Introducing, The New Prevx Edge.

Fixed now Thanks for the report - they just released a new driver version, v8.3.0.253 and modifies the system suspiciously as AVs tend to do (us included ) which is why we flagged it. It should all be sorted now. Thanks!

 

Thanks, Joe. Yes I scanned 3 times in the last 5 minutes and all is well here now.

Great, fast help as usual.

Support here, by pm and from the main website has been superb and overall the best I have received from any security vendor over many years.

Let's hope that some members here will allow you to devote more time to real problems rather than explaining Company policy.

 

I have never used Prevx before but just did so on my Vista x64 machine. After installing and running its check, Prevx 3.0.1.65 is saying WERFAULT.EXE in c:\windows\system32 is "high-risk cloaked malware."

I know this .EXE is past of Microsoft's error-reporting service, so I am disinclined to think much of Prevx's determination. Is the problem that Microsoft is using WERFAULT in a malware-like fashion, or that my version is in fact some other file masking as a Microsoft .EXE? I cannot tell from the error...

 

PrevxHelp, I’m not sure I understand your reply. To clarify, I was requesting a URL to download the slides used at your RSA presentation(s) -- or, a link to a YouTube video of the presentation(s), if available. Can you kindly share the content? If you don't have it handy, can you kindly pass along this request to one of your colleagues?

Thank you.

 

As Blackcat noted, the support given by Prevx is fast, friendly, & effective. I sent them an email question. Moments later, my computer signaled a reply. I figured it was the usual automated answer such as: "We got your support request & we're working on it." I was amazed to see that the message from Prevx was, instead, a complete and well-supported reply to my inquiry. 5-star service IMO!

 

I don't have them and we don't have them on our website because they are made in a format which requires explanation alongside each slide so they wouldn't be useful alone (we had presentations at set times throughout the week).

 

I've sent you a PM with some instructions which will help me determine the intent of the file WERFAULT.exe is indeed most often legitimate but there could be a number of reasons why it isn't - system file patching, file infector, malware using legitimate-looking filenames to get past the watchful eye, etc.

 

PrevxHelp, I do concur. While it is apparent that we have an “irreconcilable difference of opinion,” I do wish to publically praise your continued engagement in the debate. Support personnel from other anti-virus vendors might have dismissed the issues long ago, and so you do deserve kudos for documenting and sharing your point of view.

 

Thank you

 

I've corrected the FP - we had a a couple issues with Vista SP2 x64, which is where these files originated from. They're now corrected Thanks for the report!

 

New scan log with the Kaspersky FP sent.

 

To everyone with Kaspersky FPs: We've found the root cause of it and have now corrected it Prevx and Kaspersky should now return to playing nicely together.

 

Getting again FP's with PX 3 (but NOT at VT with PX 3 ??).
Check http://www.delphifreeware.com/downloads/hfs.exe
Nothing wrong with that file, flagged at VT by eSafe and CAT-QuickHeal, as suspicious file, nothing else.
Hoiw come that my local PX 3 ALAYS flag it when I start it and VT not

 

Try again please. FP should have been fixed.

This is because VirusTotal implements a basic version of Prevx with only a basic heuristic check while Prevx 3.0 implements full heuristic engine.

 

@PrevxHelp,

2 false positives:
c:\program files\common files\system\ado\msadox.dll
c:\windows\system32\rpcss.dll

Windows Vista x64 with Service Pack 2

 

Thanks We're in the process of whitelisting Vista x64 SP2 which is the root of the recent complaints. These FPs will be fixed shortly along with the others from x64 SP2

 

Just wanted to say that the Kaspersky FP has been fixed. Thanks!

 

Edge detects Combofix as "High Risk Spyware".
How should I proceed?

P.S.

Edge installed fine on another system. Must be a hardware problem.

 

Good to hear We haven't had any other complaints still so I'm not sure what would be going wrong

I've sent you a PM with further instructions as well

 

Is Prevx considered a firewall? Or should I run this program along with a firewall?

 

I consider it an anti-malware/behavior blocker (heuristics). I use it as a supplement to my anti-virus. I don't consider it as a firewall and run a separate firewall program.

 

OK so it offers real time protection but it is good to still use a firewall.

 

I think so, but that is only my opinion. If Prevx caught everything you might not need one. I don't think Prevx will though. No application is 100%. You could use the built in Windows firewall. Prevx +firewall +something like Sandboxie, DefenseWall or Malware Defender might be all you need. Each person's security needs/expertise is different.

 

Exactly

 

In general hardware firewalls ( Routers )typically provided by NAT routers, keep malicious traffic from ever reaching your computer whereas software firewalls, such as the Windows firewall, discard malicious traffic after it has actually arrived at your computer.

But you don't need both.

If you have a router with NAT enabled, then there's no need to enable the Windows firewall. In fact, you can tell the new Windows Security Center that you'll manage your firewall yourself.