What's up EraserHW and Prevxhelp is there an issue in this forum?

Discussion in 'Prevx Releases' started by overangry, Feb 5, 2011.

Thread Status:
Not open for further replies.
  1. overangry

    overangry Registered Member

    Joined:
    Apr 4, 2009
    Posts:
    309
    Will you kindly let me know why you closed my thread?

    https://www.wilderssecurity.com/showpost.php?p=1823558&postcount=1

    QUOTE:
    "I reported it as a false positive and sent the scan log to Prevx as required"

    To start off with, if you had taken the time to read the post you would have realized I wasn't reporting a false positive.
    IT WAS NEVER ABOUT THIS OBVIOUS FALSE POSITIVE:mad:

    The above, also goes for you Triple Helix

    EraserHW, I have taken the time to post in this forum, what I believe are legitimate questions of which you chose to answer none.
    Is there a reason, why you have chosen to deny me any support in this forumo_O

    WHAT'S WRONG WITH PREVX THESE DAYSo_O o_O o_O

    I may be wrong, but I assumed this was the official support forum for the product I purchased.
    If I have questions regarding prevx should I be posting on the WebRoot forum?:doubt:

    Would you please post a link of the correct forum, one that offers professional and qualified assistance on issues regarding Prevx.

    I have self edited/censored my post, as not to offend any Prevx moderators in the attached file, if you prefer it this way:ninja:

    Thank you
     

    Attached Files:

  2. pabrate

    pabrate Registered Member

    Joined:
    Jan 21, 2010
    Posts:
    685
    I must agree with you, this whole thing with preventing FP reports is something I never seen for other products.
    If there is any other vendor who doesn't like reporting FPs at their official forum please let me know.
     
  3. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    I'm sorry for the confusion. It is our policy on this forum to not have false positives or detection related questions asked because no one from our research team checks it. We strongly recommend that people write into our customer support inbox or email us if needed to report@prevxresearch.com as that is where the research team monitors.


    To answer your questions - I suspect it was just confusion. The PX5s you have underlined are indeed exactly the same: the only difference is the identifier on the left (B vs NF). "NF" refers to the file having been overridden and reported as a false positive, so it will no longer be detected locally. It isn't considered a previous infection in this case as it is completely changed to a trusted file.

    The file may still be detected as NF locally to you but it is now G (good) in our central database as we've corrected it.

    I'm sorry again for the confusion but it is simply far easier to attempt to normalize what gets posted where. At the moment, users ask for support through our support inbox (where our entire support staff of several dozen people check on a constant basis), report@prevxresearch.com where some of our research team check frequently, this forum (where myself and sometimes EraserHW check), or PMs to me (where obviously I only check :)).

    Several users post to every one of these places and it creates significant confusion so trying to "mandate" that research inquiries go to our support inbox/report@prevxresearch.com is intended to keep this forum product related rather than research related to prevent fragmentation of resources.
     
  4. guest

    guest Guest

    Saw another locked thread. :thumbd: So it's clearly not about mandating to use your inbox but avoiding discussions about Prevx failing all the time in terms of false positives. But see Joe, you can't sweep that under the rug anymore! People are finally realizing that Prevx is not as reliable in it's verdict as hoped and they want to talk about this fact here on Prevx' official forum.

    But you try to shut them down instead of actually DOING something about the real problem here: that is not the customer btw but too much false positives!

    And believe me (and all the others) .. that IS product related!

    You should start your research why your cloud database so often identifies harmless software as malware and change that. And it's no excuse at all if some software is only used by very few people. Other av-solutions have no problem with this scenario and they are your competition, right?

    You can't tell your customers it's HIGH RISK MALWARE if it isn't! Okay, you can and you obviously do but my point is ... if you continue to do so you shouldn't be surprised if some people including me categorize Prevx3 as that what it is (too often): SCAREWARE. :p

    Sorry, I just HATE :mad: that you (or more often your over eagerly deputy sheriff) are closing threads here all the time when it comes to false positives and are hiding behind an obscure 'policy'. That doesn't help at all! Not the customers which want to talk about what's bothering them and not your company. Closing threads has a very negative connotation, you know? - Well, now you do! :cool:

    But I give you that: your justification ('prevent fragmentation of resources') was really funny :D like the last time where according to you wilders people were using 'odd programs' and with that being the cause for Prevx being wrong! :D
     
  5. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    No one's trying to sweep anything under the rug. I'm closing threads, not deleting them - every thread that people want to post here still exists and will exist, so, if people really are that adamant about posting FPs to this forum, they can. However, our research team does not check this forum so the FPs won't get fixed for some time if they're posted here - I'm merely trying to ensure that people get helped as quickly as possible... why would people want to send a message to the wrong people? o_O

    For example, we also don't field sales inquiries, questions from banks about SafeOnline, or Enterprise questions as we have teams of people dedicated to those areas.

