Introducing, The New Prevx Edge.

Discussion in 'Prevx Releases' started by trjam, Nov 13, 2008.

Thread Status:
Not open for further replies.
  1. Dark Star 72

    Dark Star 72 Registered Member

    Joined:
    May 27, 2007
    Posts:
    759
    I have a few other products installed, ie: GeSWall, Rollback Rx and Executable Lockdown which isn't on all the time. I am going to remove them all so that I only have Edge on board and see what happens. Will let you know what happens :(
     
  2. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    Sorry for the inconvenience with this, but it will be extremely useful to have a somewhat isolated environment to test in. Please let me know what you find!
     
  3. Dark Star 72

    Dark Star 72 Registered Member

    Joined:
    May 27, 2007
    Posts:
    759
    Right, removed everything from my system, ran CrapCleaner. Then downloaded a fresh copy of Edge. Uninstalled the copy of Edge installed on the computer and then installed the fresh copy. Problem solved, can now access Help & FAQ's without any problems. Gut feeling is that the problem is to do with Rollback Rx, may install it again in a few days and see what happens, on the other hand I may not:doubt: .
    However, I will keep an eye on it to see if it reoccurs, if it does I should know what causes it next time.
     
  4. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    Thank you for the information - I'm going to have our internal QA take a look to see if we can do anything to prevent the problem as well. Please let me know if you find anything else amiss :)
     
  5. Dark Star 72

    Dark Star 72 Registered Member

    Joined:
    May 27, 2007
    Posts:
    759
    Sorry for delay in getting back to you,other things got in the way:D
    With just Edge on the computer and Windows XP Home SP3 firewall - first I reinstalled GeSWall and the problem is back:eek: Uninstalled GeSWall and installed DefenseWall - no problem. Added Executable Lockdown and still no problem. Haven't reinstalled Rollback RX but it seems that the problem lies with GeSWall.
    Hope that is of assistance to your testing, first time I have knowingly had a problem with GeSWall.
     
  6. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    Thank you for the information - we'll start testing against GeSWall shortly to see if we can avoid the problem :)
     
  7. Hugger

    Hugger Registered Member

    Joined:
    Oct 27, 2007
    Posts:
    1,003
    Location:
    Hackensack, USA
    Do you know of any current problems between Edge and PC Tools Firewall and or Threatfire?
    Thanks.
    Hugger
     
  8. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    The only possible problem I've seen between PC Tools FW and Edge is an incompatibility in the optional self protection feature of Edge. Threatfire seems to be fine AFAICT.

    Let me know if you see any differently :)
     
  9. Baldrick

    Baldrick Registered Member

    Joined:
    May 11, 2002
    Posts:
    2,537
    Location:
    South Wales, UK
    Hi Dark Star

    I think I can confirm you view that the problem does not lie with Rollback Rx as I have it installed (since prior to installing Edge) and I can advise that I cannot reproduce the symptoms you describe...no matter how hard I try. I also DO NOT have GeSWall installed.

    Cheers :D
     
  10. MarkW

    MarkW Registered Member

    Joined:
    Dec 24, 2006
    Posts:
    48
    Jesus, I just spent an hour trying to upgrade from Prevx2 to MyPrevx Edge. I am toying with the thought of loading my 9mm Sig Sauer P239 and just ending it all. Is this a trick? Do I have to uninstall Prevx2 and forget about the financial credit toward Edge for 3 years time served with Prevx2?

    I feel like an idiot. I just sent a message to customer support as Prevx was supposed to dispatch an email to me to continue the license/product transfer from Prevx2 to Edge and never did.

    Should I just forget about it?
     
  11. Searching_ _ _

    Searching_ _ _ Registered Member

    Joined:
    Jan 2, 2008
    Posts:
    1,988
    Location:
    iAnywhere
    Wow. Chatter on this channel has increased. [​IMG]
    From what I have excerpted from Wikipedia above, it appears to me that C.O.M. is cross platform capable though C.O.M. is a microsoft developement system.

    Can client and server be on a single/individual computer?

    Does Prevx Edge look for malicious rpc software or malicious IDL?

    Does Prevx Edge look for legitimate RPC software being used by malicious software?

    Would Malware install its own legitimate RPC software or maybe a maligned RPC?

    How many RPC softwares should my computer contain on a clean install of WinXPProSP3?

    Would HIPS be a better way to manage against nefarious use of RPC, IDL, TLBs and COM components?

    IAJSFA (I am just searching for answers.)
     
  12. MarkW

    MarkW Registered Member

    Joined:
    Dec 24, 2006
    Posts:
    48
    OK, I gave up the ghost and miscreant fantasies of suicide and purchased Prevx Edge atop my recent renewal of Prevx2 as the license swap isn't working at present, somehow hamstrung at the email notification process.

    Question: is there a link either here or elsewhere that details advanced settings for a system running both Prevx Edge and Prevx2? At this point is it best to uninstall Prevx2?

