Introducing, The New Prevx Edge.

Saraceno,
I removed TF and allowed Edge to run as trusted in DW.
Thanks for the effort.
Hugger

 

Nice to see the testing already,thanks good work.BTW nice acer wallpaper.

 

Hello

Yes, sure. We're interested in missed samples Even if our new heuristic engine is giving very positive results, it's always useful to add signatures

Contact me by PM so we can talk about how you can send us samples

Marco

 

CSJ, even if you send them, please post what you find on the behavior scan. I think that people would like to know. Good work.

 

The heuristics will probably nail them all. I threw quite a bit of stuff at mine when testing and it caught everything. But....you may have different stuff.

 

Prevx is scanning again but I must say that in my PC I can't do nearly nothing while it scans.

I also lost the tray icon in last reboot.

 

Ok, I have it up and running, the paid version. When I download the eicar test files I can save them to disk, and also I can scan them using right click. It comes up that no malicious files have been found. I was wondering if it should have caught this or at least recognised them?

Rollers

 

I just tried it now and it found it. Have you extracted the file from the archive? It won't scan in archives (as the files within archives are not actually threats).

You should right click on the eicar.com file itself or a folder containing it and then click Scan with Prevx Edge.

Please let me know what you find

 

This is odd, as we have had no reports of slow scans/interference from other users. Would you be willing to have one of our engineers (or myself) analyze your system remotely? The only case we've seen this happen in is when the system is infected with a rootkit at a low level - might be worth checking it out.

Please PM me if you're interested

 

If Marco hasn't responded yet, let me know I'll check them out as well

 

Since we've been discussing different trialing ideas, I thought I might as well throw mine in too.

It goes as follows: When you've installed Prevx Edge, you'll get a window saying something like this: "Welcome to Prevx Edge! *blahblahblah* You've the opportunity to activate a trial license which will last for 30 days giving you all the functionality of Edge during this period, protecting you from any threat(s) that it finds. Would you like to activate this trial license now, or later? If you choose to activate it later, you'll find the option in the "License Information" section, or be given the choice if/when Edge has caught something. Optionally you can activate your product with a full license key. Please note, though, that Edge's detection capabilities are available to you for an unlimited time."

Maybe not the best wording, but I think you get the idea.

The window will then also contain buttons with something like: "Activate Now", "Activate Later" and "Active Full License".

The great thing about this would be that (1) the user can choose by himself when he/she wants to take advantage of those 30 days of full functionality and (2) when Edge detects something (a threat, something through heuristics, etc.), it'll give the user the choice to activate this through the pop-up and through that way prevent the infection before it can do any harm. How it works is that nothing will proceed till the user has made the choice about the trial license in that pop-up. Either he/she accepts the offer and Edge will take care of it and function completely for 30 days from then, or he/she skips it and let the malicious content go on.



- Something like that

 

@ raven, n1

 

Can't see this happening.
This goes to the users advantage.
Prevx is trying to sell a product here.
They're giving the trial up front, as all others do, hoping you like it and will buy it.
Honestly, if you owned prevx, would you allow it?

 

Found possiable bug in the settings of the heuristics. when I adjusted the slider up or down from the recomended settings with out saving the changes it still held the settings even after reboot.perhaps its on my end not sure though.There was no need fo me to commit with save changes tab.

 

Ok thanks that explaination helps re the archives and makes sense. I tried it as you described with the plain eicar test file and it found it, cleaned and rebooted. I am used to the old style anti virus jumping on it when downloading ( http scan ) so need to adapt. I am looking to use this only with no av.
Thanks Rollers

 

yeah, isnt life amazing.

 

The problem with the old antivirus approach is that it causes a very significant increase in CPU usage and slowness without really improving protection at all.

Sure, you may get warned 2-3 seconds earlier... but is that really worth the added overhead... I don't think so That's why we monitor memory and loading code rather than files as they're created (as they'll still just be completely dormant).

 

We have thrown around similar ideas in the past, but it comes down to trying to make it as simple as possible.

So far, we have decided that we will go with the standard model of "scan for free" and "protect/clean for 30 days during the trial". While it isn't implemented into the products yet, we are going to be finalizing it next week and releasing it as an update, so, soon everyone will be able to test out Edge completely.

The problem with holding up the malware after it runs is that we completely sever the malware from loading immediately at the kernel level, so, we can't just "hold up" the execution - it would drag the system to a halt if too many infections were loaded at once

 

I can see what you're saying, but that is pretty much the only way you can show the user what the product is actually capable of. Just flagging stuff won't give you a big idea how effective it's to remove malware and the like. After those 30 days it would go back to only detection mode and the user will miss its protection. It's simply an idea of something it could be, close to it, or a variant - part of the model.

 

Yes, this is true. It assumes Save Changes when you navigate out of the screen without clicking Save Changes. I'm not sure if that is actually a bug, it may be, but it could just be dependent on user preference.

In Edge, we tend to assume that if the user made the change, they want to keep it that way rather than removing it when they navigate out.

Any thoughts?

 

Yeah, I'd those complications in my mind too. Good response. Well, it's still only an idea, right? Simple brainstorming.

 

I'm always up for brainstorming. It's too easy for companies to think they're always right without getting opinions from users.

If anyone has any suggestions, we always take every suggestion seriously. While it may not get added in within the next day, it will definitely be tacked onto the infamous ToDo List

 

Looking at the screenshots at Prevx Edge's homepage, it seems a serious infection/rogue app. like XP Antivirus 2009 is not automatically blocked/removed when it's detected.

My understanding was that Edge is supposed to function automatically, according to descriptions and responses and especially in this case with something so serious to be as user-friendly as possible - something in terms with Norton's Auto-Protect. It's understandable that it could prompt you on some more simple adware application, but IMO not this.

 

i think malware blocking only function after you register and not for trial

 

Edge makes the prompts very simple and straightforward. The obvious choice is to click Block, which will block the malware in the future. Before this prompt is shown, the malware is already dead and blocked and this is just an alert to tell the user that it had been trying to get in.

If the user clicks Block, in all future cases it will block the malware without requiring user interaction (if they see the same threat again).