    No, that's not the cause - the cause is still actual false positives on our end which have been corrected. However, Wilders users do tend to not use conventional software and enjoy testing odd software - you can't deny that ;)
     
    Last edited: Feb 6, 2011
  6. Jeroen1000

    Jeroen1000 Registered Member

    Joined:
    Aug 18, 2008
    Posts:
    162
    I feel compelled to chime in here. Although PrevX may have a problem with false positives, you must take some things into consideration (these are my personal thoughts about it):

    - I would rather see some false positives than a virus slip by.
    - Not naming any vendors but this one comes from experience, PrevX is very fast a both detecting new virusses and fixing FP's.

    I believe FP's are some kind of by-product of how PrevX operates. Given the above points I'm very willing to live with that but would welcome any improvement in said area.

    I'm haven't experienced many FP's though, so that is still way below my 'being-annoyed' meter.
     
  7. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,014
    Location:
    Ontario, Canada
    The thread was going on down the False Positive route so I closed it but left it up-to the Prevx Mods to reopen if they wanted to so I was just doing my job sorry that you took offense to it! :( https://www.wilderssecurity.com/showpost.php?p=1823593&postcount=5

    Best Regards,

    TH
     
  8. Baldrick

    Baldrick Registered Member

    Joined:
    May 11, 2002
    Posts:
    2,301
    Location:
    South Wales, UK
    For what it is worth I completely agreed with what Jeroen1000 has posted.

    FPs are a minor inconvenience (as and when they happen which is not often in my case) when compared to letting something nasty slip through. And in my experience any that are reported by the requested method are resolved extremely quickly.

    :thumb:
     
  9. TonyW

    TonyW Registered Member

    Joined:
    Oct 12, 2005
    Posts:
    2,635
    Location:
    UK
    I'm a Wilders user, but rarely see any FPs probably because I'm the opposite to what you've just said - I tend not to test the not-as-well known software. This is why when you see the FP reports given by testing organisations, they often list some very unusual packages, and it seems to be those sort of files that are flagged. In most cases I've never heard of them, let alone have them on my system.

    As for reporting FPs, I think the way in which Prevx asks users to do this is actually the better way. It should get the issue sorted quickly and quietly in the background. With other anti-malware programs I have used over the years, I have done exactly the same thing: if ever there was a problem, I've emailed them directly about it and sometimes we have had dialogue over it, but in the end, it gets resolved for everyone's benefit. The email address is there to be used.
     
  10. iNsuRRecTioN

    iNsuRRecTioN Registered Member

    Joined:
    Sep 5, 2003
    Posts:
    303
    Location:
    Germany
    Hi there,

    I must guest support here, because he is right.

    It's wrong to claim something HIGH RISK MALWARE if it is detected by your heuristic, etc.

    You should really rename that into something that don't shock the customer with something like that, even if that is maybe a fp.

    It should be a more descriptive text. More detailed and an hint, that it could be a fp..

    I hope this will be improved in Prevx4..

    regards,

    iNsuRRecTiON
     
  11. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    The malware group classification takes place automatically and Prevx is entirely heuristic based. Many of our rules catch hundreds of thousands of threats from a variety of infections but if they also catch a legitimate program, it will be classified under the same rule/grouping. We don't create individual signatures that manually group samples - false positive only occur when a program exhibits behavior similar to an existing rule. As we add new rules or watch existing ones, we are aware of what will be caught by each rule but some stray applications can potentially be caught erroneously if they are obscure or have suspicious behavior.
     
  12. Dermot7

    Dermot7 Registered Member

    Joined:
    Dec 20, 2009
    Posts:
    3,196
    Location:
    Surrey, England.
    I believe there are two distinct intentions evident in this thread......
    1. Some members determination to associate Prevx with excessive FPs.
    and 2. Joe's (and Prevx's) desire to fix any FPs which occur, in the most
    efficient, effective and prompt way.

