We are testing an Enterprise version of PrevX and have been busy putting it to test. Results, sadly, are disappointing. Out of 5 test machines, two were succesfully infected and continued to remain infected until remote session from PrevX support was established and infections were removed manually. The failure remains the inability (or unwillingness) of PrevX behavior detection engine to identify malicious behavior, and this has been discussed in other threads by myself and others. PrevX is marketed as advanced behavioral detection engine but so far it failed to detect the most trivial malicious behavior we observed in our tests. Consider the following (REAL) scenario - file downloaded and executed, it's a true 0-day and PrevX has no signature for it and lets it run. - file registers itself in all Autorun locations - file integrates in Windows shell - file installs BHO in IE and makes a host of other changes, like modifiying IE security settings, changing search page and installing its own rogue proxy - file installs its own versions in SystemRestore and other Windows locations to prevent easy removal and detection - its dependencies execute on each boot and download existing and new versions from hosts in China None of the above is detected by PrevX behavior-based detection engine. PrevX detects that some of the files being pulled from Chinese web servers are malware and blocks it, and have caught the initial install EXE after it was submitted to PrevX, but upon every reboot system gets infected again and again. PrevX scans and bluescreens it on every startup as it can't clean all infections in real time, but behavioral engine -- the core component that should've prevented this in a first place! -- is siltently allowing system to get reinfected on every conseqcuitive boot. I was very excited about PrevX at first, especially after 175+ pages of nothing but praises here on WS. We were looking for an enterprise solution that had an intelligent behavioral detection engine, and it looked like PrevX would fit the bill, despite minor bugs and overall "beta-like" feel of the enterprise console. However, our tests showed that unless there's a way to tune behavior detection engine settings to suit our needs, PrevX is nothing but a lightweight cloud-based antivirus. I'm really hoping PrevX would reconsider their "fits all" approach and give its customers the ability to decide what's best for them, versus "protecting them from themselves", because as it stands right now I see no use of PrevX in our enterprise.