[Suggestion] Prevx

Discussion in 'Prevx Releases' started by m00nbl00d, Nov 25, 2010.

Thread Status:
Not open for further replies.
  1. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    Bear with me, for at the moment I have no system that I can look at, and confirm with 100% certainty that isn't already part of Prevx, but considering this (https://www.wilderssecurity.com/showpost.php?p=1787121&postcount=8)

    and the liberty I took to search Softpedia for Prevx screenshots, which I only found for SOL (http://www.softpedia.com/progScreenshots/Prevx-SafeOnline-Screenshot-143278.html), I'd assume that, at the moment, Prevx does not have the option to send a file to ask Prevx team to verify whether or not is false positive, correct?

    If I'm assuming it correctly, then it would be nice to have that option, IMO.
     
  2. shadek

    shadek Registered Member

    Joined:
    Feb 26, 2008
    Posts:
    2,363
    Location:
    Sweden
    When a file is detected, you can in the UI of Prevx right click and choose 'report this file as false positive'. I always assumed this alerted the devs of Prevx so they could look into it while at the same time put the file on 'ignore' locally. Can someone please confirm this? :)
     
  3. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,011
    Location:
    Ontario, Canada
    It's been suggested many times but they prefer to send a scan log to report@prevxresearch.com or you can upload the file to VirusTotal! And here is the screens shots of Prevx 3.0 http://info.prevx.com/help.asp

    TH
     
  4. shadek

    shadek Registered Member

    Joined:
    Feb 26, 2008
    Posts:
    2,363
    Location:
    Sweden
    What about right-clicking the detected file and mark it as 'false positive'? Does that just override the detection locally and not sending the information to the team behind Prevx?
     
  5. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,011
    Location:
    Ontario, Canada
    I'm pretty sure it does but Joe will confirm! ;) But any possible FP's that I have I always send a scan log to report@prevxresearch.com

    TH
     
  6. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    Thanks! I was at that page yesterday, looking for some other info, and I totally forgot there were screenshots there! :D

    -Edit-

    I also just found them at Softpedia. Odd, when I search for Prevx, only Safe Online appears in the results. I searched Prevx 3, and Prevx also appeared. :)

    This image (http://www.softpedia.com/screenshots/Prevx-CSI-Free-Malware-Scanner_2.png) does show the option to report as a false positive when right-clicking.
     
    Last edited: Nov 25, 2010
  7. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,011
    Location:
    Ontario, Canada
    The thing is it could be abused by malware writers so when you mark it as a false positive it still has to be checked by a Prevx malware engineer to make sure it's a FP or true malware IMO!

    TH
     
  8. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    It both overrides the detection locally and it sends the report to our research team. Files aren't change automatically centrally, however, as malware authors do tend to try to abuse the system, so there is a manual process involved to correct possible FPs. Because of this, it is sometimes faster to send a scan log in as we can be much more certain that it is a human doing a legitimate action :)
     
  9. shadek

    shadek Registered Member

    Joined:
    Feb 26, 2008
    Posts:
    2,363
    Location:
    Sweden

    Thanks. :) Then I'll continue using the built-in-feature as I rarely encounter false positives.
     
  10. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    I'll just make use of this thread, considering the title is very wide open to suggestions. :D

    I don't exactly remember where I've seen it, nor if it was strictly regarding Prevx, but it made me think about it, and specially regarding Prevx.

    My suggestion means to reflect the protection Prevx could provide when the user is offline.

    I was wondering what do you guys think of implementing a behavior analyzer? This protection could be provided by checking processes behaviors against a list of known malicious behaviors. (No annoying alerts like HIPS. Simply check the behaviors processes are having and if a match is found to one of those that are known to be malicious, then block the process. Obviously, a white-list would be needed for legitimate processes.)

    Well, for now is all I can think of... It's already 3 A.M and I'm sleepy!

    Feel free to enhance this suggestion!
     
  11. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,011
    Location:
    Ontario, Canada
    V4 will have some offline protection and we are all waiting patiently to see what Prevx comes up with! :D

    TH
     
  12. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    That's great!

    I hope it will be something within the line of what I mentioned. ;)
     
Thread Status:
Not open for further replies.