    No one can deny that all AVs have FPs from time to time, some more than
    others, but I really don't think that nowadays Prevx has all that many. It's
    also easy to Rclick on detection and "report as a false positive" when you
    know file is ok.
     
  13. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    2,564
    Hi Joe,

    Without trying to take a stand pro or contra posting FP's for the moment, the question might be why the research team doesn't check this forum. There could be a special "false positives" sub-forum. Folks could post there a possible FP. Others can check it if they might get the same. And it could get a "fixed" when needed.

    Anyway, I don't want to interrupt further, just a thought.
     
  14. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    5,829
    Location:
    Last Breath Farm
    Someone said most support forums have false positive threads.
    I agree.
    If there are people with agendas who want to make Prevx look like it has lots of false positives, there is really no stopping that behavior. I can only hope that is not the driving force behind not allowing such FP reporting here in this forum.

    Why I favor the reporting of false positives here on this forum is because it gives us a venue. It gives us an opportunity to see if others have come across the same thing. Or not. It helps us to get a sense of the magnitude of the FP. About a year ago, I started a thread about a pretty funky avast false positve that was not only widespread, but it was causing lots of hardships on people's computers. The thread served as a terrific reference point, where Wilders members could touch base on what was happening and what should/could be done in the face of such weirdness. If someone had closed that thread down prematurely, alot of people would have been left in the dark, and there would have been less damage control.

    So a FP sub-forum can be a huge benefit.

    Maybe for Prevx, it is not the preferred method of reporting, but for Wilders members (and forum members all over the internet) it is certainly a preferred way of communicating a possible issue.
     
  15. guest

    guest Guest

    Just to be clear here, I am *not* one of those! (Yes I know you didn't call me one. ;)) - Honestly, I am telling you only things that really happened to me as I am not a liar. Ever. And Joe does know very well how often I emailed false positives in the last years and that I am *not* fantasizing over that. ;)

    But see .. much more often than that due to laziness :D I marked them just on my system internally (mumbling something like "oh great, another fp!" ;)), not reporting them by email. The latter is only important to me if relatives are involved with the same false positively identified program and immediate action of Prevx is required. So that they don't collapse because of fear of bankruptcy! :D

    And so that you see I am really honest - and that always! - I will tell you here, that Prevx *really* (if nothing goes wrong) is HYPER-FAST in responding to FP's and that generally the support of the never sleeping guy calling himself ... Jacques / Joe / PrevxHelp etc .... ;) is OUTSTANDING and for sure UNMATCHED anywhere!

    I am using Avira (and really like it), but I have to say their support when a customer is having FP's is TERRIBLE .. ahm .. if even present!? :thumbd: At least that's my experience with this very big corporation, YMMV. :) - Luckily I have not very often problems with them (and so far never with legit, normal programs) so that isn't bothering me much. - I don't want to compare things here as it isn't allowed but it was important to me to prove that I am not some guy with an agenda against Prevx. If I wouldn't like this product and hope for some improvement in the future (regarding FP's) I wouldn't waste all my time here and back then with beta testing, right? ;)

    If it's not then their policy should be changed and the topic of 'rug sweeping' would be off the table for good.

    THANKS, you said it better than I ever could! :thumb:

    BUT .. ;) .. problem could be this thing: posting VT links is forbidden on wilders. :( And in the past I emailed them always links of VT, Jotti, Virscan ... to prove that it *really* was a false positive. Very often it was more than obvious in case Prevx was the only vendor (of 4x) classifying something as malware. ;)

    So I see a problem here with forum policy, but maybe this can be solved somehow?- I would think it would be really great and appreciated by wilders members if false positives would be handled in front of the 'curtain' and not behind. Certainly the bold confidence of Joe for Prevx having no FP-problem at all shouldn't be an obstacle!? :D

    Come on .. :) .. at least threads shouldn't no longer be closed that by intention are NOT about FIXING the false positive but only about TALKING here that it happened and that it is a real PITA! :cool: - I tried that in the past but deputy sheriff *g* has a very fast colt! ;-) - But what is happening then? As you can see rage is growing if people are 'censored' (yes I know, closing is not deleting, but really only gradually better ;)).