    Any help would be much appreciated.

    -Mark
    Prevx Edge
    Prevx2
    NOD32
    Malwarebytes
    Online Armor
     
  13. PrevxWebDesigner

    PrevxWebDesigner Former Prevx Moderator

    Joined:
    Nov 13, 2008
    Posts:
    89
    Hi Mark,

    Sorry you appear to have hit issues when trying to swap the remaining credit of your P2 license over to Edge. This is ordinarily an automated system, available on our website here:
    http://info.prevx.com/licenseswap.asp

    If you have tried to use this system but hit problems, please don't hesitate to drop me a PM here along with the license key you're having problems with and I'll get it followed up (can't find your message in the support area) :)
     
  14. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    I think there is a bit of misunderstanding going on here. COM/RPC are benign, unless some legitimate software exposes an interface which could cause damage, i.e., if some legitimate software opens a RPC function to delete a file.

    RPC is used very often by a number of different types of software and it would really have to be a design flaw to cause damage. Otherwise, RPC/COM do not have any more privileged interfaces to the underlying OS than any other program.

    Hope that helps :)
     
  15. jlo

    jlo Registered Member

    Joined:
    Nov 29, 2004
    Posts:
    475
    Location:
    UK
    Hi,

    I know ealier on in the thread there was talk of a malware sample submission process. Is there any news on how this is getting along?

    Cheers

    Jlo

    PS I already have supports emails so that is where my samples go at the moment.
     
  16. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    We still don't have any web-based process yet, but feel free to send the samples to anyone of the Prevx representatives here and we will expedite the analysis process for you :)
     
  17. rOadToIS

    rOadToIS Registered Member

    Joined:
    Dec 16, 2008
    Posts:
    168
    I was just wondering if there were any differences between DriveSentry and Prevx Edge.
     
  18. jlo

    jlo Registered Member

    Joined:
    Nov 29, 2004
    Posts:
    475
    Location:
    UK
    Ok thanks:)
     
  19. sded

    sded Registered Member

    Joined:
    Jun 4, 2004
    Posts:
    512
    Location:
    San Diego CA
    Tried Prevx Edge for a week and it seemed OK-didn't do anything, which was good, and didn't interfere. Had to uninstall today when it hung at 50% CPU usage and turning off monitoring didn't do anything. Couldn't see a way to simply exit and restart. Maybe next release ... . Vista Ultimate SP1+Avast!+Online Armor.
     
  20. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    Out of curiosity - could it have been running a scan in the background? How long was it stuck at 50% for?
     
  21. sded

    sded Registered Member

    Joined:
    Jun 4, 2004
    Posts:
    512
    Location:
    San Diego CA
    No scan running according to the gui-no "scanning" popup either. It had been running at least 5 minutes or so (possibly much longer) when I went to task manager to investigate the slowdown, let it run for a while, finally gave up.
     
    Last edited: Dec 18, 2008
  22. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    Thank you for the information. I haven't heard of this from any other user, but we'll investigate it further and see if we can find anything wrong. Sorry for the inconvenience :doubt:
     
  23. Searching_ _ _

    Searching_ _ _ Registered Member

    Joined:
    Jan 2, 2008
    Posts:
    1,988
    Location:
    iAnywhere
    I wasn't trying to point out COM/RPC but COM/IDL which is a neutral development language and RPC is developed with COM/IDL.

    COM encompasses the OLE, OLE Automation, ActiveX, COM+ and DCOM technologies.

    As an example, Hide My Folders. Based on their feature list they are malware with the ability to hide even in safe mode. This software is written using COM, which active-x is a part of.

    Is this COM method of hiding detected by Prevx Edge?

    Also I have been trying to find what COM related components are a part of Windows; exes, dlls and drivers. For instance, clbcatq.dll, a part of COM service, can be injected into any other processes. Control clbcatq.dll and you can inject your code into any running exe on demand.

    Can Prevx Edge find a malware that hides info from the user but not from the system?
     
  24. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    The rootkit scanning in CSI and Edge reads the disk at the lowest level possible, therefore, it easily bypasses these very high-level methods of obfuscation. Hiding files with COM leaves them visible to other non-COM interfaces within the operating system, so the files are not really hidden at all and Edge would be able to see them without even using the rootkit scanner.

    Edge finds malware which hides files from the user, but if you hide a legitimate file, Edge will not report it (as do many other antirootkit programs, but this generally causes more user confusion than necessary, so, we first check with the database rather than report every minor non-malicious entry in the system).
     
  25. Searching_ _ _

    Searching_ _ _ Registered Member

    Joined:
    Jan 2, 2008
    Posts:
    1,988
    Location:
    iAnywhere
    Thank you,

    That puts it into perspective for me. You have saved me a long journey through the msdn forest by providing me a teleporter.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.