimeToFileTime, DosDateTimeToFileTime, SetCurrentDirectoryA, GetTempFileNameA, ExitProcess, CreateFileA, LoadLibraryExA, lstrcpynA, GetVolumeInformationA, FormatMessageA, GetCurrentDirectoryA, GetVersionExA, GetExitCodeProcess, WaitForSingleObject, CreateProcessA, GetTempPathA, GetSystemInfo, CreateMutexA, SetEvent, CreateEventA, CreateThread, ResetEvent, TerminateThread, GetDriveTypeA, GetModuleHandleA, GetStartupInfoA, GetCommandLineA, QueryPerformanceCounter, GetTickCount, GetCurrentThreadId, GetCurrentProcessId, GetSystemTimeAsFileTime, TerminateProcess, SetUnhandledExceptionFilter, ReadFile, LoadLibraryA, GetDiskFreeSpaceA, MulDiv, EnumResourceLanguagesA, FreeLibrary, GlobalAlloc
> GDI32.dll: GetDeviceCaps
> USER32.dll: ExitWindowsEx, wsprintfA, CharNextA, CharUpperA, CharPrevA, SetWindowLongA, GetWindowLongA, CallWindowProcA, DispatchMessageA, MsgWaitForMultipleObjects, PeekMessageA, SendMessageA, SetWindowPos, ReleaseDC, GetDC, GetWindowRect, SendDlgItemMessageA, GetDlgItem, SetForegroundWindow, SetWindowTextA, MessageBoxA, DialogBoxIndirectParamA, ShowWindow, EnableWindow, GetDlgItemTextA, EndDialog, GetDesktopWindow, MessageBeep, SetDlgItemTextA, LoadStringA, GetSystemMetrics
> COMCTL32.dll: -
> VERSION.dll: GetFileVersionInfoA, VerQueryValueA, GetFileVersionInfoSizeA

( 0 exports )

RDS...: NSRL Reference Data Set
-
packers (F-Prot): CAB


if you want link MP me.

 

Go to Settings - Basic Configuration.
Uncheck/save and check/save
Enable "Right clik" ....
It should solve problem I think.

 

yes thank you

 

hum

FP with :

Prevx Scan Log - Version v3.0.1.50
Log Generated: 11/4/2009 19:33, Type: 1,8192
Windows XP Professional Service Pack 3 (Build 2600) 32bit|1036
Some non-malicious files are not included in this log.
Heuristics Settings: Age: 1, Pop: 3, Heu: 3 (Dir: 1)
Last Scan: Sat 2009-04-11 19:33:13 Paris, Madrid. Number of Scans: 80. Last Scan Duration: 4 seconds.
[NF] (ACTIVE) c:\program files\ma-config.com\langues\languemc_fr.dll [PX5: D028F829A8D6FBA35EB10096F14DEF00F605D0E7]
[NF] (ACTIVE) c:\program files\ma-config.com\langues\languemc_fr.dll [PX5: D028F829A8D6FBA35EB10096F14DEF00F605D0E7]


ma-config.com it is website scan hardware for found a new driver :
used by :
http://www.touslesdrivers.com/index.php?v_page=29
and
http://www.ma-config.com/

virustotal : http://www.virustotal.com/fr/analisis/47b2e42f75660a59c43082d359a62395

 

Fixed

 

For what its worth, we have detected this file for some months if it actually tried to infect you. I've added detection for it so that VT will find it, but Edge's protection would have completely protected you from it automatically

 

Hello all !
Thank you to PrevXHelp for the Beta link.
How is it that i can't configure Edge with this release? What i mean is that my settings are not kept. For example if i want Edge to scan automatically at every boot-up and untick the option "Do not show any window while scanning" , nothing happens after after rebooting...
Thanks,
Heco

 

Scans are staggered to keep system load low during bootup or when a large corporation is turning on all of their computers at once at the start of the day. The scan may start within about 1 hour of bootup and the scheduled scans start randomly within about 1 hour of the configured time as well. Registered users can override this, but we recommend that you don't just to keep system load low (trying to run a scan directly on bootup generally just makes everything much slower )

 

good =D

c:\documents and settings\arnaud\bureau\img9371478991721141-gif.exe [PX5: 844980E6008D2BCD8234012ADF52AB00F65AA56E] Malware Group: Medium Risk Malware

[G] (ACTIVE) c:\program files\ma-config.com\langues\languemc_fr.dll [PX5: D028F829A8D6FBA35EB10096F14DEF00F605D0E7]

 

Logged in to myprevx and saw a computer register that was not mine. Any ideas how it was accidentally registered? In any case, I deleted it and was able to activate my new pc. Thx for the quick help.

 

What is an "Age/Spread Criteria Violation Detected" ??

I've had a couple of these recently with supposedly innocent files, PrevX blocks the launching with this error dialog. What does it mean please?

NigelS

 

This means that the file is suspicious enough to be below the threshold you have configured in the Heuristics Settings. If you receive "too many" of these, you can turn down your heuristic settings by clicking Settings > Heuristics Settings.

More information on what exactly the settings mean can be found at http://info.prevx.com/edgehelp.asp if you click on Edge Settings > Heuristics Settings

Let me know if you have any further questions with this

 

But... i am a registered home user with a licence valid for 283 days! LOL

 

You should be able to then check the bottom box on the scheduler screen which reads:

"Start the scan exactly at the scheduled time (may cause a delay on a large network)"

That will eliminate the default delay