Introducing, The New Prevx Edge.

@PrevxHelp

I tend to agree with the above comment as well. A "View Threats" button would intuitively lead one to think that it would present a "review" or a "log" of what threats had been found as of that moment....i.e. before another scan. It would seem - IMHO - that given that a "Scan" button already exists, one would assume that there is/was a difference between "Scan" and "View Threats". Initiating a scan upon clicking the "View Threats" is not what one would expect...albeit from my limited perspective...

galileo

 

The View Threats button "should" lead to a screen which lists the threats. Could you let me know what build you're using so I can try and track down what might be wrong?

 

This behavior was occurring under the 3.0.1.50 build (sorry, I should have noted that in my post) - I have not had any threat issues show up as yet under the 52 or 53 builds.

galileo

 

Damn Joe, thread need a bump.

 

Well, I was waiting to see if anyone would complain about the newest build, 3.0.1.55, with the new, less washed-out GUI

 

well then, that is a good thing. Also reports of FPs are down and that is good. Edge burped, it was time.

 

Is the right click scanning working now with the new beta 3.0.1.55?
With 3.0.1.52 it was not.
Also I assume the FP's associated with Rollback Rx are fixed

 

Yes and yes

 

Thanks

 

Are the GUI changes there?

 

Yes The odd color is now toned down and it looks better all around IMO

 

Cool, it looks awesome - tell the creator that. Only thing I don't get is the thing on the right, if you know what I mean..? Is that also a part of it, which just goes behind the main-content of Prevx?

 

Looks much better now. Running perfectly on my system, no FPs in ages.

 

Chit, I just got infected. I went to the F-Secure blog and visited the site they showed. Yeah it lead to porno but I ran a scan afterwards and it showed nothing. Now when I try to go somewhere, or actually this is the 3rd time I have tried to post this, I get this

http://billingpayment.net/pp/?id=226

This sucks as F-Secure is what is loaded. Damn, I cant even fathom this.

 

+1

.55 sitting here quietly minding the shop...as they say. No new or old FPs as far as I can make out so far, even when tying to force them.

Can't wait for the beta with the new functionality the promise of which Joe has been torturing us with for the last few week.

 

The large set of new functionality is still a few weeks away The Prevx 3.0 release (of 3.0.1.55) is scheduled for tomorrow then we're going to continue developing through the new features

They're getting close, but we don't want to release anything unfinished

 

The right blob is a continuation of the curve behind the main content which starts at the bottom and continues up, reaching a maximum mid-way through the Security Status area and falls/shrinks as it reaches the right side.

I hope that helps, trying to describe partially obscured non-regular Beizer curves layered behind a rounded rectangle isn't exactly my area of expertise

 

ok, here is what Edge just found. I can assure you one is the Twitter worm.

 

The problem is these rogues change so frequently that AMs find it hard to keep up.

I recently tested Edge, MBAM, SAS, Avira and F-Secure against 10 rogues - all 10 installed and running on a system and also another test with them being installed whilst one of the AV/Ams was active. SAS only found 2 and removed them, MBAM found four, but destroyed the system trying to remove them, Avira got all of them and removed them all, F-Secure got six amd Edge got them all. Interestingly, Edge would allow some of them to install - and then find them. Other times, edge allowed them to install AND run. In all cases, Edge found them on a system scan and was able to remove them all.

In every case when Edge missed a rogue installing, Zemana detected it.

My advice would be:

1) Always run your browser in a sandbox (I use sandboxie) - If you use Vista, Always use UAC and use protected mode with IE (but Sandboxie is better)

2) Use a traditional HIPS like Zemana - it does catch things Edge misses.


If you want to go mad - use Returnil as well!

Does edge detect anything when you do a on demand scan?

Try rebooting and then doing a scan with Edge.

EDIT________________________________________________

@trjam - I see Edge has the blighter already!

 

After running through a cleanup, could you send me a scan log via email? I'll double check that we've cleaned everything up.

 

will do

 

Chances are that in this case, you may have been an early user to see them. We're working on keeping up with the rogues and adding detection for quite a few new ones every day so that could explain why it got past the first line of defense. Also, the rogues have changed their methodology to move away from actually installing malware and are now primarily using social engineering, which is jarringly effective

If you do see any which we don't find, let me or any other Prevx member know and we'll investigate. These rogue AVs unfortunately do require manual analysis in almost all cases but we're working on finding similarities between them (some of them are developed by the same people) to detect them more heuristically.

 

I was stunned to see how many rogues there are - hundreds of them! Also, they change so frequently. One that Edge detected one week was undetected a week later (on install).

I will probably do another test in a few days and will let you know if any slip by. I will PM you a list of URLs for these rogues as well at some point, so your team can have a look.

 

Thanks It is quite incredible how popular they are... and how good some of them look compared to commercial AVs

 

Joe, 3.0.1.55 looking good here!