Prevx1 or Cyberhawk for behavior blocking?

Discussion in 'other anti-malware software' started by Monkey_Feces, Apr 5, 2007.

Thread Status:
Not open for further replies.
  1. Monkey_Feces

    Monkey_Feces Registered Member

    Joined:
    Aug 24, 2006
    Posts:
    52
    I know Prevx1 is comparable to CH with fulls HIPS functionality enabled. However, I'm really not up for the tedious task of identifiying thousands of false positives.

    Which one is better at detecting rootkits and other threats as compromised files run (prevx1 being in abc or pro mode)? If CH ends up being better off, just as I thought it might be, are there any free alternatives? CH causes noticeable slowdown on my system, while Prevx1 doesn't despite its common complaints.
     
  2. Monkey_Feces

    Monkey_Feces Registered Member

    Joined:
    Aug 24, 2006
    Posts:
    52
    From the lack of responses, I take it that I didn't phrase my question clearly.

    Very simply put, does prevx1 take compromised files on the whitelist into consideration. For example, if a backdoor has infected internet explorer, (which is on the whitelist by default) will Prevx1 take action or detect that the program exhibits behaviors caused by rootkits or keyloggers?

    I'm curious because Prevx1 in ABC mode simply allows all programs to run and I have never received an alert, while Cyberhawk has produced keylogging alerts. Granted, those alerts were false positives, but I felt that it was doing its job since it alerted to suspicious application behavior.
     
  3. Pedro

    Pedro Registered Member

    Joined:
    Nov 2, 2006
    Posts:
    3,502
    You have to understand certain topics tend to boredom. It's because we've been all over this. But don't take me wrong please, you don't have to know this.
    It has to run first, and Prevx1 will examine it. It will detect those changes, the only question is how long will it take to flag malware, or will it. But it does detect the change, as CH.
    That's because nothing wrong was detected with IE. Prevx1 compares IE with it's online database (or in this case, it will be on your local database also), using checksums (or whatever). If IE is different, the change is noticed. If not, Prevx1 will say nothing, because it's exactly as expected, or nothing malicious is found.
    Did you read the tutorial over at Prevx's site? It's a good and easy read. You should get the picture.

    In other words
    are not in the whitelist.

    About the FP's, the only ones i got were related to other security programs, and not the widely used. There are not many people running Prevx1 and using the latest Sophos Anti-Rootkit (one of my FP's).
    The other one was Punkbuster (game). This one is tricky too... and they are flagged automatically, without confirmation from a real person:)
    I think here Prevx1 has some work to do also. There is a way to smooth things, but i don't know if it's appropriate. Most people won't run what i run, for being here at wilders using the latest thing..
     
Thread Status:
Not open for further replies.