Introducing, The New Prevx Edge.

Ok I just relized the monitoring was Disable,I Do not believe I stop it but I will keep and Eye if it stops again, then I will try it without Nod32 and see what happens.

 

Ok, please let me know what you find or any other information which could lead us to be able to reproduce it internally in the morning.

 

Thanks again and will do.

 

I've been running it alongside Threatfire 4.0.0.8 with no troubles.

 

No just in signature is what security is on only.Sorry late response.

 

Could you possibly try rebooting your system? (or, have you rebooted since installation?)

So far, two users have had this problem completely resolved by simply rebooting. It might not be something this simplistic, but it is possible. Please let me know

 

Its ok at this time will post any further findings tommorow.Gets some sleep sir you must be tired from me alone.Have a good night.

 

while they may seem old to you, these are active infections that I've got in the past few months, ones that prevx misses.

Not real infections? ... Double click a few and see for yourself the havoc on your machine.

it's really not my job to make sure it's in context for you.

 

Yes, I know that you were actually affected by them, but the fact remains that they are quite old (our database may have just seen them before you ran into them) but of course we do know that they are real infections (and we are now detecting them as such )

 

Saw a false positive on the online updater for the known desktop weather program WeatherPulse. I'll try heuristics on medium and see if I can get the same FP. Are medium heuristics recommended?

And Prevx should get along with the Avira AntiVir Suite (without the firewall) and PC Tools Firewall Plus, right?

 

It appears there is no false positive with heuristics on medium.

 

Some of those weather programs are "grayware" (like WeatherBug). It might be worth sending me over a scan log or download link as to where to get it (via PM so we don't accidentally spam potentially unwanted URLs on Wilders )

(Medium heuristics are recommended)

Edge should get along fine with Avira, but we did recently see a couple users having some problems with PC Tools Firewall and Edge, however, nothing is definitive enough to say unequivocally that it was PC Tools FW + Edge that were interacting badly. Just for the sake of getting more information on the issue, it might be worth having you test it against PC Tools FW as well - we are going to be setting up test environments using a large number of combinations of PC Tools FW + Edge + other security products to hopefully narrow down where the issue lies.

 

Ah ok, good to know. I would still be interested in the scan log to help tune the heuristics rules to prevent it in the future if you have it on hand (please send either the single entry or the entire log via PM)

 

I sent you a PM. So far working well here with the PC Tools firewall.

 

Well, I got a basically frozen system couple minutes after I've installed PC Tools Firewall 5.0.0.19 beta and rebooted. Disabling Enhanced Security Verification under filtering tab in PCT FW solved this completely. No problem w/ Avira Free/Premium.

EDIT: I'll test again with 5.0.0.25 just released.

EDIT2: Forget this, lot worse, had to uninstall PCT FW in safe mode, otherwise logging in resulted in a frozen system. Happened with PrevX Edge uninstalled as well... so, to conclude, this ESV feature in PCT FW is plain broken and should be disabled by default.

EDIT3: Scratch the above. Nice waste of time with reinstalling the old .19 version - because providing installers with filename reflecting the version is apparently too difficult for some vendors so you end up downloading outdated stuff from outdated mirrors...

 

Hello EraserHW,

In regards to your above quote, does Prevx convert undetected samples into traditional antivirus-like blacklist signatures or are they really used to physically fine-tune their heuristics engines? The reason that I am asking is because the main reason that I purchased Prevx Edge(PE) is because of it's advanced behavioral heuristics, application of whitelisting and community detection network and ability to detect and block zero day threats(exploit targeted malware or malware that bypasses most, if not all, of the thirty-five or so antivirus scanners) with little or no help from traditional blacklist signatures.

In other words, I am under the impression that "most" of PE's ability to detect and block malware is derived from heuristics and the community detection network and not from signatures. I am not at all interested in installing and purchasing another blacklist scanner.

Lastly, approximately what percentage of heuristics, whitelisting, blacklisting and community can be typically attributed to PE's ability to detect and block malware?


Peace & Gratitude,

CogitoErgoSum

 

(I'll answer for Marco )
Besides some one-off samples which appear periodically, we almost always add heuristic rules to catch malware as it is simply not economical to only detect one file when there are most likely similar variants floating around.

Very few of our signatures are derived from plain blacklisting. We have some signatures which catch millions of samples with one heuristic signature - definitely not useful if we were to add each one manually

I don't have a specific percentage, but literally everything is community based (not user decision - automated heuristics community based) and it is a bit of a rarity that we actually mark a single file bad.

 

Hello PH,

The clarification was very much appreciated and reassuring.


Peace & Gratitude,

CogitoErgoSum

 

"Very few" is still plain old fashioned blacklisting, CogitoErgoSum just stopped living dangerously (now with a blacklist)

 

Hello EraserHW,

Thank you for the explanation.


Peace & Gratitude,

CogitoErgoSum

 

Also, to clarify his response as well - that means it has been found by ONE of the heuristic engines, one of the unique ones to Edge which measures Age/Popularity (the bottom two sliders in the Heuristics Settings page).

The other heuristics are applied silently behind the detections

 

Hello Kees,

Can't win 'em all. Well, at least PE is not an antivirus in the traditional sense.


Peace & Gratitude,

CogitoErgoSum

 

Just teasing my friend

I have to admitt I am surprised by both PrevX and A2 Malware with their improved applications

 

just curious on heuristics of program age and program popularity what settings would be best or should I say most likely set at by user here.Example I have mine set to following.avanced heuristics at max,program age medium and popularity low.

 

I had prevx edge on for one day yesterday, the paid version as I could not do a full trial without paying. I must admit the idea of one program protects all sounded great, so thats what I tried. The first day of using I ran into a problem. I got hit with a dns changing rootkit trojan, prevx found it and said it had deleted it. Then my searches got redirected. A scan with antimalwarebytes found 6 more files all related to this trojan. So I am afraid the one security app to protect all does not work for me and have gone back to the full norton IS 2009. I have taken it off my machine with a full restore with acronis. I have requested a refund but am still to hear back.

Rollers