Prevx1 Database Quality

Discussion in 'other anti-malware software' started by thecomputerbloke, Jan 7, 2007.

Thread Status:
Not open for further replies.
  1. thecomputerbloke

    thecomputerbloke Registered Member

    Joined:
    Jan 5, 2007
    Posts:
    5
    Location:
    West Midlands, UK
    Installed Prevx1 last week and do like the product. Seems efficient, nice GUI and support is outstanding.

    However the first day I installed it, it picks up a FP, although quickly sorted out via the support (now marked as a safe app). The FP was a exe which comes part of HP Protect Tools suite, which as it ships with a lot of their laptops and desktops, was quite surprising.

    Currently testing new some security apps and so yesterday I downloaded some of the firewallleaktester.com apps. Yalta was picked up as bad and so was blocked from running. This also started from the 32 day trial timer.

    Surely Yalta which is written by a firewall company specifically to test firewalls should not be marked as bad. Yes, granted, it isn't your average safe app, but it does not do any harm and it would not be possible for another app to pretend to be Yalta as that would be picked up too.

    So, how are others finding Prevx1? I will probably drop a line to support again, but was interested in a few other views. Tempted to make a license purchase, but so far I don't have 100% confidence in the database.
     
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    I haven't used Prevx, but perhaps they also have a dedicated group for potentially unwanted / unsafe applications as we do.
     
  3. thecomputerbloke

    thecomputerbloke Registered Member

    Joined:
    Jan 5, 2007
    Posts:
    5
    Location:
    West Midlands, UK
    Running a few more test apps at the moment and have just found out that some apps get flagged with a warning category. I would expect leaktest apps and others should come under this category and not under bad.

    They do understand that these apps are demos as their description says
    "Part of Malware group - DemoTrojan Leak Test"

    I think I will drop them a line and see what they say.

    I suppose it is better to be cautious from their point of view.
     
  4. fcukdat

    fcukdat Registered Member

    Joined:
    Feb 20, 2005
    Posts:
    569
    Location:
    England,UK
    Just to relay my findings since i'm using the VT service daily to gather report generated as a prerequsite to uploading malware files to the MIRT malware listserve database.
    http://www.castlecops.com/f269-Malware_Listserv.html

    PrevX has performed well,a lot of files do get missed but then about half of my samples uploaded are new or emerging threats so like the rest new stuff gets through but recent stuff PrevX has been quite good at flagging.

    It in my observations is certainly in the top half of the table for the malwares that i have been submitting.

    So PrevX database gets the thumbs from me:thumb:
     
  5. jlo

    jlo Registered Member

    Joined:
    Nov 29, 2004
    Posts:
    475
    Location:
    UK
    I to have been using Prevx and have had a couple of false positives. One was using Pacific poker online and it found a dll file that was bad. In fact after a google search some other spyware had written about the file but after a suport e mail they looked in to the file and changed it to good.

    I guess the more of us who use Prevx the better it will come. Sure the central heuristics will pick up the odd false positive on a new program but I think we as users just need to inform them (There is an option to double click on the item in jail- and when the webpage opens giving you description of malware you can click on the tag in the top right hand side of the page 'disagree'

    I am also just had to e mail support to get my countimer reset as the false alarm has trigered my 32 days free blocking.

    Overall I really like Prevx and it should really give protection on some 0 day threats but I have decided to use it on both my computers alongside AV software (Antivir PE on one and AOL Active Virus Sheild on the laptop)


    Cheers

    Jlo
     
  6. Perman

    Perman Registered Member

    Joined:
    Nov 23, 2005
    Posts:
    2,160
    Hi,folks: Prevx1 is a good product and will continue to perform its assigned duty as is designed for. Its database is a mirror to US Homeland Security's NO FLYER list, heavily depening upon informants' inputs. When databse is not at its best, good guys are singled out, putting into jail, corrections are followed, but often a step too late, sometimes a step too far. Prevx1 's concept is innovative, however flaws are built-in w/ it. F.P. is a norm and can be a daily occurance, no surprise. IMO, I would continue using it but with a raised guard. Have a nice day.
     
  7. stubbs100

    stubbs100 Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    17
    Hi,

    When you see over 100,000 new programs per day coming into the Db its not supprising to see some false positives creep in especially where the bahaviours mimic malware.

    While we continue to improve the rules and hueristics within the agent and Central Db we do welcome feedback from the Community to discuss and correct potential FPs.

    PUP are widely disputed as to what constitutes a thread and what is harmless testing tool. We are interested in hearing from you on what you consider needs to change through the support channels.

    If a trial is triggered due to a FPs then contact us at support and we will certainly reset any trials that have been triggered if we agree with the FP.

    We do however believe we have one of the lowest FP rates of any security product.

    Regards,

    Prevx Support
     
  8. Longboard

    Longboard Registered Member

    Joined:
    Oct 2, 2004
    Posts:
    3,187
    Location:
    Sydney, Australia
    Hello Stubbs100
    Good to see you posting here.
     
Thread Status:
Not open for further replies.