Is Prevx good?

Indeed. Marking "Hello world" packed stuff as "suspicious" (along with tons of others) just plain rocks. And yeah, having notepad.exe on whitelist rocks as well, how many FP reports did it take to put it there? The thing fails to work meaningfully and produces FP noise all over the place, instead of pathetic excuses here you'd be better off to fix it finally.

 

lol, so funny. I haven't read anywhere else so many bullshits in so few posts

 

We have made CSI require an installation to greatly improve its detection. Because it is able to run as a service, we are able to see deeper areas of the system more reliably (as we are fully installed).
Having to uninstall/reinstall a driver every time it wants to scan is an unnecessary system load and will probably cause HIPS popups. We also have it install-only now so that users can scan from a limited user account or a UAC'd account and still find all of the malware. Running with two processes is the only way to do that under a true LUA.

 

The reason you post here is to make a few sales more however if Prevx folks r to be trusted theyd not fail their customers on their own forum and also respond to pm's wich u never did. Also the language ur using is not fit.

 

@Marco -- I am glad to see SOMEONE from Prevx who is filled with zeal for their product.

By the way, there was a fellow called "Notok" who represented Prevx back in "the good old days." He had both zeal and information. Whatever happened to him? I do hope that he is well.

 

I totally apologize if I haven't replied to some pm you've sent to me, most likely I've lost it between all the things I've to do. As said in another thread, my main role in Prevx is not customer support neither advertising or what else.

Anyway, I feel really sorry if you write "which you never did", because people who has sent me pm's knows that I usually reply, at least most of times. If I haven't replied, then it could be happened for a lot of reasons.

Language is not fit? Please, remember that the language can be adapted to the situation. If the situation is a placid and interesting discussion between people talking about some interesting topics, then the proper language is used.

If people want to attack without knowing how things really work and doesn't want to hear anything about it because they feel they are right by default - then the proper language is used.

This concept shouldn't be too wrong, at least I think so

Best regards,

Marco

 

Prevx was an extremely promising product up until it seemingly ground to a halt a year or so ago.Unfortunately it now pales in comparison to the likes of Threatfire,Comodo D+ and perhaps Drivesentry once it matures.You have to wonder where exactly Prevx 'fits in' when there are some excellent free alternatives such as these.

I genuinely hope that Prevx can re-discover it's past glory when this version 3 sees the light of day.

 

Ok, I understand that, and also it's a good thing that you have a whitelist. But I find pretty uneeded to detect everything packed as suspicious. Ok, maybe multi-packed file, could be detected as something like Suspicious-Multi packer, but not only packed files.

 

Sicilian

@Bellgamin: Notok still here:
Last post 10-8-08
https://www.wilderssecurity.com/showpost.php?p=1296854&postcount=5
Just been V.quiet, nice to see his nick appearing again.

 

You can't detect whether or not a file is harmless, or if it's packed multiple times - packer detection is packer detection. Unless, of course, they included a universal unpacker (unpacking capabilities would degrade faster than you can say "undetected") or a huge whitelist of "hello world" applications. Who the hell packs a "hello world" application anyway? I didn't realize it wasn't small enough already or needed obfuscation.

 

It doesn't matter whether it's a "hello world" application or whatever else. Packer issues are wide-spread among lots of antivirus/antimalware products, but it's rare to find one with such alarming false-positive rate like PrevX (perhaps Ikarus engine is a "competitor" in this field).

You obviously need some kind of "smart" handling beyond packer detection, results need to be based on further analysis of the executables. Marking anything packed (safe for a slim whitelist of mostly MS stuff) as "suspicious" is simply not acceptable at all.

 

Hello,

again I would remark the fact that we aren't detecting every packed file as suspicious. I showed you before a test with notepad and regedit (just an example) and believe me, they aren't inserted in any white list. But, if anyone for any reason would think that they are inserted in a white list, then I packed Winhex.exe from X-Ways software Technology AG with UPX - same test as before.

This is the VirusTotal result: http://www.virustotal.com/en/analisis/45004ffe85791dc03bf7c8b0f66a429d

This explains one more time we aren't detect all packed executables as suspicious, unless at least anyone would think we've a white list on X-Ways products too

Kind regards,

Marco

 

But then how do you explain my example?

 

That is the right question Thank you

A lot of factors have affected the flag 'suspicious', and one of these could have been the use of a packer known to be used by a lot of malwares like PeC. See blacklisting packers topic - just a search on Google will explain you better some things on why some companies blacklist some packers.

 

Prevx still is as good as most products here. I to, hope development continues because this has always been one product that interested me the most. I think it has a place in a lot of hearts here. So, hopefully it has a bright future, but yes, it works.

