Prevx 3.0: delayed detection

Joe,
I guess we disagree on usefeullness of the ability to configure the sensititvity of the behavior-based anaylisis. I would like to see this feature from an enterprise point of view, as well as built-in detection criterias for potentially malicious programs that may fall outside of the scope of the signature-based detection: rogue antivirus programs, unwanted proxy applications, P2P clients, etc. In this case, programs like Ultrasurf or Tor (or Antivirus 2009 we discussed in this thread) can be blocked, even though they may not fall under the standard malicious detetction categories.
By apparent malicious behavior, I still consider items like BHO installation, browser modification (adding sites to "trusted", for example, or modifiying IE's security zone settings), modifications of Windows shell and Explorer integration, and certain Registry keys and system areas (HOSTS file, for example). Would this increase amounts of FPs and prevent certain legitimate programs from operating (Windows Updates, SMS, etc.) if turned on at full force? Absolutely! But I, as an admin, should be able to specify these settings according to security policy we dhave in place, versus vendor limiting my ability in order to "protect me from myself". Again, I'm talking about enterprise model, for the home user you're 150% correct and they are perfectly happy with hands-off approach PrevX provided.
Just my thoughts..

 

How does PrevX do that?
I have the information that PrevX installs a file system filter, a Process Creation Notification callback and a handful of hooks to prevent processmanipulatation. So in my opinion PrevX is completely blind to most malicious bahavior.
It is a very powerfull cloud based AntiVirus product but i cant see any protection against a Targetted Attack.

 

Responded in the "Future Changes to Prevx" thread

 

Jop...