    Enough said :p and sorry for fragmenting the resources of this forum *again*! ^^
    (I am already told I have to much pictures in my post! *LOL*)

    p.s. Aah .. one last thing *gg* .. is v4 maybe optimized for SSD's, you know, writing as less and seldom as possible to system disk? - See I am all about constructive criticism! *textsmile*
     
  16. TonyW

    TonyW Registered Member

    Joined:
    Oct 12, 2005
    Posts:
    2,635
    Location:
    UK
    I wouldn't rely totally on VT scans as they often use much older engines and cannot be compared favourably with using the full product version. In any case, if a vendor is the only program to mark something as malware or whatever, and you believe it is a FP, the easiest way is to contact them directly. There's no need to clutter a forum with post upon post about such FPs. (Don't forget higher settings may result in FPs - users on default settings rarely encounter such issues, and this goes for most AV vendors.)

    If there is to be a sub-forum for such things, I'd hope it would be used sensibly. However, my gut reaction is that since an email address has been provided specifically for such reporting, I do wonder about the merits of having a forum specifically for this topic. If the Prevx researchers don't monitor this forum as Joe says then it'll be more work for Joe, and we don't want that surely.
     
  17. Rivalen

    Rivalen Registered Member

    Joined:
    Oct 18, 2005
    Posts:
    413
    Any vendor would prefer if problems where solved over e-mail. That would mean that only two parties would know there was a problem and the third party . possibly an interested new customer - would not know about the problem.

    So a forum where we can discuss everything and ask all kinds of questions is a window towards the market and also a possibility for potential customers to see whats up.

    If we can discuss everything except false positives that would indicate to me that false positives is a problem for Prevx. If that conclusion is wrong - why not open an FP-forum and lets see what happens and also see to it that your people monitors it.

    I have been so impressed with the grade of customer service provided at this forum, but about FPs - I would try another route than closing down and saying lets handle this "between four eyes" over email.

    Best Regards
     
  18. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    I do have to disagree with the value of having a separate FP forum. While we could change the policy here, I don't see the value - AVs have to ship out another update which could take hours/days and in that time, it is extremely useful to have a forum to allow users to be aware of current FPs. However, with Prevx, all that we have to do is click one button and the FP on every agent is immediately fixed.

    There simply isn't the need for discussion about them and the time required to fix is so low that it would take longer to make a post in the forum than it would to just fix the FP.

    I'm not trying to censor FPs - you'll note that periodically users do post here about FPs and I do not delete the threads, merely close them. I cannot do anything to prevent users from posting here and I do not desire to do so.

    The level of users posting threads here about FPs is about the same as the level of FPs reported to report@prevxresearch.com. There are indeed more sent to us via our support inbox but our research team is automatically notified when one is written in and can fix it extremely quickly.

    We did have a FP thread here before but it only resulted in bashing because users set their heuristic settings to Maximum and then complained :doubt: While we have reduced our FPs substantially, I do still have to say that we do not have a FP problem: we know exactly how many clients are shown a detection, exactly how many choose to ignore that detection, and exactly how many choose to clean up that file. It's much more likely that we'd find a FP over an uncommon application but that is the case with any security product. In guest's case, most of his FP complaints were about an application called CleanMem which accesses RAM at the raw level - Prevx has a rule which will condemn any application which does exactly that as it is highly suspicious. There are always exceptions to the rule and there will always be false positives regardless of what AV you use (my favorite is a FP we had over a commandline-based mass-mailing tool that runs on bootup :)).

    So, in summary, I agree that a conventional AV would benefit from a FP forum but I simply do not see the value with Prevx having one, especially considering that we already have five different ways to submit a FP :) (clicking Report as a false positive within the product, not cleaning up a file when it was selected to be cleaned, sending an email to report@prevxresearch.com, sending me a PM, or writing into our support inbox).
     
  19. Baldrick

    Baldrick Registered Member

    Joined:
    May 11, 2002
    Posts:
    2,301
    Location:
    South Wales, UK
    Hi Joe

    I have always thought that a good way of reporting an FP would be, as an option when the item is highlighted as a potential threat, to have an option to report the item as an FP, i.e., right click option, that send the details back to base for analysis. However, I appreciate that to add functionality to do this would increase the size of Prevx which I know you are trying to keep to as small a footprint as possible...which is to be applauded.

    So, what about adding a right click option that takes the user directly to the Prevx website, together with some basic details about the item in question and then provides functionality on the website to browse the local computer for the file in question and allow it, as a user option, to be uploaded over an https connection?

