Prevx1 Database Quality

Installed Prevx1 last week and do like the product. Seems efficient, nice GUI and support is outstanding.

However the first day I installed it, it picks up a FP, although quickly sorted out via the support (now marked as a safe app). The FP was a exe which comes part of HP Protect Tools suite, which as it ships with a lot of their laptops and desktops, was quite surprising.

Currently testing new some security apps and so yesterday I downloaded some of the firewallleaktester.com apps. Yalta was picked up as bad and so was blocked from running. This also started from the 32 day trial timer.

Surely Yalta which is written by a firewall company specifically to test firewalls should not be marked as bad. Yes, granted, it isn't your average safe app, but it does not do any harm and it would not be possible for another app to pretend to be Yalta as that would be picked up too.

So, how are others finding Prevx1? I will probably drop a line to support again, but was interested in a few other views. Tempted to make a license purchase, but so far I don't have 100% confidence in the database.

 

I haven't used Prevx, but perhaps they also have a dedicated group for potentially unwanted / unsafe applications as we do.

 

Running a few more test apps at the moment and have just found out that some apps get flagged with a warning category. I would expect leaktest apps and others should come under this category and not under bad.

They do understand that these apps are demos as their description says
"Part of Malware group - DemoTrojan Leak Test"

I think I will drop them a line and see what they say.

I suppose it is better to be cautious from their point of view.

 

Just to relay my findings since i'm using the VT service daily to gather report generated as a prerequsite to uploading malware files to the MIRT malware listserve database.
http://www.castlecops.com/f269-Malware_Listserv.html

PrevX has performed well,a lot of files do get missed but then about half of my samples uploaded are new or emerging threats so like the rest new stuff gets through but recent stuff PrevX has been quite good at flagging.

It in my observations is certainly in the top half of the table for the malwares that i have been submitting.

So PrevX database gets the thumbs from me

 

I to have been using Prevx and have had a couple of false positives. One was using Pacific poker online and it found a dll file that was bad. In fact after a google search some other spyware had written about the file but after a suport e mail they looked in to the file and changed it to good.

I guess the more of us who use Prevx the better it will come. Sure the central heuristics will pick up the odd false positive on a new program but I think we as users just need to inform them (There is an option to double click on the item in jail- and when the webpage opens giving you description of malware you can click on the tag in the top right hand side of the page 'disagree'

I am also just had to e mail support to get my countimer reset as the false alarm has trigered my 32 days free blocking.

Overall I really like Prevx and it should really give protection on some 0 day threats but I have decided to use it on both my computers alongside AV software (Antivir PE on one and AOL Active Virus Sheild on the laptop)


Cheers

Jlo

 

Hi,folks: Prevx1 is a good product and will continue to perform its assigned duty as is designed for. Its database is a mirror to US Homeland Security's NO FLYER list, heavily depening upon informants' inputs. When databse is not at its best, good guys are singled out, putting into jail, corrections are followed, but often a step too late, sometimes a step too far. Prevx1 's concept is innovative, however flaws are built-in w/ it. F.P. is a norm and can be a daily occurance, no surprise. IMO, I would continue using it but with a raised guard. Have a nice day.

 

Hi,

When you see over 100,000 new programs per day coming into the Db its not supprising to see some false positives creep in especially where the bahaviours mimic malware.

While we continue to improve the rules and hueristics within the agent and Central Db we do welcome feedback from the Community to discuss and correct potential FPs.

PUP are widely disputed as to what constitutes a thread and what is harmless testing tool. We are interested in hearing from you on what you consider needs to change through the support channels.

If a trial is triggered due to a FPs then contact us at support and we will certainly reset any trials that have been triggered if we agree with the FP.

We do however believe we have one of the lowest FP rates of any security product.

Regards,

Prevx Support

 

Hello Stubbs100
Good to see you posting here.