Introducing, The New Prevx Edge.

Hi Joe

I have a collection of leaktests stored on my PC and a while back Edge started detecting one of them (TrojanSimulatir.exe). I reported this to you and if I remember you updated the records to class it as a 'Test virus'...and all has been well unitl this afternoon then all of a sudden 3.0.1.17 has detected TrojanSimulator.exe plus seven othr similar such leaktests...all stored in the same location on my PC.

I am intrigued as to why this might be? Also, have PM'd you the list of the .EXEs concerned and a scan log of the session that found them...in case you want to evaluate them and mark them as 'Test virus' or the like?

Cheers


Baldrick

 

About three months ago, right on the edge of the Edge release (horrible pun intended ) we made major architectural changes to our database which have immensely improved detection. Prevx2 and Edge do share the same back end database and database-side heuristics/rules so Prevx2 is able to leverage a good deal of what Edge detects.

However, as GES/POR pointed out, that's where the similarities end The post referring to Prevx2's detection versus Edge's detection was talking about how they act in realtime when blocking an infection that is trying to enter. This completely ignores all of the new rootkit detection, new scan engine, and a whole host of new functionality in Edge. The 1-2 minute scan in Edge will actually find far MORE than Prevx2's 30-odd minute scan on the same system.

With Edge, we now have multiple layers of heuristics. The database is built primarily on heuristics and server-side analysis but all of that is handled "in the cloud" regardless of user settings. In Edge, we opened up some more granularity to the heuristics engine with our Advanced Heuristics, Age, and Spread detection settings. These engines are all on top of the standard detection and Prevx2 can't leverage any of those engines at all.

Moving forward we are constantly adding new features which are based on Edge's new engines and can't be 100% ported back to the Prevx2 "language" but we aren't going to just abandon Prevx2 because it does have a niche market of people who like the behavior blocking components

But if you want to leverage all of the benefits GES/POR outlined and more, Edge will fit your specifications

 

Windows tends to access files throughout the system when indexing data, etc. so its possible that Edge caught onto this and saw that these files might be interesting so it added them to its default scan. I'll look into marking these files as Test Viruses (begrudgingly because I am conceptually against leaktests But I guess it is valid to have them identified as this )

 

The problem with this is that there is no way to do it at the software level reliably. You'll need a USB stick with write protection at the hardware level (i.e. - a little switch on the side which locks it down). That's really going to be the best way and the only way which I would personally trust to prevent getting infected from putting a USB stick in

 

Very interesting. Well, the next beta cycle won't be starting for quite some time now *knock on wood* as it looks like we've reached stability with v3.0.1.17 but once we start unveiling more functionality with new builds, it would probably be worth starting from fresh and trying the updating again

 

is the Gui going to change or remain same?cause this one is easy to navigate and use thanks

 

I updated and running just fine

 

So far we don't have any changes planned to the GUI

 

cool i tried it for the last 7 days and it is really fast and stable

 

That's good news.
I like the way it's laid out

 

Prevx Edge seems to have compatibility issues with Shadow Defender. I installed the latter half an hour ago, and then Prevx kept crashing and coming back. When I started SD it detected it as a threat.
There were crashes even after override.

I have just uninstalled SD and everything is back to normal. It's a shame they can't cohabit.

PS : I didn't even get into shadow mode.

 

does the check for updates check for new versions of edge or sigs or what??on my desktop i have registered edge 3.0.1.3.do i have to manually download the newer version 3.0.1.7?

 

Program Updates/Versions only, did you try to download from the GUI?

Sigs are all hosted on the serverside of PX

 

yes i opened edge and hit check for updates and says im using the newest prevx edge software?3.0.1.3

 

Probably will be available in a few hours trough the GUI, if im guessing right this is the deal with most vendors --- newest versions are not directly pushed out to plain users, instead they are downloadable on webbie's first.

If you download the newest version from the website and install it ontop of your current installation it will update just fine as said earlier by PXhelp

 

This is what PrevxHelp said about going live with this version! https://www.wilderssecurity.com/showpost.php?p=1409346&postcount=2084 You will have to download a fresh copy from this link in the mean time! http://www.prevx.com/prevxedge.asp

TH

 

Hi Joe

Don't mark them as such on my behalf (sorry if that sounds big headed...not meant to be). If the Prevx approach is that they should be flagged as they have been then so be it. I can always set Detection Overrides for them if I want/feel.

So please go with the Prevx view.

 

did you try lowering the self defence?

 

Hello,
We'll be looking into this further internally so we can try and reproduce the incompatibilities. I'll let you know if we find something

 

This is correct We're planning on releasing the newest version for updates within 2-3 days - just waiting to hear of any complaints and to make sure that other AVs stop producing false positives against us

 

I have to say no, but it didn't even cross my mind, because it kept crashing, so I just wanted to put the fire out, lol. Now I wish I had tried.

Thanks a lot. I haven't abandonned all hope to make both work together on my comp

 

Just installed Vista Service Pack 2 RC1 and Edge is going nuts. Have you guys checked edge against this yet? NAV is remaining calm.

 

By nuts, I'm guessing that it is scanning a lot of files in realtime? Could you send me a scan log? I should be able to see what is triggering it from there

 

To PrevxHelp
Today Edge was updating to new version , I get every ok to my Comodo Defense+ but at one moment everythig crashes, blue screen of Windows and this error message about PXARK.Sys : Driver Unload Without Cancelling Pendings Operation etc.....
Rebooting PrevxEdge does not exist on my pc
I download a new version 3.0.1.17 to the Prevx site and now everything seems ok, no need to insert my edge licenses cause she was automatic downloaded I thik

Sorry for my bad english

My system is XP Pro, with Avira Free, Comodo CIS 3.8 with Defense+enable, Edge was setting with autoprotection enable (no password protection for edge setting)

I tell you this for your check
Thanks

 

Romagnolo1973,
There was an issue with pxark.sys on some machines when uninstalling Edge.
The file pxark.sys is not used anymore in Edge, so i'm pretty sure you will not see this error again
I don't know exactly in which Edge version\build pxark.sys was replaced, at least 1 month ago it was replaced in the Beta's i tested.