    Not really an expert in this area and so am probably going to generate all sorts of 'why this cannot be done', etc., but such a direct link might remove the issue raised in this thread, i.e., where/how to report FPs.

    Just a thought...for what it is worth...and just in case it has not been considered before. :D
     
  20. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    This is already in place :) If you right click on any item in the Prevx GUI, it will show an option: "Report as a false positive". Additionally, you can double click on the item in the list and it will open a webpage with details on the file, where you can submit further feedback... so there are actually 6 ways of reporting a false positive currently :)
     
  21. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    5,829
    Location:
    Last Breath Farm
    First of all, it's a big plus just having a contact like you who we can bounce ideas, opinions and rants off of. Not too many other vendors have someone this available.

    I will say that, despite being very much in favor of you allowing users to report and discuss FPs, I am not upset or angry with the way things are. On the contrary, it all does seem to work okay, and I don't get very many FPs with Prevx.

    After not using Prevx for some months, I recently reinstalled it on my machines about 12 days ago. In that time I have received one FP... I think it was yesterday... on a somewhat obscure version of Eraser. I wasn't certain that it was a FP, but I clicked on Trust Once, and ran a scan, and after that, Prevx never said another word, even when I downloaded it and right-click scanned it. So I am assuming that it was fixed in the cloud?

    Bottom line, having 6 different ways to address a FP seems like it should be sufficient to me :cautious: and I think I will be able personally to get over my desire to have a FP sub-forum. :cool:
     
  22. SweX

    SweX Registered Member

    Joined:
    Apr 21, 2007
    Posts:
    6,429
    Yes indeed, He the man behind the mask is really great that's for sure :cool:


    Instead of creating a new thread I will ask this silly question in here.

    And that is that I have been wondering for a long time about how many Servers the entire Prevx Cloud is based on?

    Sorry for my curiosity:D
     
    Last edited: Feb 8, 2011
  23. TerryWood

    TerryWood Registered Member

    Joined:
    Jan 14, 2006
    Posts:
    703
    Hi

    I reported (in exaspiration) a false positive in this forum within the last three days. An obvious one Sumatra.exe. It was closed down (the thread) by the moderator, because he claimed that the false positive had been resolved several hours earlier.

    Yet my Safeonline was still picking the false positive up at the time the thread was closed.

    I am a reasonable guy, not a PrevX basher not a fan boy of any faction. I make my own judgements. Yet Prevx SafeOnline does have a problem based on my experience with false positives. ( I REPEAT IN MY EXPERIENCE).

    From what I have seen in this forum (IN MY OPINION) the moderators/PrevX Help are more than a tad too quick to close down posts involving again FALSE POSITIVES. And are less than willing to accept the notion that false positives are an issue.

    What do I mean by False positives being an issue? When there are are a repetitive number of experiences of files/file types being identified as FPs downloaded from reputable sources which in no way should be diagnosed as malware.

    There are so many examples of posters reporting FPs, that it is disappointing in the extreme that PrevX/Mods do not listen. Even appear to censor. YES CENSOR.

    Don't believe me? Just read all the threads and premature closures.

    There is a problem!

    There are two problems!

    1) False Positives.

    2) PrevX/ Mods applying control.

    Sorry, thats how I see it.

    Terry
     
  24. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,057
    Location:
    North Carolina
    oh dear me, I have tried so hard to avoid this thread but, Bud got the better of me.

    If my car overheats, do I call my salesperson?
    If my cat throws up, do I call the cat food vendor?
    If my tooth aches, do I call Colgate?

    This is a forum to discuss the Prevx product. It isnt the repair shop, or the vet, or my dentist. People are halfway making the right determination but failing to see the other half.

    If I own something and it needs a fixing, I am going straight to the top if needed.

    Moral of mindless rant. All products have FPs. To fix them with Prevx you submit a support ticket at their site. I have used this on several occasions and what is cool, their support site keeps a record of all your submitted tickets and you can go back to them if needed. You can post it here, but that is only going to get you halfway. Joe, poops and sleeps like the rest of us ,so it may be awhile before your issue is addressed.

    All I saying is that if you dont do it the right way, dont complain. I will agree that locking threads is actually considered rude in webworld, but in the case of Prevx, once it is submitted and Joe wakes up and sees it, it really is closed. Oh well, hopefully this helps.;)
     
  25. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    :thumb: Fantastically said! :thumb:
     
Thread Status:
Not open for further replies.