Prevx Scheduler Scan Time

I recently purchased Prevx and am very happy with the product. The only issue I'm having is with my scheduled scan time. It seems to start the scan over a half hour late than scheduled. To test this, I set it to scan at 5:00 PM today and it didn't start until 5:50 PM. Just curious if this was normal behavior and why there was a delay. Does Prevx use my computers time or some other server's time perhaps? Anyway, thanks for the help!

 

Xanthos,

In the Scan Scheduler window there is an option; "Start the scan exactly at the scheduled time (may cause a delay on a large network)"

Is that option checked?

 

It's not, I'm guessing that's the reason for the delays?

 

Yes exactly. See: https://www.wilderssecurity.com/showpost.php?p=1369921&postcount=1139

 

Thank you for your help. I searched the forums first but couldn't find anything like that.

 

ctrlaltdelete is just very skilled at finding obscure posts

Let me know if you have any other questions!

 

Wow, it's the famous PrevxHelp! Your light footprint, software philosophy and great user support really sold me on the product. Well, the high malware detection and removal capabilities didn't hurt either. Keep up the good work guys!

 

Thanks!

 

What services and startup files does Prevx use? I try to keep these very clean and I accidentally disabled Prevx. I re-enabled the CSIScanner service and things seem to working normally. Is there anything else I need to turn back on?

Nice job on this recent test by the way. http://www.youtube.com/watch?v=h7_BxCPcXuE&feature=player_profilepage

 

Just uninstall and install again I'd suggest. Sorry ... can't help you here and I want to get to another point:

Yes .. BUT .. you have to know what cranking up the heuristic etc. in Prevx MEANS practically: To my knowledge (which I gathered from reading this forum) it is then pretty much suspicious of (almost) everything and this setting is for a reason not recommended if you don't want to have much more false positives (while installing lots of - maybe new - software) than with the default options if I am not wrong. And if I am ... PrevxHelp will certainly correct me ASAP.

This is another reason why you can't just max out some settings and then 'test' stuff before putting it online at youtube: sometimes it can be very misleading if you don't know what you are doing. - Max isn't always the best!

No one of you guys here could stand max-protected Prevx I guess if you install as many software as - let's say - trjam etc.- Those warnings (notice: more likely than any malware ) would probably kill you or your trust in Prevx.

I won't say anything else to that video of Bradtech because I didn't watch it to the end and he also probably needs some rest right now.

 

Yes, this is correct (although his detections weren't maximum-heuristic-based )

 

See .. this is always some kind of mystery for me learning what exactly and why Prevx found something. - I think Prevx doesn't give the malware 'names' like other vendors do but has it's own classes/wording (high risk cloaked malware etc.).

Don't know, maybe something like this is already existing here or on your homepage, but I would be really glad to come to know about all possible Prevx 'classes' and what it means in detail in sort of a comprehensive listing.
Could anyone direct me to such a listing if there is one? - Thanks a lot.

And maybe a feature request for later versions: would be nice if one could learn more about the found malware (it's class, what triggered it's detection, how sure Prevx is about determination etc.) maybe hoovering with the mouse over the delinquent or in another way that doesn't involve surfing the net! - I feel always there is not enough information in that situation at hand when all is going red as the windows are really very small and nothing to see so to speak.

 

This is correct We decided a few years ago that introducing yet another naming scheme into the mix would just be a headache, so we diluted our names and just use simple groups like "Fraudulent Security Program".

I'm not sure if this has all of them, but it does have most: http://www.prevx.com/avgraph/1/AVG.html

If you double click the entry in, it will open up the Prevx information page on the file/detection

 

That is fine of course but you see the problem: If another vendor says 'Trojan XYZ123' you know then it has detected it as something that has a 'name'. It's then a 'real' danger so to speak, known, analyzed, identified on my system.

If you put there only a vague description to what group this malware belongs (for example 'malware dropper') then the user (like me ) is wondering if this is really something XYZ123 ... is it identified or just a suspicion?

Suspicious are all AV programs and there is always the risk of having a fp at hand. - For me it's important to know: This *IS* malware XYZ123, no doubt about it, no guessing, no heuristic idea!

Is there a way for us Prevx users to see if a detection is 'certain' (XYZ123) or if it just is a suspicion? Something in the wording maybe?

I really wish this would be more clear. Other vendors don't have this problem. If they say 'Possible variant of trojan XYZ123' then I at least think how to put this in a picture.

And I know your malware information center, but I a) don't get there this information (see above) and b) have to surf the internet. I would prefer to have a popup with the most important infos to judge if Prevx is SURE about this being a - former analyzed and identified - malware (the name thing).

You see ... it has it's pros to give the bad things a name.

Thank you!

 

In some cases, yes, but in others it just muddies the water. The core reason why we don't try and find names for detections is that we don't have "normal" signatures like your average AV does so we don't say that X file is Y threat. We have some idea of what family it belongs to, but there is so much overlap in families today that it becomes a difficult/impossible to try and accurately discern what type of threat is the more important type to describe (i.e. if something spreads via email it would be an email worm but if it then also steals account details it would be a banking trojan but if it infects files it would be a file infector.... and there are many threats which do all of this )

Our detection is not a conventional blacklist so we only know that the threat is a file infector/fraudulent security program/backdoor/etc. but in most cases we don't know/care what exact group it is as that just requires manual labor or unnecessary overhead to correlate.

If you have any doubts, you can just upload a file to VirusTotal and see what the other vendors have for their names Or, you can view information on our detection by double clicking the file in the Prevx GUI which opens up our page on that specific file showing details on our detection.

 

O.K. - and in that video I believe I saw the wording 'possible threat'. - So there sometimes seems to be the hint that Prevx isn't always 100 % sure (just suspicion/heuristic) which I couldn't believe anyway.

And holding this sure/unsure thing apart is my main question and the reason for torturing you here!

Regarding virustotal: at least one vendor has always something to nag about a file! - In some cases it is really no help at all to check things with virustotal. If you watch this for a time then you know that there are vendors that say 'malware!' to EVERY file just to be safe or because they have very poor heuristic detection. - If 66 % are saying 'this is baaaad!' then I don't touch the file of course, but the problem is .. what to do if only 3 or 4 vendors find something (sometimes incl. Prevx)? Are all the others wrong? Really? - Or is this fp?

However .. it's always interesting how Prevx is so different from the other (old school) av solutions. - Thanks for the information and your patience!

 

That is very true And there are many inverted cases as well: I've seen a number of FPs where 25+ vendors on VT detect the file but it is legitimate (NirSoft utilities are one popular case).

It's a balance, but if you want to see the name of a threat by researching from other vendors, VirusTotal is useful. Viewing Prevx information on a file is as easy as just double clicking on the entry