What's up EraserHW and Prevxhelp is there an issue in this forum?

Discussion in 'Prevx Releases' started by overangry, Feb 5, 2011.

Thread Status:
Not open for further replies.
  1. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    Curiosity is always appreciated :) However, I'm not entirely sure anymore. We have many data centers worldwide, each hosting several servers, to give location-based responses as quickly as possible. Additionally, we've begun adding Amazon servers as well into the mix to provide even more global redundancy and faster responses.

    Sorry for the imprecise answer but we have a lot - exactly how many... I'm not sure :)
     
  2. Baldrick

    Baldrick Registered Member

    Joined:
    May 11, 2002
    Posts:
    2,600
    Location:
    South Wales, UK
    Hi Joe

    Was aware of the "Report as a false positive" and use it but as there is no acknowledgement or indication of this being successful I was not sure as to its effectiveness. In terms of double clicking the item, etc., I was certainly not aware of that but will try it out next time as to me that approach is the most direct and therefore the best...and effectively IMHO negates the grumbles about reporting FPs.

    Well, you learn something new everyday, eh? ;)
     
  3. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    True, it doesn't notify you, but to clarify - it responds immediately to our database and then tells our database on every subsequent scan that the file was overridden just to ensure that it really knows :) That is definitely the most accurate way to get a report sent up to us as there is no way for an email to get lost in cyberspace or to have me miss a message on here if I'm offline for more than a few hours ;)
     
  4. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,102
    Location:
    North Carolina USA

    Baldrick, may your cats car never have a toothache.;)
     
  5. vojta

    vojta Registered Member

    Joined:
    Feb 26, 2010
    Posts:
    830
    Deleting posts is censorship, closing threads isn't, more so when everybody knows what's this forum policy. One could not agree with it, but if you want to participate you must accept a forum's rules because they use to be private enterprises.

    For example, I don't agree with Wilders' policy of considering four letters words as "obscenities" that have to be deleted, while software robbery is seen as a normal thing. In the forum I use to post more it's the other way around, you can use any word you want except "warez". People that is known to use cracked software is automaticaly banned there.

    About the "false positives" thread, it really has no use if FPs are supposed to be corrected automatically after being reported. I guess those cases when a false positive is reported and not corrected should go directly to the Prevx "Bugs" Reports thread. That would spare us all a lot of stress and a couple of ocasional scareware trolls.
     
  6. The Hammer

    The Hammer Registered Member

    Joined:
    May 12, 2005
    Posts:
    5,751
    Location:
    Toronto Canada
    I haven't seen this question by overangry answered yet. "If I report a file as a FP is my system automatically marked as clean? I may be wrong, it could well be malware."
     
  7. overangry

    overangry Registered Member

    Joined:
    Apr 4, 2009
    Posts:
    309
    None taken, as I said if you had read the post you would have realized FP's were not the issue. You are a great help to many on this forum, as are you EraserHW

    Now my 5 cents.
    I also prefer the occasional FP over an infection, I personaly have not experienced many FP from Prevx.

    That said, I hope this post doesn't get censored or removed as you are all only doing your jobs:D

    With regards to opera.dll, I encountered it on 6th Feb. other members who posted in this and other threads encountered this FP up-to or more than 24hrs earlier.

    QUESTION:
    Am I correct in assuming Prevx research has been aware of this FP since the 26th of Jan. that's 11 days.
    If this is the case, then are you not better off reporting the FP here and having it corrected in minutes.

    It seems Prevx research not only doesn't read these posts, but also neglects other material.

    Again FP's should be dealt with quickly, however you decide to go about it:thumb:
     

    Attached Files:

  8. overangry

    overangry Registered Member

    Joined:
    Apr 4, 2009
    Posts:
    309
    ditto
     
  9. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    No, the file was first seen 11 days ago but the false positive was introduced (because of an overly-heuristic rule) and fixed within a matter of a few hours on Feb 6th. The first report that we got to report@prevxresearch.com was 4 hours before when I saw the thread here and by the time I did, the false positive was already fixed.

