Prevx needs better Detection Overrides

Discussion in 'Prevx Releases' started by pajenn, Dec 23, 2010.

Thread Status:
Not open for further replies.
  1. pajenn

    pajenn Registered Member

    Joined:
    Oct 26, 2009
    Posts:
    930
    First, I'm very thankful for Prevx's excellent free version and I hope they continue to provide it forever. I'm posting my issue with Detection Overrides as a feature request or suggestion for future versions.

    Issues or suggestions:
    1. Even though programs (parent folder) is added to Detection Overrides, I still see Prevx's 'Authenticating Files' screen pop up when I load some of these applications the first time after reboot. I suspect the authentication process slows down the launch of programs that load lots of files.

    2. I'd like the Detection Overrides list to be displayed alphabetically, or at least to allow the user to sort it by path by clicking the File Name field as in windows explorer.

    3. I'd like it to show deleted folders in a different color (so the user would notice and remove them).

    4. I'd to be able to export/import the Detection Overrides list for use if the user removes and then re-installs Prevx. Also, the ability to copy/paste folder paths into Detection Overrides would be helpful. (Adding them individually by browsing to each folder's location is slow.)
     
  2. treehouse786

    treehouse786 Registered Member

    Joined:
    Jun 6, 2010
    Posts:
    1,388
    Location:
    Lancashire
    yes number 1 is so annoying, i dont want to scan my steam folder in real-time but there is no way of stopping it. o_O??
     
  3. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    If you send a scan log to report@prevxresearch.com by clicking Tools - Save Scan Results, we can whitelist the components on your system to prevent them from being scanned. Detection Overrides is only that - overrides for detection, and does not prevent Prevx from scanning the folders. Prevx still scans and monitors the folders under detection overrides to ensure that no malware can completely bypass Prevx's monitoring.
     
  4. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,011
    Location:
    Ontario, Canada
    That's good to know Thanks! :thumb:

    TH
     
  5. pajenn

    pajenn Registered Member

    Joined:
    Oct 26, 2009
    Posts:
    930
    will do - but it'll be a few days because I uninstalled Prevx (and manually removed all file and registry references to it including the drivers). I want to do a clean install of the facebook version of SOL (previously I was using Prevx without SOL), but I want to test IObit's new Malware Fighter first for a few days.

    in terms of annoying and repeated authentications, I remember Virtual CD (v10) startups were slowed and Privatefirewall (v7) took longer to load at startup than without Prevx. My right-click context menu, which is full of third-party apps, was also slower to appear on the initial right-click; I remember FileMenuTools.dll got authenticated repeatedly. In terms of big programs that I use, Mathematica (v8 ) always got authenticated which is annoying since I use it daily. GIMP (portable version) authentication was also pretty bad, although I rarely used it. (then again, try loading GIMP for the first time with privatefirewall (with process monitor on high) and it gives you about a 100 popups...)

    anyway, I'll send the log later.

    Question: After I install SafeOnline (facebook version), should I also install Prevx (free), or is it just one or the other?
     
  6. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    It is the same product so you can install either of them but the facebook version will give you SafeOnline functionality for free.
     
  7. iNsuRRecTioN

    iNsuRRecTioN Registered Member

    Joined:
    Sep 5, 2003
    Posts:
    303
    Location:
    Germany
    Hi joe,

    if you bought a license for PrevX than this should be available within the application itself (automatically or manual with a button) to allow submitting the log to the staff to whitelist the files, without the need to send emails with webmail or an email client.. :)

    This would be a nice feature addon and a nice customer service :shifty: :p

    regards,

    iNsuRRecTiON
     
  8. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    It already is :) If you right click on a file in the interface and click 'Report as a false positive' it will send it to us, or if you use Detection Overrides, it will automatically report it to us. However, some users like a personal response so we offer our email address as well :)
     
  9. iNsuRRecTioN

    iNsuRRecTioN Registered Member

    Joined:
    Sep 5, 2003
    Posts:
    303
    Location:
    Germany
    Hi joe,

    yes I know that, but it is not asap, not really fast.

    I have already reported some fp this way, but after 6 weeks, nothing happens.

    If I send it to your email address, then this is fixed in 3 days or so..

    It should fixed in 3 days within the userinterface in Prevx, too.

    regards,

    iNsuRRecTiON
     
  10. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    If it is taking that long, that would mean that no other user has seen that file - if it is reported twice across our community from within the product, it is immediately put infront of our researchers. We can't prioritize this after a single submission because of the substantial volume of malware authors who try to get their creations whitelisted. Sending an email shouldn't take three days either (as long as the email wasn't sent to a spam folder, our average time-to-fix is 20 minutes).
     
  11. iNsuRRecTioN

    iNsuRRecTioN Registered Member

    Joined:
    Sep 5, 2003
    Posts:
    303
    Location:
    Germany
    Hi joe,

    ok, understand, but you can inhibit that by allowing that only for registered users (with license), malware authors don't pay for your app in order to bypass this..

    So user with no license everything behaves the same as it is now and they get no priority if only ONE user send the file as fp..

    But users with an license get priority on the fp send within the prevx app, even if only ONE user send it..!

    Now I hope you understand what I mean, joe ;) :p

    regards,

    iNsuRRecTiON
     
  12. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    You'd be surprised... they actually do, and in rather surprising volumes, which is why we can't offer this separately :doubt:
     
Thread Status:
Not open for further replies.