small Prevx 3.0 RC test, perfect score!

Discussion in 'other anti-malware software' started by ako, Sep 8, 2009.

Thread Status:
Not open for further replies.
  1. ako

    ako Registered Member

    Joined:
    Nov 16, 2006
    Posts:
    627
    I did a small test. I installed Winpatrol and Prevx 3.0 RC. Then I started running 15 nasty malwares and exploits (flash,pdf). Prevx blocked all of them! Some were blocked with the new Web filter, some with heuristics. Winpatrol had nothing to do (only some active-x files were warned of). Cool! :thumb:
     

    Attached Files:

  2. ako

    ako Registered Member

    Joined:
    Nov 16, 2006
    Posts:
    627
    Two more figures. I didn't remove anything during infections. Here is scan of all infections.
     

    Attached Files:

  3. raven211

    raven211 Registered Member

    Joined:
    May 4, 2005
    Posts:
    2,567
    A question for Joe (or the staff :p)... with these "Caution" detections implemented, can one set Prevx to automatic operation (automatically block found threats) and will still be prompted on things like Community.Edge, etc.?


    For Ako... :

    1. You mentioned getting prompted on some Active X-files - what about them? I'm thinking about why that "slipped through" or something... did it pose any threat or what? :)

    2. Was this test performed with a complete default installation? (No alteration to heuristics, including population, etc.)
     
  4. ako

    ako Registered Member

    Joined:
    Nov 16, 2006
    Posts:
    627
    2. Maximum heuristics, that's what I'm using.
    1. I think the files are installed, but not run without permission. Right?. Most of them SEEM legitimate.
     

    Attached Files:

    Last edited: Sep 8, 2009
  5. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    It's likely that the files were copied into the system but probably were not allowed to load. If they are indeed legitimate (and nothing jumps out but filenames don't really mean much) and were installed "accidentally" when malware infected the system (i.e. if a page required a plugin), Prevx would still allow them to function.

    One other semi-interesting technique which "might" be the case is the malware could be installing legitimate, but older, exploitable components of legitimate software. I've seen this a couple times but it is relatively rare (although interesting by itself :))
     
  6. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    Yes, the automatic answering affects only "hard" bads. Caution detections will still trigger a prompt unless you tick both "Automatically remove blocked files" and "Automatically block files when detected without prompting".
     
  7. dawgg

    dawgg Registered Member

    Joined:
    Jun 18, 2006
    Posts:
    817
    Clever - yet somehow also a little cheeky
     
Loading...
Thread Status:
Not open for further replies.