    Regarding reporting a file as a false positive - when you report a file as a false positive, it will be marked as 'allowed' on the local PC. If you are reporting a file you think might be a false positive but aren't sure, we recommend writing into our support inbox rather than report it locally.
     
  10. overangry

    overangry Registered Member

    Joined:
    Apr 4, 2009
    Posts:
    309
    Thanks for the clarification.
     
  11. Rivalen

    Rivalen Registered Member

    Joined:
    Oct 18, 2005
    Posts:
    413
    Hello Joe, thanks for taking the time to answer everything in a thread about false positives. Since you say you have such full control over FPs.
    -How many false positives does paying customers have in average over a period of say one year?

    Another matter that relates to the forum or no forum question. When our company had big problems with our AV vendor last autumn I did not dare to suggest we should look into Prevx as an alternativ since I didnt know where to look - a forum? - to see a two sided interaction between vendor and customer to see if the product - Prevx Business - had problems or seemed to run smoothly.

    I bought Prevx due to this forum and your ways about things and customers phraising it. I am not saying we should have a FP forum as long as we have an open discusssion. But if you have had a forum for the businessversion the company I work for might have been your customers now - who knows.

    I guess the possibility to look into, and out from, the vendor is the purpose of a forum which properly managed - as this forum is - can create new business.

    Once again thank you for all your efforts - truly great!

    Best Regards
     
  12. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    The average customer has zero FPs. Mathematically speaking, there is a very small fraction of a percent but it is extremely close to zero. Almost all of the FPs that I've seen in the last year have been seen by only two or three users. If a user raises their heuristic settings then they will definitely have more FPs but the average user who just installs and leaves the settings at their defaults will have a very seamless experience.

    (Note that this is not counting tools like NirSoft utilities or leaktests which users report as FPs, although those are only used by a small fraction of technical users)
     
  13. SweX

    SweX Registered Member

    Joined:
    Apr 21, 2007
    Posts:
    6,429
    Interesting, I thought you just had your building and Server center in Derby.
    (I've located the building on Google-Maps it even has a nice blue? Prevx Logo on it ;) )

    That's great :thumb:

    No need to be sorry. You have been more than helpful just as usual.

    Thank you.
     
  14. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    No, none of our servers are in our office (except for a nice array of test servers that we pummel with malware for testing :))
     
  15. SweX

    SweX Registered Member

    Joined:
    Apr 21, 2007
    Posts:
    6,429
    I see. You got any data center I Scandinavia?
    (Now I'm being way too curious again:oops: )
     
  16. shadek

    shadek Registered Member

    Joined:
    Feb 26, 2008
    Posts:
    2,538
    Location:
    Sweden
    If they're migrating to have some servers in the Amazon cloud, I heavily suspect they'll have a data center close by Scandinavia. Not sure what it's like at this very moment though.
     
  17. SweX

    SweX Registered Member

    Joined:
    Apr 21, 2007
    Posts:
    6,429
    I'm not sure at all since we haven't talked about where the Prevx Data Centers are located before ;)
     
  18. iNsuRRecTioN

    iNsuRRecTioN Registered Member

    Joined:
    Sep 5, 2003
    Posts:
    303
    Location:
    Germany

    Ok these two have to be improved in the upcoming P4.

    Beginners and novices have to be notified in the Prevx GUI that the fp is successfully sended to the cloud backend, in order that the user can be sure, everything is fine and it worked.

    Without a visual feedback, the user is unsure if the fp notification is working correctly.

    Prevx GUI simply says IGNORED, which is not good.

    regards,

    iNsuRRecTiON
     
  19. x942

    x942 Guest

    IMHO PrevX has the least amount of FPs. This is with settings at max and the only FPs I have seen are the hacking tools I use for pen-testing and some anti-forensics tools I also use for pen-testing. That said there are only a handful of windows tools I use for pentesting (like Cain and Abel and NirSoft) the rest relays on BackTrack but that's off topic now :p

    The other thing I like is the fast response to FPs and makes me want to buy the full PrevX (Using SO). Thanks for all the hard work!
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.