 

I agree,this product was a real innovation when it first appeared the developers need to try to get back to that early standard.

 

Wow Trjam you already changed AV?

 

looks like I changed Avatars, unless you are in my house.

 

GOOD ONE!!

NOT THAT IT MATTERS, BUT PREVX HAS A NEAT TRAY ICON!!! SEX APPEAL IS A PLUS!! LOL!!

 

As previously reported, I ditched Prevx CSI (paid-for version) owing to false positives being found constantly within the component parts of AVG Internet Security. I too had a continuing licence, but the Prevx software was too troublesome for me.

 

I don't know what kind of truly alien system you have.

I have used Prevx since the very beginning, alongside AVG, and never had a problem with it till a few months ago.
It WAS marking and blocking virtually EVERY update to my existing programs (Firefox and Thunderbird for example) as malware and many many other well known programs too.
The FPs were NOT fixed in double quick time and in any case that is totally irrelevant - having FPs on a daily basis that involve standard safe programs is unacceptable.
I have had about 5 FPs in AVG in as many years.
Prevx was also proving far too complex to use on Vista in addition to the FPs.

 

I find that condescending and offensive.
I was reporting them to the extent it was costing me nearly an hour A DAY in time.
That is simply a joke.

 

You deserve not one iota of respect.
Your product is now useless.
You do not give any meaningful support either directly, or (none at all) on the Prevx CastleCops forums.
The BS is yours.

 

like i always said development of software and good customer service is what makes apps stronger and popular.
note:some security code makers leave their software and their customers abunded(lonely).

 

I apologize for what I said, but, I really do have a lot of faith in our software and we're constantly improving and eliminating false positives. My comment was rude, looking back at it now, but really - the post I responded to was insulting my company's work and I highly doubt that we're doing THAT bad, being that we have over 3 million apparently happy users.

As for false positives on packed files - we have a LOT of community heuristics and behavior monitoring which is simply NOT in place on VirusTotal, so, you shouldn't base all of your testing on VT - the engine is a much watered down one and we can only do a small amount of analysis on the files when they're submitted (no realtime monitoring, no behavior monitoring, etc.)

However, it is possible that you creating a program and then packing it is going to trigger some false alarms - frankly, the reason is that this program has never been seen anywhere else in the world and generally that is a bad thing. We always do run deeper analysis on the files, but, for instance, files from VT might take some hours to actually get through all of our analysis because of the way the submission process works. Because 99.9999% of users don't encounter BRAND new GOOD programs every day, it is safer to say that it is suspicious while its in the process of being analyzed. The sheer fact of a program never being seen before... EVER... is a very suspicious thing, and something that only a community database can see.

It is basically just very smart, community whitelisting - rather than warning on every program, we take the automatically-determined community opinion and then perform automated and manual analysis of the file. Almost all of the work of scanning takes place on the server, where files are executed, analyzed, and torn apart automatically. That's whats great about Prevx - we can actually make major "code" updates without ever having to send anything to the client machines.

Accidentally detecting security software is a gray area because it does similar things like malware (hooking system service entries, locking files, etc.), so, usually these require some manual attention to sort out. We had a big run of false positives a while back in CSI because CSI was seeing a certain class of files hidden/locked (generally a suspicious characteristic), but it was really other AVs interfering with CSI accessing the disk. These FPs are fixed now, and P3 includes Direct Disk Access and raw memory/registry analysis which will prevent them from ever happening again.

I'm not sure what the AVG false positives were, but we haven't had any recent reports, so, I'm guessing they're fixed now as I just tried a new install of AVG and didn't experience any FPs. We are definitely working on minimizing false positives - we have a huge effort going right now to establish a large framework to automatically analyze files on the server much faster than we do now, but it does take time to establish (and a great deal of money) as there are a TON of new programs coming out every day.

No company can possibly test every single program in the world. We really try very hard, but, periodically we have false positives on some more obscure programs (and even some popular programs, if a definition has a bad heuristic - but every company has this happen once in a while!). If you do see some legitimate programs being falsely detected, TELL US. It is a good chance that one heuristic rule is causing them, which is easily fixed.

We have identified that our support isn't as great as it could be because of a less-than-functional forum and right now we've been a bit silent with regard to updates for a while as we've been retooling EVERYTHING. We will have a beta program out very soon and we're going to be unveiling a lot of new technology through it.

Again, I'm sorry for what I said and if it was taken wrong, but I was just defending my hard work and all of the work of my coworkers as well. If you have any questions/concerns/false positives/false negatives please let me know or use the Contact Us feature of our products or website.