Introducing, The New Prevx Edge.

I have a few other products installed, ie: GeSWall, Rollback Rx and Executable Lockdown which isn't on all the time. I am going to remove them all so that I only have Edge on board and see what happens. Will let you know what happens

 

Sorry for the inconvenience with this, but it will be extremely useful to have a somewhat isolated environment to test in. Please let me know what you find!

 

Right, removed everything from my system, ran CrapCleaner. Then downloaded a fresh copy of Edge. Uninstalled the copy of Edge installed on the computer and then installed the fresh copy. Problem solved, can now access Help & FAQ's without any problems. Gut feeling is that the problem is to do with Rollback Rx, may install it again in a few days and see what happens, on the other hand I may not .
However, I will keep an eye on it to see if it reoccurs, if it does I should know what causes it next time.

 

Thank you for the information - I'm going to have our internal QA take a look to see if we can do anything to prevent the problem as well. Please let me know if you find anything else amiss

 

Sorry for delay in getting back to you,other things got in the way
With just Edge on the computer and Windows XP Home SP3 firewall - first I reinstalled GeSWall and the problem is back Uninstalled GeSWall and installed DefenseWall - no problem. Added Executable Lockdown and still no problem. Haven't reinstalled Rollback RX but it seems that the problem lies with GeSWall.
Hope that is of assistance to your testing, first time I have knowingly had a problem with GeSWall.

 

Thank you for the information - we'll start testing against GeSWall shortly to see if we can avoid the problem

 

Do you know of any current problems between Edge and PC Tools Firewall and or Threatfire?
Thanks.
Hugger

 

The only possible problem I've seen between PC Tools FW and Edge is an incompatibility in the optional self protection feature of Edge. Threatfire seems to be fine AFAICT.

Let me know if you see any differently

 

Hi Dark Star

I think I can confirm you view that the problem does not lie with Rollback Rx as I have it installed (since prior to installing Edge) and I can advise that I cannot reproduce the symptoms you describe...no matter how hard I try. I also DO NOT have GeSWall installed.

Cheers

 

Jesus, I just spent an hour trying to upgrade from Prevx2 to MyPrevx Edge. I am toying with the thought of loading my 9mm Sig Sauer P239 and just ending it all. Is this a trick? Do I have to uninstall Prevx2 and forget about the financial credit toward Edge for 3 years time served with Prevx2?

I feel like an idiot. I just sent a message to customer support as Prevx was supposed to dispatch an email to me to continue the license/product transfer from Prevx2 to Edge and never did.

Should I just forget about it?

 

Wow. Chatter on this channel has increased.

From what I have excerpted from Wikipedia above, it appears to me that C.O.M. is cross platform capable though C.O.M. is a microsoft developement system.

Can client and server be on a single/individual computer?

Does Prevx Edge look for malicious rpc software or malicious IDL?

Does Prevx Edge look for legitimate RPC software being used by malicious software?

Would Malware install its own legitimate RPC software or maybe a maligned RPC?

How many RPC softwares should my computer contain on a clean install of WinXPProSP3?

Would HIPS be a better way to manage against nefarious use of RPC, IDL, TLBs and COM components?

IAJSFA (I am just searching for answers.)

 

OK, I gave up the ghost and miscreant fantasies of suicide and purchased Prevx Edge atop my recent renewal of Prevx2 as the license swap isn't working at present, somehow hamstrung at the email notification process.

Question: is there a link either here or elsewhere that details advanced settings for a system running both Prevx Edge and Prevx2? At this point is it best to uninstall Prevx2?

Any help would be much appreciated.

-Mark
Prevx Edge
Prevx2
NOD32
Malwarebytes
Online Armor

 

Hi Mark,

Sorry you appear to have hit issues when trying to swap the remaining credit of your P2 license over to Edge. This is ordinarily an automated system, available on our website here:
http://info.prevx.com/licenseswap.asp

If you have tried to use this system but hit problems, please don't hesitate to drop me a PM here along with the license key you're having problems with and I'll get it followed up (can't find your message in the support area)

 

I think there is a bit of misunderstanding going on here. COM/RPC are benign, unless some legitimate software exposes an interface which could cause damage, i.e., if some legitimate software opens a RPC function to delete a file.

RPC is used very often by a number of different types of software and it would really have to be a design flaw to cause damage. Otherwise, RPC/COM do not have any more privileged interfaces to the underlying OS than any other program.

Hope that helps

 

Hi,

I know ealier on in the thread there was talk of a malware sample submission process. Is there any news on how this is getting along?

Cheers

Jlo

PS I already have supports emails so that is where my samples go at the moment.

 

We still don't have any web-based process yet, but feel free to send the samples to anyone of the Prevx representatives here and we will expedite the analysis process for you

 

I was just wondering if there were any differences between DriveSentry and Prevx Edge.

 

Ok thanks

 

Tried Prevx Edge for a week and it seemed OK-didn't do anything, which was good, and didn't interfere. Had to uninstall today when it hung at 50% CPU usage and turning off monitoring didn't do anything. Couldn't see a way to simply exit and restart. Maybe next release ... . Vista Ultimate SP1+Avast!+Online Armor.

 

Out of curiosity - could it have been running a scan in the background? How long was it stuck at 50% for?

 

No scan running according to the gui-no "scanning" popup either. It had been running at least 5 minutes or so (possibly much longer) when I went to task manager to investigate the slowdown, let it run for a while, finally gave up.

 

Thank you for the information. I haven't heard of this from any other user, but we'll investigate it further and see if we can find anything wrong. Sorry for the inconvenience

 

I wasn't trying to point out COM/RPC but COM/IDL which is a neutral development language and RPC is developed with COM/IDL.

COM encompasses the OLE, OLE Automation, ActiveX, COM+ and DCOM technologies.

As an example, Hide My Folders. Based on their feature list they are malware with the ability to hide even in safe mode. This software is written using COM, which active-x is a part of.

Is this COM method of hiding detected by Prevx Edge?

Also I have been trying to find what COM related components are a part of Windows; exes, dlls and drivers. For instance, clbcatq.dll, a part of COM service, can be injected into any other processes. Control clbcatq.dll and you can inject your code into any running exe on demand.

Can Prevx Edge find a malware that hides info from the user but not from the system?

 

The rootkit scanning in CSI and Edge reads the disk at the lowest level possible, therefore, it easily bypasses these very high-level methods of obfuscation. Hiding files with COM leaves them visible to other non-COM interfaces within the operating system, so the files are not really hidden at all and Edge would be able to see them without even using the rootkit scanner.

Edge finds malware which hides files from the user, but if you hide a legitimate file, Edge will not report it (as do many other antirootkit programs, but this generally causes more user confusion than necessary, so, we first check with the database rather than report every minor non-malicious entry in the system).

 

Thank you,

That puts it into perspective for me. You have saved me a long journey through the msdn forest by providing me a teleporter.