UPDATE: sorry no serials left!!!

 

 

 

The friendly people at prevx.com gave some keys to give away as a reward for putting up the banner of their product.

What is prevx?

File and Process Scan Engine This module scans both file based and memory based code. It includes a powerful mix of 7 signature combinations – 3 are focused on specifically identifying unique code objects; the other 4 signatures track family ties and similarities in the underlying functionality of the objects. Using the File and Process Scan Engine, the Prevx 2.0 agent builds and maintains a local inventory of code installed (in existence) on a client system. This local inventory enables the agent to rapidly identify that new code has been introduced onto the client. When a new code object is seen on a client system the Prevx 2.0 agent will immediately attempt to verify its status with the Community Watch Controller by reporting seven distinct signatures for that object. These are checked against a database describing more than 100 million objects. This check results in one of four possible states – safe, unsafe, known but undetermined and unknown. If an object is unknown, meaning it is the first time that specific code has been seen anywhere within the community, the agent can be configured to block any attempt to execute it. In the event that this option is not configured, then before any new code is allowed to be executed it is referred for analysis by the Malware Virtualization module.

Malware Virtualization

Allowing new code to run always represents a possible security threat. The Prevx 2.0 Malware Virtualization module allows the agent to gain an insightful preview of an object’s behavior while avoiding the risks of execution. The virtualization process exposes many of the behaviors that would be observed during real execution. These rich behaviors collated during the virtualization process are immediately reported to the Community Watch Controller and are merged with any ‘real’ observed behaviors gathered about that object from other clients/sources.

The virtualization process allows the Prevx 2.0 agent to identify the naked form of an object by defeating many of the obfuscation techniques that make today’s malware invisible to conventional signature based security products.

Behavioral Monitoring

Whenever a program is allowed to execute in the client environment, the Prevx 2.0 Agent will observe its behavior in detail. Around 300 different behaviors are monitored by the agent. These are soft and extensible, meaning that new behaviors can be remotely configured without changes to the agent software.

All behaviors captured by the Prevx 2.0 agent are reported to the Community Watch Controller where they are aggregated with other events for that program drawn from the entire community and including data from the malware virtualization process.

Agent Heuristics

The agent includes a powerful heuristics engine which is capable of mirroring some of the community based heuristics. However, this module is rarely configured because community based behavioral analysis has proven to be significantly more effective at early detection of new malware with greatly reduced risks of false positives.

TCP Packet Inspection

The Prevx 2.0 agent includes a TCP packet analyzer which is capable of tracking the behavior of any web page or URL. This includes a record of the DNS resolution of configured web sites and the relationship between any URL and the creation of code objects.

This information is reported to the Community Watch Controller where it is aggregated and correlated with other object behaviors.

Malware Removal and Cleanup

Prevx 2.0 includes a powerful, generic, malware removal and cleanup capability. This works in combination with the behavioral monitoring module which is used to implement dynamic ‘lock down’ policies that prevent an object’s attempts to persist during the removal process. The cleanup process also removes all executable elements of an infection including persistent registry entries.